From c95908da39a95ba8dd66becead90d2a42d2f73e1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 05:18:02 +0000 Subject: [PATCH] build(deps): update dependency github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus to v0.14.0 --- monitoring/jsonnetfile.json | 2 +- monitoring/jsonnetfile.lock.json | 11 +- monitoring/vendor/bases | 1 - ...g-deprecated-metrics-relabelings.libsonnet | 2 +- .../kube-prometheus/addons/pyrra.libsonnet | 5 +- .../addons/user-facing-roles.libsonnet | 67 +++++++ .../weave-net/grafana-weave-net-cluster.json | 2 +- .../addons/windows-hostprocess.libsonnet | 2 +- .../components/alertmanager.libsonnet | 2 + .../components/blackbox-exporter.libsonnet | 4 +- .../components/grafana.libsonnet | 3 + .../components/k8s-control-plane.libsonnet | 179 +++++++++++++----- .../components/kube-rbac-proxy.libsonnet | 1 + .../components/kube-state-metrics.libsonnet | 5 +- .../components/node-exporter.libsonnet | 3 +- .../components/prometheus-adapter.libsonnet | 2 + .../components/prometheus-operator.libsonnet | 3 + .../components/prometheus.libsonnet | 9 +- .../jsonnet/kube-prometheus/jsonnetfile.json | 27 +-- .../jsonnet/kube-prometheus/main.libsonnet | 6 +- .../jsonnet/kube-prometheus/versions.json | 20 +- .../pyrra.dev_servicelevelobjectives.yaml | 170 ----------------- .../pyrra.dev_servicelevelobjectives.json | 89 +++++++-- 23 files changed, 341 insertions(+), 274 deletions(-) delete mode 120000 monitoring/vendor/bases create mode 100644 monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet delete mode 100644 monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.yaml rename monitoring/vendor/github.com/pyrra-dev/pyrra/{config/crd/bases => jsonnet/controller-gen}/pyrra.dev_servicelevelobjectives.json (74%) diff --git a/monitoring/jsonnetfile.json b/monitoring/jsonnetfile.json index b8a59c0a1..106413ef0 100644 --- a/monitoring/jsonnetfile.json +++ b/monitoring/jsonnetfile.json @@ -8,7 +8,7 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "v0.13.0" + "version": "v0.14.0" }, { "source": { diff --git a/monitoring/jsonnetfile.lock.json b/monitoring/jsonnetfile.lock.json index 0b75a0abb..07162aee2 100644 --- a/monitoring/jsonnetfile.lock.json +++ b/monitoring/jsonnetfile.lock.json @@ -98,8 +98,8 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "2648d6fc4e5fb1f98c2914aa2be902476e68cc7a", - "sum": "KM1GoEgctKimA+J9bc0wGN2ilsEc4Wg7VYsdy6q/yV4=" + "version": "e02554298cb62b5533f3407c8eacc664e80bc74b", + "sum": "rb4JfqlgwCele2bT+eyxkDjFTH+oQUgqPJYhM2yQYAo=" }, { "source": { @@ -158,11 +158,12 @@ "source": { "git": { "remote": "https://github.com/pyrra-dev/pyrra.git", - "subdir": "config/crd/bases" + "subdir": "jsonnet/controller-gen" } }, - "version": "551856d42dff02ec38c5b0ea6a2d99c4cb127e82", - "sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g=" + "version": "d723f4d1a066dd657e9d09c46a158519dda0faa8", + "sum": "cxAPQovFkM16zNB5/94O+sk/n3SETk6ao6Oas2Sa6RE=", + "name": "pyrra" }, { "source": { diff --git a/monitoring/vendor/bases b/monitoring/vendor/bases deleted file mode 120000 index 8e97768e3..000000000 --- a/monitoring/vendor/bases +++ /dev/null @@ -1 +0,0 @@ -github.com/pyrra-dev/pyrra/config/crd/bases \ No newline at end of file diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet index d390d61f3..e778c8451 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet @@ -14,7 +14,7 @@ // Drop all apiserver metrics which are deprecated in kubernetes. { sourceLabels: ['__name__'], - regex: 'apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers|storage_db_total_size_in_bytes)', + regex: 'apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers|storage_db_total_size_in_bytes|flowcontrol_request_concurrency_limit|flowcontrol_request_concurrency_in_use)', action: 'drop', }, // Drop all docker metrics which are deprecated in kubernetes. diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/pyrra.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/pyrra.libsonnet index 1980b2200..c265d5090 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/pyrra.