diff --git a/assets/rancher-monitoring/rancher-monitoring-103.0.1+up45.31.1.tgz b/assets/rancher-monitoring/rancher-monitoring-103.0.1+up45.31.1.tgz index 12e79eee4..9c281119c 100644 Binary files a/assets/rancher-monitoring/rancher-monitoring-103.0.1+up45.31.1.tgz and b/assets/rancher-monitoring/rancher-monitoring-103.0.1+up45.31.1.tgz differ diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/Chart.yaml index 37717239a..17cd780bd 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: hardenedKubelet type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedKubelet/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/Chart.yaml index 65748b2f7..867a53013 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: hardenedNodeExporter type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/hardenedNodeExporter/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/Chart.yaml index 900443d22..4933ffa02 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: k3sServer type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/k3sServer/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/Chart.yaml index 8eb4156f9..fcd4ec866 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: kubeAdmControllerManager type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmControllerManager/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/Chart.yaml index c153945f9..05f6e351d 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: kubeAdmEtcd type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmEtcd/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/Chart.yaml index 79524a94d..8b4a21b53 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: kubeAdmProxy type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmProxy/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/Chart.yaml index e30e02877..3cb4ad9ed 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: kubeAdmScheduler type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/kubeAdmScheduler/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/Chart.yaml index 4c1f509d9..78c6bebc7 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rke2ControllerManager type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2ControllerManager/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/Chart.yaml index f269d2cf9..74a702b7e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rke2Etcd type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Etcd/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/Chart.yaml index 3eb994425..650416de9 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rke2IngressNginx type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2IngressNginx/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/Chart.yaml index 78cd4a640..ec166dbb5 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rke2Proxy type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Proxy/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/Chart.yaml index a8550c7e9..656a4b696 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rke2Scheduler type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rke2Scheduler/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/Chart.yaml index 7d711ce5c..8de6d96d7 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rkeControllerManager type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeControllerManager/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/Chart.yaml index 2de5dc45f..db8acbd6a 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rkeEtcd type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeEtcd/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/Chart.yaml index 2327446fe..d7b33dede 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rkeIngressNginx type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeIngressNginx/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/Chart.yaml index 76b4033b2..8fc4ca02a 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rkeProxy type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeProxy/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/Chart.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/Chart.yaml index 544effb33..9b0966123 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/Chart.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/Chart.yaml @@ -6,9 +6,9 @@ annotations: catalog.rancher.io/namespace: cattle-monitoring-system catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 -appVersion: 0.1.1 +appVersion: 0.1.0 description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. name: rkeScheduler type: application -version: 103.0.0 +version: 0.1.6 diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/README.md b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/README.md index 345002f48..876450aa1 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/README.md +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/README.md @@ -55,15 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | | `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | | `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | | `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | @@ -87,4 +79,4 @@ The following tables list the configurable parameters of the rancher-pushprox ch *Tip: The filepaths set in `clients.https.File` can include wildcard characters*. -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/_helpers.tpl index 8e651dccf..395042a01 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/_helpers.tpl +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/_helpers.tpl @@ -68,10 +68,6 @@ provider: kubernetes {{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} {{- end -}} -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - {{- define "pushProxy.client.labels" -}} k8s-app: {{ template "pushProxy.client.name" . }} {{ template "pushProxy.commonLabels" . }} @@ -102,11 +98,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- define "pushProxy.serviceMonitor.endpoints" -}} {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} {{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} {{- $endpoints := .Values.serviceMonitor.endpoints }} {{- range $endpoints }} {{- if $.Values.proxy.enabled }} @@ -126,14 +117,8 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} {{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} {{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} +{{- $metricRelabelings := append (list ($clusterNameRelabel)) ($clusterIdRelabel) }} {{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} {{- if $useHTTPS -}} {{- if (hasKey . "params") }} {{- $_ := set (get . "params") "_scheme" (list "https") }} @@ -141,26 +126,6 @@ app: {{ template "pushprox.serviceMonitor.name" . }} {{- $_ := set . "params" (dict "_scheme" (list "https")) }} {{- end }} {{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} {{- end }} {{- toYaml $endpoints }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml index a8e27c373..5893ace18 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml @@ -42,18 +42,6 @@ metadata: namespace: {{ include "pushprox.namespace" . }} labels: {{ include "pushProxy.client.labels" . | nindent 4 }} --- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- {{- if .Values.global.cattle.psp.enabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -94,4 +82,4 @@ spec: readOnly: true {{- end }} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients.yaml index e8fcfb388..c26bc0eaf 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-clients.yaml @@ -35,10 +35,6 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-client image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} @@ -154,4 +150,4 @@ spec: - name: metrics-cert-dir emptyDir: {} {{- end }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-proxy.yaml index 723bbd6c0..6eafc19b6 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-proxy.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-proxy.yaml @@ -26,10 +26,6 @@ spec: {{ toYaml .Values.proxy.tolerations | indent 8 }} {{- end }} serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} containers: - name: pushprox-proxy image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} @@ -54,4 +50,4 @@ spec: protocol: TCP targetPort: {{ .Values.proxy.port }} selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml index 67eb2216b..c7d3f0e8e 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml @@ -42,4 +42,4 @@ spec: protocol: TCP targetPort: {{ .Values.metricsPort }} selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/values.yaml b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/values.yaml index 3925fb4d3..8d25737a0 100644 --- a/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/values.yaml +++ b/charts/rancher-monitoring/103.0.1+up45.31.1/charts/rkeScheduler/values.yaml @@ -75,29 +75,9 @@ clients: https: # Does the client require https to access the metrics? enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false # If set to true, the client will create a service account with adequate permissions and set a flag # on the client to use the service account token provided by it to make authorized scrape requests useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false # If set to true, the client will disable SSL security checks insecureSkipVerify: false # Directory on host where necessary TLS cert and key to scrape metrics can be found @@ -163,4 +143,4 @@ proxy: image: repository: rancher/pushprox-proxy tag: v0.1.0-rancher2-proxy - command: ["pushprox-proxy"] + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/index.yaml b/index.yaml index df5a175b9..14480ccca 100755 --- a/index.yaml +++ b/index.yaml @@ -12687,7 +12687,7 @@ entries: catalog.cattle.io/upstream-version: 45.31.1 apiVersion: v2 appVersion: v0.65.1 - created: "2023-11-21T18:08:45.266223Z" + created: "2023-12-10T00:36:24.508181Z" dependencies: - condition: grafana.enabled name: grafana @@ -12759,7 +12759,7 @@ entries: and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: e35c0a02a14a762a3b059de29ebf5c8f00c95ccd97f872ccf1072dcbaf897bc3 + digest: 6acf81e2286e0bc65a1a60bda2b27cb8319241c4b5fe1ea195659ed60a80e922 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: