As part of the Helm CRD installation process shown [here](43853ea772/pkg/action/install.go (L160-L162)), charts that both attempt to install CRDs and then install resources (e.g. `len(totalItems) > 0`) invalidate the cache and attempt to get the CRDs again to `Give time for the CRD to be recognized.` before continuing the Helm installation.
Because Monitoring V2 currently does not observe this invalidation and wait, flakey race conditions documented in issues like https://github.com/rancher/rancher/issues/32025 and https://github.com/rancher/rancher/issues/29171 can be caused. This commit introduces that invalidation process.
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.
Note: This does not need a packageVersion bump since it has already been bumped once for this release.
(cherry picked from commit 7ec1716f66)
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.
(cherry picked from commit 5392d84cf6)
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.
Note: This does not need a packageVersion bump since it has already been bumped once for this release.
(cherry picked from commit e5415e48de)
```bash
git fetch upstream
git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md
```
This overwrites the previous changes based on stuff currently in dev-v2.6-source today.
This commit removes packages/istio from the staging branch.
This has been a long-standing pending maintenance task and should not have any impact on the staging branch.
Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
This commit adds an nginx proxy in front of Prometheus that intercepts the requests that are sent to the Prometheus pod. This change was necessary since the Prometheus pod encounters issues with Rancher proxy URLs that are formatted like:
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy
```
Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g.
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/<my-path>
=>
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/<my-path>
```
However, this does not resolve the issue in https://github.com/rancher/rancher/issues/29068.
This commit adds an nginx proxy in front of Grafana that intercepts the requests that are sent to the Grafana pod. This change was necessary since the Grafana pod encounters issues with Rancher proxy URLs that are formatted like:
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy
```
Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g.
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path>
=>
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path>
```
This commit adds support for deploying rancher-monitoring into hardened clusters.
It modifies some of the default securityContexts and does some misc. fixes such as:
- Removing default AppArmor PSP annotations from Grafana (related to https://github.com/helm/charts/issues/9090)
- Modifying rkeScheduler and rkeControllerManager to use localhost to scrape components since the endpoints aren't exposed in a hardened cluster
These changes have been verified on a hardened RKE cluster.
This commit adds support for deploying rancher-pushprox into hardened clusters.
It introduces securityContexts and rearranges the RBAC in order to support a PodSecurityPolicy for the PushProx clients.
These changes have been verified on a hardened RKE cluster.
This commit renames `grafana-dashboards` to `cattle-dashboards` and deprecates the `grafana-datasources` namespace in favor of the normal release namespace.
Related Issue: rancher/rancher#28887
Jacob Payne
Arvind Iyengar
Donnie Adams
Arvind Iyengar
Darren Shepherd
Colleen Murphy
Colleen Murphy
Jiaqi Luo
dbason
Prachi Damle
Prachi Damle
Nick Gerace
actions
Daishan
rajashree
maggieliu
Steven Crespo
Brenda Rearden
Daishan Peng