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/pyrra.libsonnet @@ -37,7 +37,7 @@ _config:: defaults + params, crd: ( - import 'github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.json' + import 'github.com/pyrra-dev/pyrra/jsonnet/controller-gen/pyrra.dev_servicelevelobjectives.json' ), @@ -80,6 +80,9 @@ securityContext: { allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, + runAsNonRoot: true, + capabilities: { drop: ['ALL'] }, + seccompProfile: { type: 'RuntimeDefault' }, }, }; diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet new file mode 100644 index 000000000..423db8965 --- /dev/null +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet @@ -0,0 +1,67 @@ +// user facing roles for monitors, probe, and rules +// ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles +{ + prometheusOperator+: { + local po = self, + clusterRoleView: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: po._metadata { + name: 'monitoring-view', + namespace:: null, + labels+: { + 'rbac.authorization.k8s.io/aggregate-to-view': 'true', + }, + }, + rules: [ + { + apiGroups: [ + 'monitoring.coreos.com', + ], + resources: [ + 'podmonitors', + 'probes', + 'prometheusrules', + 'servicemonitors', + ], + verbs: [ + 'get', + 'list', + 'watch', + ], + }, + ], + }, + clusterRoleEdit: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: po._metadata { + name: 'monitoring-edit', + namespace:: null, + labels+: { + 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', + }, + }, + rules: [ + { + apiGroups: [ + 'monitoring.coreos.com', + ], + resources: [ + 'podmonitors', + 'probes', + 'prometheusrules', + 'servicemonitors', + ], + verbs: [ + 'create', + 'delete', + 'deletecollection', + 'patch', + 'update', + ], + }, + ], + }, + }, +} diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json index 7d52f1742..102269f0b 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json @@ -3135,7 +3135,7 @@ ], "targets": [ { - "expr": "sort_desc(floor(label_replace(max by(node) (max by(instance) (kubelet_running_pod_count{job=\"kubelet\",metrics_path=\"/metrics\"}) * on(instance) group_left(node) kubelet_node_name{job=\"kubelet\",metrics_path=\"/metrics\"}) / max by(node) (kube_node_status_capacity_pods{job=\"kube-state-metrics\"}) , \"node_ip\", \"$1.$2.$3.$4\", \"node\", \"^ip-([0-9]+)-([0-9]+)-([0-9]+)-([0-9]+).*$\") * 100))", + "expr": "sort_desc(floor(label_replace(max by(node) (max by(instance) (kubelet_running_pod_count{job=\"kubelet\",metrics_path=\"/metrics\"}) * on(instance) group_left(node) kubelet_node_name{job=\"kubelet\",metrics_path=\"/metrics\"}) / max by(node) (kube_node_status_capacity{resource=\"pods\",unit=\"integer\",job=\"kube-state-metrics\"}) , \"node_ip\", \"$1.$2.$3.$4\", \"node\", \"^ip-([0-9]+)-([0-9]+)-([0-9]+)-([0-9]+).*$\") * 100))", "format": "time_series", "hide": false, "instant": true, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows-hostprocess.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows-hostprocess.libsonnet index 37d82ed0c..d4929d95d 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows-hostprocess.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/addons/windows-hostprocess.libsonnet @@ -8,7 +8,7 @@ local defaults = { name:: 'windows-exporter', namespace:: error 'must provide namespace', version:: error 'must provide version', - image:: error 'must provide version', + image:: error 'must provide image', resources:: { requests: { cpu: '300m', memory: '200Mi' }, limits: { memory: '200Mi' }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 364b1a359..1faf0609c 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -60,6 +60,7 @@ local defaults = { ], }, replicas: 3, + secrets: [], mixin:: { ruleLabels: {}, _config: { @@ -225,6 +226,7 @@ function(params) { }, resources: am._config.resources, nodeSelector: { 'kubernetes.io/os': 'linux' }, + secrets: am._config.secrets, serviceAccountName: am.serviceAccount.metadata.name, securityContext: { runAsUser: 1000, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index cd3caa312..2db244c40 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -6,7 +6,7 @@ local defaults = { // If there is no CRD for the component, everything is hidden in defaults. namespace:: error 'must provide namespace', version:: error 'must provide version', - image:: error 'must provide version', + image:: error 'must provide image', resources:: { requests: { cpu: '10m', memory: '20Mi' }, limits: { cpu: '20m', memory: '40Mi' }, @@ -183,6 +183,7 @@ function(params) { } else { runAsNonRoot: true, runAsUser: 65534, + runAsGroup: 65534, allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, capabilities: { drop: ['ALL'] }, @@ -205,6 +206,7 @@ function(params) { securityContext: { runAsNonRoot: true, runAsUser: 65534, + runAsGroup: 65534, allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, capabilities: { drop: ['ALL'] }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet index f002e3c74..72aec9241 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -116,6 +116,9 @@ function(params) template+: { spec+: { automountServiceAccountToken: false, + securityContext+: { + runAsGroup: 65534, + }, }, }, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet index a771e95db..c7fd3b419 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -71,13 +71,30 @@ function(params) { }, spec: { jobLabel: 'app.kubernetes.io/name', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { insecureSkipVerify: true }, - }], + endpoints: [ + { + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { insecureSkipVerify: true }, + }, + { + port: 'https-metrics', + interval: '5s', + scheme: 'https', + path: '/metrics/slis', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { insecureSkipVerify: true }, + metricRelabelings: [ + { + sourceLabels: ['__name__'], + regex: 'process_start_time_seconds', + action: 'drop', + }, + ], + }, + ], selector: { matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, }, @@ -174,6 +191,27 @@ function(params) { targetLabel: 'metrics_path', }], }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/slis', + interval: '5s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [ + { + action: 'replace', + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }, + { + sourceLabels: ['__name__'], + regex: 'process_start_time_seconds', + action: 'drop', + }, + ], + }, ], selector: { matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, @@ -193,22 +231,41 @@ function(params) { }, spec: { jobLabel: 'app.kubernetes.io/name', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, + endpoints: [ + { + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|request|server).*', + action: 'drop', + }, + ], }, - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|request|server).*', - action: 'drop', + { + port: 'https-metrics', + interval: '5s', + scheme: 'https', + path: '/metrics/slis', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, }, - ], - }], + metricRelabelings: [ + { + sourceLabels: ['__name__'], + regex: 'process_start_time_seconds', + action: 'drop', + }, + ], + }, + ], selector: { matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, }, @@ -236,38 +293,58 @@ function(params) { namespaceSelector: { matchNames: ['default'], }, - endpoints: [{ - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - serverName: 'kubernetes', - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|server).*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_step_admission_latencies_seconds_.*', - action: 'drop', + endpoints: [ + { + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + serverName: 'kubernetes', }, - { - sourceLabels: ['__name__', 'le'], - regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', - action: 'drop', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|server).*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_step_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__', 'le'], + regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', + action: 'drop', + }, + ], + }, + { + port: 'https', + interval: '5s', + scheme: 'https', + path: '/metrics/slis', + tlsConfig: { + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + serverName: 'kubernetes', }, - ], - }], + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: [ + { + sourceLabels: ['__name__'], + regex: 'process_start_time_seconds', + action: 'drop', + }, + ], + }, + ], }, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet index bb1c15a2e..7055c3089 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet @@ -63,5 +63,6 @@ function(params) { allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, capabilities: { drop: ['ALL'] }, + seccompProfile: { type: 'RuntimeDefault' }, }, } diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index a58c738f3..1535877ed 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -7,7 +7,7 @@ local defaults = { name:: 'kube-state-metrics', namespace:: error 'must provide namespace', version:: error 'must provide version', - image:: error 'must provide version', + image:: error 'must provide image', kubeRbacProxyImage:: error 'must provide kubeRbacProxyImage', resources:: { requests: { cpu: '10m', memory: '190Mi' }, @@ -164,6 +164,9 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- ports:: null, livenessProbe:: null, readinessProbe:: null, + securityContext+: { + runAsGroup: 65534, + }, args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], resources: ksm._config.resources, }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet index ae2d04d7a..21aa9e285 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -7,7 +7,7 @@ local defaults = { name:: 