feat(charts)!: Update Helm release grafana to 7.3.11 - autoclosed #2377

[grafana] Add serviceAccount.automountServiceAccountToken and document automountServiceAccountToken by @jkroepke in https://github.com/grafana/helm-charts/pull/2997

Full Changelog: grafana/helm-charts@grafana-agent-0.36.0...grafana-7.3.4

`v7.3.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Add value for pod.spec.automountServiceAccountToken by @jkroepke in https://github.com/grafana/helm-charts/pull/2991

Full Changelog: grafana/helm-charts@loki-distributed-0.78.3...grafana-7.3.3

`v7.3.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] autoMount set to false in values.yaml by @Sheikh-Abubaker in https://github.com/grafana/helm-charts/pull/2977

Full Changelog: grafana/helm-charts@grafana-7.3.1...grafana-7.3.2

`v7.3.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to version 10.3.3 by @Footur in https://github.com/grafana/helm-charts/pull/2965

Full Changelog: grafana/helm-charts@grafana-agent-0.33.0...grafana-7.3.1

`v7.3.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] app version to 10.3.1 by @nazimisik in https://github.com/grafana/helm-charts/pull/2936

New Contributors

@nazimisik made their first contribution in https://github.com/grafana/helm-charts/pull/2936

Full Changelog: grafana/helm-charts@promtail-6.15.5...grafana-7.3.0

`v7.2.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Allow prefix field in envFrom entries by @mario-steinhoff-gcx in https://github.com/grafana/helm-charts/pull/2934

Full Changelog: grafana/helm-charts@helm-loki-5.42.0...grafana-7.2.5

`v7.2.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix Chart.yaml - fix incorrect license #2882 by @arukiidou in https://github.com/grafana/helm-charts/pull/2909

Full Changelog: grafana/helm-charts@loki-stack-2.10.1...grafana-7.2.4

`v7.2.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Allow to customize empty dir volume by @YvesZelros in https://github.com/grafana/helm-charts/pull/2911

New Contributors

@YvesZelros made their first contribution in https://github.com/grafana/helm-charts/pull/2911

Full Changelog: grafana/helm-charts@grafana-7.2.2...grafana-7.2.3

`v7.2.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Don't fail assertNoLeakedSecrets check if a variable expansion operator is found by @bdalpe in https://github.com/grafana/helm-charts/pull/2904

New Contributors

@bdalpe made their first contribution in https://github.com/grafana/helm-charts/pull/2904

Full Changelog: grafana/helm-charts@tempo-distributed-1.8.0...grafana-7.2.2

`v7.2.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix secret datasources/notifiers rendering by @JordanGoasdoue in https://github.com/grafana/helm-charts/pull/2895

New Contributors

@JordanGoasdoue made their first contribution in https://github.com/grafana/helm-charts/pull/2895

Full Changelog: grafana/helm-charts@grafana-7.2.0...grafana-7.2.1

`v7.2.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Support Datasource sidecar having envValueFrom by @mtenrero in https://github.com/grafana/helm-charts/pull/2862

New Contributors

@mtenrero made their first contribution in https://github.com/grafana/helm-charts/pull/2862

Full Changelog: grafana/helm-charts@helm-k6-operator-3.4.0...grafana-7.2.0

`v7.1.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] feat: fail when users store secrets in plaintext by @DerekTBrown in https://github.com/grafana/helm-charts/pull/2867

New Contributors

@DerekTBrown made their first contribution in https://github.com/grafana/helm-charts/pull/2867

Full Changelog: grafana/helm-charts@grafana-7.0.22...grafana-7.1.0

`v7.0.22`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] app version to 10.2.3 by @akselleirv in https://github.com/grafana/helm-charts/pull/2879

New Contributors

@akselleirv made their first contribution in https://github.com/grafana/helm-charts/pull/2879

Full Changelog: grafana/helm-charts@tempo-distributed-1.7.4...grafana-7.0.22

`v7.0.21`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Quote hostname in ingress.yaml by @msadiq058 in https://github.com/grafana/helm-charts/pull/2871

New Contributors

@msadiq058 made their first contribution in https://github.com/grafana/helm-charts/pull/2871

Full Changelog: grafana/helm-charts@grafana-7.0.20...grafana-7.0.21

`v7.0.20`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Added support for loadBalancerClass by @Sheikh-Abubaker in https://github.com/grafana/helm-charts/pull/2790