'node-exporter', namespace:: error 'must provide namespace', version:: error 'must provide version', - image:: error 'must provide version', + image:: error 'must provide image', kubeRbacProxyImage:: error 'must provide kubeRbacProxyImage', resources:: { requests: { cpu: '102m', memory: '180Mi' }, @@ -295,6 +295,7 @@ function(params) { serviceAccountName: ne._config.name, priorityClassName: 'system-cluster-critical', securityContext: { + runAsGroup: 65534, runAsUser: 65534, runAsNonRoot: true, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 78541d2c3..af8172627 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -280,7 +280,9 @@ function(params) { securityContext: { allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, + runAsNonRoot: true, capabilities: { drop: ['ALL'] }, + seccompProfile: { type: 'RuntimeDefault' }, }, }; diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index 5c0c96c69..104d76a8b 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -163,6 +163,9 @@ function(params) template+: { spec+: { automountServiceAccountToken: true, + securityContext+: { + runAsGroup: 65534, + }, containers+: [kubeRbacProxy], }, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet index 5532f532c..8aaad02ae 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -175,7 +175,10 @@ function(params) { ] + ( if p._config.thanos != null then - [{ name: 'grpc', port: 10901, targetPort: 10901 }] + [ + { name: 'grpc', port: 10901, targetPort: 10901 }, + { name: 'http', port: 10902, targetPort: 10902 }, + ] else [] ), selector: p._config.selectorLabels, @@ -220,7 +223,7 @@ function(params) { verbs: ['get'], }, { - nonResourceURLs: ['/metrics'], + nonResourceURLs: ['/metrics', '/metrics/slis'], verbs: ['get'], }, ], @@ -340,6 +343,8 @@ function(params) { probeNamespaceSelector: {}, ruleNamespaceSelector: {}, ruleSelector: p._config.ruleSelector, + scrapeConfigSelector: {}, + scrapeConfigNamespaceSelector: {}, serviceMonitorSelector: {}, serviceMonitorNamespaceSelector: {}, nodeSelector: { 'kubernetes.io/os': 'linux' }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json index 133117d09..0eea871a7 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/jsonnetfile.json @@ -17,7 +17,7 @@ "subdir": "grafana-mixin" } }, - "version": "v10.1.0", + "version": "release-11.2.0", "name": "grafana-mixin" }, { @@ -27,7 +27,7 @@ "subdir": "contrib/mixin" } }, - "version": "60051be9908649b1a0f2d000dc75b3bd0822d53c" + "version": "release-3.5" }, { "source": { @@ -36,7 +36,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "v0.67.1" + "version": "release-0.76" }, { "source": { @@ -45,7 +45,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "v0.67.1", + "version": "release-0.76", "name": "prometheus-operator-mixin" }, { @@ -55,7 +55,7 @@ "subdir": "" } }, - "version": "63337d921db856bbcd2e91814a0ac90c250410d6" + "version": "50150c585ebee6e4d9cb72218182da8f3c616515" }, { "source": { @@ -64,7 +64,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "v2.9.2" + "version": "release-2.13" }, { "source": { @@ -73,7 +73,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "v2.9.2" + "version": "release-2.13" }, { "source": { @@ -82,7 +82,7 @@ "subdir": "docs/node-mixin" } }, - "version": "master" + "version": "release-1.8" }, { "source": { @@ -91,7 +91,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "v2.46.0", + "version": "release-2.54", "name": "prometheus" }, { @@ -101,17 +101,18 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "v0.26.0", + "version": "release-0.27", "name": "alertmanager" }, { "source": { "git": { "remote": "https://github.com/pyrra-dev/pyrra.git", - "subdir": "config/crd/bases" + "subdir": "jsonnet/controller-gen" } }, - "version": "v0.6.4" + "version": "v0.7.7", + "name": "pyrra" }, { "source": { @@ -120,7 +121,7 @@ "subdir": "mixin" } }, - "version": "v0.32.2", + "version": "release-0.36", "name": "thanos-mixin" } ], diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet index 3405c8f3e..d8aa5028a 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/main.libsonnet @@ -47,7 +47,7 @@ local utils = import './lib/utils.libsonnet'; prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy:v' + $.values.common.versions.kubeRbacProxy, - configmapReload: 'jimmidyson/configmap-reload:v' + $.values.common.versions.configmapReload, + configmapReload: 'ghcr.io/jimmidyson/configmap-reload:v' + $.values.common.versions.configmapReload, }, }, alertmanager: { @@ -150,6 +150,10 @@ local utils = import './lib/utils.libsonnet'; kind: 'Namespace', metadata: { name: $.values.common.namespace, + labels: { + 