Full Changelog: grafana/helm-charts@grafana-agent-0.30.0...grafana-7.0.20

`v7.0.19`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Updates comments in values.yaml to align extraVolumes.hostP… by @mheers in https://github.com/grafana/helm-charts/pull/2856

New Contributors

@mheers made their first contribution in https://github.com/grafana/helm-charts/pull/2856

Full Changelog: grafana/helm-charts@grafana-7.0.18...grafana-7.0.19

`v7.0.18`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix: Change sidecar.alerts.initDatasources to sidecar.alerts.initAlerts by @kvanzuijlen in https://github.com/grafana/helm-charts/pull/2789

Full Changelog: grafana/helm-charts@k8s-monitoring-0.7.0...grafana-7.0.18

`v7.0.17`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Document extraVolumes by @stephan2012 in https://github.com/grafana/helm-charts/pull/2823

New Contributors

@stephan2012 made their first contribution in https://github.com/grafana/helm-charts/pull/2823

Full Changelog: grafana/helm-charts@grafana-7.0.16...grafana-7.0.17

`v7.0.16`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Avoid unnecessary pod restart on each helm chart version by @jkroepke in https://github.com/grafana/helm-charts/pull/2834

Full Changelog: grafana/helm-charts@grafana-7.0.15...grafana-7.0.16

`v7.0.15`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Allow setting dns config for pod template by @weikinhuang in https://github.com/grafana/helm-charts/pull/2835

New Contributors

@weikinhuang made their first contribution in https://github.com/grafana/helm-charts/pull/2835

Full Changelog: grafana/helm-charts@grafana-7.0.14...grafana-7.0.15

`v7.0.14`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] - Add support for templating in ServiceMonitor labels by @Allex1 in https://github.com/grafana/helm-charts/pull/2774

Full Changelog: grafana/helm-charts@helm-k6-operator-3.3.0...grafana-7.0.14

`v7.0.11`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to v10.2.2 by @Footur in https://github.com/grafana/helm-charts/pull/2795

Full Changelog: grafana/helm-charts@grafana-7.0.10...grafana-7.0.11

`v7.0.10`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Mount configSecret by @YuleZ in https://github.com/grafana/helm-charts/pull/2782

Full Changelog: grafana/helm-charts@grafana-7.0.9...grafana-7.0.10

`v7.0.9`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Docs: improve clarity of alert provisioning docs by @jwreford99 in https://github.com/grafana/helm-charts/pull/2792

New Contributors

@jwreford99 made their first contribution in https://github.com/grafana/helm-charts/pull/2792

Full Changelog: grafana/helm-charts@tempo-distributed-1.7.1...grafana-7.0.9

`v7.0.8`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] feat(networkpolicy): specify egress destination by @LeoFVO in https://github.com/grafana/helm-charts/pull/2776

New Contributors

@LeoFVO made their first contribution in https://github.com/grafana/helm-charts/pull/2776

Full Changelog: grafana/helm-charts@grafana-7.0.6...grafana-7.0.8

`v7.0.6`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] sc datasources only as init container w/ init container config by @bt909 in https://github.com/grafana/helm-charts/pull/2760

Full Changelog: grafana/helm-charts@grafana-7.0.5...grafana-7.0.6

`v7.0.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Fixed broken URL to ALB actions in the README by @Mattie112 in https://github.com/grafana/helm-charts/pull/2773

New Contributors

@Mattie112 made their first contribution in https://github.com/grafana/helm-charts/pull/2773

Full Changelog: grafana/helm-charts@rollout-operator-0.10.0...grafana-7.0.5

`v7.0.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] allow alerts sidecar as init container by @bt909 in https://github.com/grafana/helm-charts/pull/2771

Full Changelog: grafana/helm-charts@helm-k6-operator-3.0.0...grafana-7.0.4

`v7.0.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] revert 2748 and CVE fix by @zanac1986 in https://github.com/grafana/helm-charts/pull/2757

Full Changelog: grafana/helm-charts@k8s-monitoring-0.3.1...grafana-7.0.3

`v7.0.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Add global image registry support for extraInitContainers by @pvallone in https://github.com/grafana/helm-charts/pull/2748

Full Changelog: grafana/helm-charts@grafana-7.0.1...grafana-7.0.2

`v7.0.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix: include podAnnotation in grafana values for imagerenderer by @KelvinVenancio in https://github.com/grafana/helm-charts/pull/2738

New Contributors

@KelvinVenancio made their first contribution in https://github.com/grafana/helm-charts/pull/2738

Full Changelog: grafana/helm-charts@grafana-7.0.0...grafana-7.0.1

`v7.0.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

Update CODEOWNERS by @zalegrala in https://github.com/grafana/helm-charts/pull/2744
[grafana] Rename global.image.registry to global.imageRegistry by @pvallone in https://github.com/grafana/helm-charts/pull/2735

New Contributors

@pvallone made their first contribution in https://github.com/grafana/helm-charts/pull/2735

Full Changelog: grafana/helm-charts@grafana-6.61.2...grafana-7.0.0

`v6.61.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Range over extraVolumes by @efbicief in https://github.com/grafana/helm-charts/pull/2712

New Contributors

@efbicief made their first contribution in https://github.com/grafana/helm-charts/pull/2712

Full Changelog: grafana/helm-charts@loki-distributed-0.76.1...grafana-6.61.2

`v6.61.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] add externalTrafficPolicy support by @schneidermr in https://github.com/grafana/helm-charts/pull/2716

New Contributors

@schneidermr made their first contribution in https://github.com/grafana/helm-charts/pull/2716

Full Changelog: grafana/helm-charts@grafana-agent-operator-0.3.8...grafana-6.61.1

`v6.61.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] add global image registry support by @QuentinBisson in https://github.com/grafana/helm-charts/pull/2695

Full Changelog: grafana/helm-charts@oncall-1.3.43...grafana-6.61.0

`v6.60.6`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to v10.1.5 by @Footur in https://github.com/grafana/helm-charts/pull/2706

Full Changelog: grafana/helm-charts@grafana-6.60.5...grafana-6.60.6

`v6.60.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] set the interval for the serviceMonitor to 30s so that irate()[1m] queries in the operators default Grafana dashboard work by @winem in https://github.com/grafana/helm-charts/pull/2498

New Contributors

@winem made their first contribution in https://github.com/grafana/helm-charts/pull/2498

Full Changelog: grafana/helm-charts@helm-loki-5.29.0...grafana-6.60.5

`v6.60.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix: add missing | quote for sidecar.dashboards.labelValue by @cwrau in https://github.com/grafana/helm-charts/pull/2696

New Contributors

@cwrau made their first contribution in https://github.com/grafana/helm-charts/pull/2696

Full Changelog: grafana/helm-charts@grafana-6.60.3...grafana-6.60.4

`v6.60.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Upgrade grafana to 10.1.4 by @BenjaminHerbert in https://github.com/grafana/helm-charts/pull/2694

Full Changelog: grafana/helm-charts@helm-loki-5.25.0...grafana-6.60.3

`v6.60.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix: allow using existing clusterrole by @gadisn in https://github.com/grafana/helm-charts/pull/2691

New Contributors

@gadisn made their first contribution in https://github.com/grafana/helm-charts/pull/2691

Full Changelog: grafana/helm-charts@lgtm-distributed-1.0.0...grafana-6.60.2

`v6.60.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Fix missing label for dashboard configmap by @goodard in https://github.com/grafana/helm-charts/pull/2647

New Contributors

@goodard made their first contribution in https://github.com/grafana/helm-charts/pull/2647

Full Changelog: grafana/helm-charts@grafana-6.60.0...grafana-6.60.1

`v6.60.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] avoid storing secrets in config map by @YuleZ in https://github.com/grafana/helm-charts/pull/2663
[tempo-distributed] adjust minReplicas for ingester by @dheeg in https://github.com/grafana/helm-charts/pull/2664

New Contributors

@dheeg made their first contribution in https://github.com/grafana/helm-charts/pull/2664

Full Changelog: grafana/helm-charts@rollout-operator-0.9.1...grafana-6.60.0

`v6.59.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to v10.1.2 by @Footur in https://github.com/grafana/helm-charts/pull/2659

Full Changelog: grafana/helm-charts@loki-distributed-0.74.5...grafana-6.59.5

`v6.59.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Remove unsupported property on extraExposePorts by @jifwin in https://github.com/grafana/helm-charts/pull/2597

Full Changelog: grafana/helm-charts@loki-distributed-0.73.0...grafana-6.59.4

`v6.59.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Fix Security vulnerability found in scan 2623 by @zanac1986 in https://github.com/grafana/helm-charts/pull/2643