'pod-security.kubernetes.io/warn': 'privileged', + 'pod-security.kubernetes.io/warn-version': 'latest', + }, }, }, }, diff --git a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json index 195a58163..64cb4e4f6 100644 --- a/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json +++ b/monitoring/vendor/github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus/versions.json @@ -1,13 +1,13 @@ { - "alertmanager": "0.26.0", - "blackboxExporter": "0.24.0", - "grafana": "9.5.3", - "kubeStateMetrics": "2.9.2", - "nodeExporter": "1.6.1", - "prometheus": "2.46.0", - "prometheusAdapter": "0.11.1", - "prometheusOperator": "0.67.1", - "kubeRbacProxy": "0.14.2", - "configmapReload": "0.5.0", + "alertmanager": "0.27.0", + "blackboxExporter": "0.25.0", + "grafana": "11.2.0", + "kubeStateMetrics": "2.13.0", + "nodeExporter": "1.8.2", + "prometheus": "2.54.1", + "prometheusAdapter": "0.12.0", + "prometheusOperator": "0.76.2", + "kubeRbacProxy": "0.18.1", + "configmapReload": "0.13.1", "pyrra": "0.6.4" } diff --git a/monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.yaml b/monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.yaml deleted file mode 100644 index 1bb197112..000000000 --- a/monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.yaml +++ /dev/null @@ -1,170 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: servicelevelobjectives.pyrra.dev -spec: - group: pyrra.dev - names: - kind: ServiceLevelObjective - listKind: ServiceLevelObjectiveList - plural: servicelevelobjectives - shortNames: - - slo - singular: servicelevelobjective - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ServiceLevelObjective is the Schema for the ServiceLevelObjectives - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceLevelObjectiveSpec defines the desired state of ServiceLevelObjective. - properties: - alerting: - description: Alerting customizes the alerting rules generated by Pyrra. - properties: - disabled: - description: Disabled is used to disable the generation of alerts. - Recording rules are still generated. - type: boolean - name: - description: Name is used as the name of the alert generated by - Pyrra. Defaults to "ErrorBudgetBurn". - type: string - type: object - description: - description: Description describes the ServiceLevelObjective in more - detail and gives extra context for engineers that might not directly - work on the service. - type: string - indicator: - description: ServiceLevelIndicator is the underlying data source that - indicates how the service is doing. This will be a Prometheus metric - with specific selectors for your service. - properties: - bool_gauge: - description: BoolGauge is the indicator that measures wheter a - boolean gauge is successul. - properties: - grouping: - description: Total is the metric that returns how many requests - there are in total. - items: - type: string - type: array - metric: - type: string - required: - - grouping - - metric - type: object - latency: - description: Latency is the indicator that measures a certain - percentage to be fast than. - properties: - grouping: - description: Grouping allows an SLO to be defined for many - SLI at once, like HTTP handlers for example. - items: - type: string - type: array - success: - description: Success is the metric that returns how many errors - there are. - properties: - metric: - type: string - required: - - metric - type: object - total: - description: Total is the metric that returns how many requests - there are in total. - properties: - metric: - type: string - required: - - metric - type: object - required: - - success - - total - type: object - ratio: - description: Ratio is the indicator that measures against errors - / total events. - properties: - errors: - description: Errors is the metric that returns how many errors - there are. - properties: - metric: - type: string - required: - - metric - type: object - grouping: - description: Grouping allows an SLO to be defined for many - SLI at once, like HTTP handlers for example. - items: - type: string - type: array - total: - description: Total is the metric that returns how many requests - there are in total. - properties: - metric: - type: string - required: - - metric - type: object - required: - - errors - - total - type: object - type: object - target: - description: 'Target is a string that''s casted to a float64 between - 0 - 100. It represents the desired availability of the service in - the given window. float64 are not supported: https://github.com/kubernetes-sigs/controller-tools/issues/245' - type: string - window: - description: Window within which the Target is supposed to be kept. - Usually something like 1d, 7d or 28d. - type: string - required: - - indicator - - target - - window - type: object - status: - description: ServiceLevelObjectiveStatus defines the observed state of - ServiceLevelObjective. - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.json b/monitoring/vendor/github.com/pyrra-dev/pyrra/jsonnet/controller-gen/pyrra.dev_servicelevelobjectives.json similarity index 74% rename from monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.json rename to monitoring/vendor/github.com/pyrra-dev/pyrra/jsonnet/controller-gen/pyrra.dev_servicelevelobjectives.json index 8b87398a7..ff212be0a 100644 --- a/monitoring/vendor/github.com/pyrra-dev/pyrra/config/crd/bases/pyrra.dev_servicelevelobjectives.json +++ b/monitoring/vendor/github.com/pyrra-dev/pyrra/jsonnet/controller-gen/pyrra.dev_servicelevelobjectives.json @@ -3,7 +3,7 @@ "kind": "CustomResourceDefinition", "metadata": { "annotations": { - "controller-gen.kubebuilder.io/version": "v0.8.0" + "controller-gen.kubebuilder.io/version": "v0.11.1" }, "creationTimestamp": null, "name": "servicelevelobjectives.pyrra.dev" @@ -22,6 +22,28 @@ "scope": "Namespaced", "versions": [ { + "additionalPrinterColumns": [ + { + "jsonPath": ".spec.window", + "name": "Window", + "type": "string" + }, + { + "jsonPath": ".spec.target", + "name": "Target", + "type": "string" + }, + { + "jsonPath": ".status.type", + "name": "Type", + "type": "string" + }, + { + "jsonPath": ".metadata.creationTimestamp", + "name": "Age", + "type": "date" + } + ], "name": "v1alpha1", "schema": { "openAPIV3Schema": { @@ -44,6 +66,14 @@ "alerting": { "description": "Alerting customizes the alerting rules generated by Pyrra.", "properties": { + "absent": { + "default": true, + "type": "boolean" + }, + "burnrates": { + "default": true, + "type": "boolean" + }, "disabled": { "description": "Disabled is used to disable the generation of alerts. Recording rules are still generated.", "type": "boolean" @@ -63,7 +93,7 @@ "description": "ServiceLevelIndicator is the underlying data source that indicates how the service is doing. This will be a Prometheus metric with specific selectors for your service.", "properties": { "bool_gauge": { - "description": "BoolGauge is the indicator that measures wheter a boolean gauge is successul.", + "description": "BoolGauge is the indicator that measures whether a boolean gauge is successful.", "properties": { "grouping": { "description": "Total is the metric that returns how many requests there are in total.", @@ -77,13 +107,12 @@ } }, "required": [ - "grouping", "metric" ], "type": "object" }, "latency": { - "description": "Latency is the indicator that measures a certain percentage to be fast than.", + "description": "Latency is the indicator that measures a certain percentage to be faster than the expected latency.", "properties": { "grouping": { "description": "Grouping allows an SLO to be defined for many SLI at once, like HTTP handlers for example.", @@ -123,6 +152,39 @@ ], "type": "object" }, + "latencyNative": { + "description": "LatencyNative is the indicator that measures a certain percentage to be faster than the expected latency. This uses the new native histograms in Prometheus.", + "properties": { + "grouping": { + "description": "Grouping allows an SLO to be defined for many SLI at once, like HTTP handlers for example.", + "items": { + "type": "string" + }, + "type": "array" + }, + "latency": { + "description": "Latency the requests should be faster than.", + "type": "string" + }, + "total": { + "description": "Total is the metric that returns how many requests there are in total.", + "properties": { + "metric": { + "type": "string" + } + }, + "required": [ + "metric" + ], + "type": "object" + } + }, + "required": [ + "latency", + "total" + ], + "type": "object" + }, "ratio": { "description": "Ratio is the indicator that measures against errors / total events.", "properties": { @@ -185,6 +247,12 @@ }, "status": { "description": "ServiceLevelObjectiveStatus defines the observed state of ServiceLevelObjective.", + "properties": { + "type": { + "description": "Type is the generated resource type, like PrometheusRule or ConfigMap", + "type": "string" + } + }, "type": "object" } }, @@ -192,16 +260,11 @@ } }, "served": true, - "storage": true + "storage": true, + "subresources": { + "status": {} + } } ] - }, - "status": { - "acceptedNames": { - "kind": "", - "plural": "" - }, - "conditions": [], - "storedVersions": [] } }