Full Changelog: grafana/helm-charts@grafana-6.59.2...grafana-6.59.3

`v6.59.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Deprecate rbac.authorization.k8s.io/v1beta1 by @zanac1986 in https://github.com/grafana/helm-charts/pull/2642

Full Changelog: grafana/helm-charts@grafana-agent-0.23.0...grafana-6.59.2

`v6.59.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] bump grafana version to 10.1.1 by @venkatamutyala in https://github.com/grafana/helm-charts/pull/2630

Full Changelog: grafana/helm-charts@loki-distributed-0.72.0...grafana-6.59.1

`v6.59.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to v10.1.0 by @Footur in https://github.com/grafana/helm-charts/pull/2613

Full Changelog: grafana/helm-charts@k8s-monitoring-0.1.13...grafana-6.59.0

`v6.58.10`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Add support for PDB apiVersion to be specified by @titirigaiulian in https://github.com/grafana/helm-charts/pull/2572

New Contributors

@titirigaiulian made their first contribution in https://github.com/grafana/helm-charts/pull/2572

Full Changelog: grafana/helm-charts@helm-loki-5.15.0...grafana-6.58.10

`v6.58.9`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Remove table breaking line break by @m3adow in https://github.com/grafana/helm-charts/pull/2585

New Contributors

@m3adow made their first contribution in https://github.com/grafana/helm-charts/pull/2585

Full Changelog: grafana/helm-charts@helm-loki-5.11.0...grafana-6.58.9

`v6.58.8`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] allow configuring serviceMonitor.metricRelabelings by @clux in https://github.com/grafana/helm-charts/pull/2580

New Contributors

@clux made their first contribution in https://github.com/grafana/helm-charts/pull/2580

Full Changelog: grafana/helm-charts@promtail-6.14.2...grafana-6.58.8

`v6.58.7`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[loki] Update README by @JStickler in https://github.com/grafana/helm-charts/pull/2567
[grafana] Update Grafana version to v10.0.3 by @terop in https://github.com/grafana/helm-charts/pull/2570

New Contributors

@terop made their first contribution in https://github.com/grafana/helm-charts/pull/2570

Full Changelog: grafana/helm-charts@loki-stack-2.9.11...grafana-6.58.7

`v6.58.6`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] add deleteDatasources reference by @tamcore in https://github.com/grafana/helm-charts/pull/2537

Full Changelog: grafana/helm-charts@loki-distributed-0.70.5...grafana-6.58.6

`v6.58.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Adding missing mountPath for csi extraVolumeMount by @jifwin in https://github.com/grafana/helm-charts/pull/2511

New Contributors

@jifwin made their first contribution in https://github.com/grafana/helm-charts/pull/2511

Full Changelog: grafana/helm-charts@loki-distributed-0.70.1...grafana-6.58.5

`v6.58.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Enabling the ability to omit the REQ_USERNAME and REQ_PASSWORD variables when sidecar.dashboards.skipReload is true by @smbambling in https://github.com/grafana/helm-charts/pull/2495

New Contributors

@smbambling made their first contribution in https://github.com/grafana/helm-charts/pull/2495

Full Changelog: grafana/helm-charts@oncall-1.3.12...grafana-6.58.4

`v6.58.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to v10.0.2 by @BogdanIonesq in https://github.com/grafana/helm-charts/pull/2505

New Contributors

@BogdanIonesq made their first contribution in https://github.com/grafana/helm-charts/pull/2505

Full Changelog: grafana/helm-charts@grafana-6.58.2...grafana-6.58.3

`v6.58.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] fix Chart.yaml - add license and keywords, remove gotpl by @arukiidou in https://github.com/grafana/helm-charts/pull/2488

Full Changelog: grafana/helm-charts@grafana-6.58.1...grafana-6.58.2

`v6.58.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] bump kiwigrid/k8s-sidecar version to 1.24.6 by @arukiidou in https://github.com/grafana/helm-charts/pull/2492

New Contributors

@arukiidou made their first contribution in https://github.com/grafana/helm-charts/pull/2492

Full Changelog: grafana/helm-charts@grafana-6.58.0...grafana-6.58.1

`v6.58.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] bump default grafana version 10.0.1 by @zzzinho in https://github.com/grafana/helm-charts/pull/2479

Full Changelog: grafana/helm-charts@tempo-distributed-1.4.8...grafana-6.58.0

`v6.57.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

[grafana] Update Grafana to v9.5.5 by @Footur in https://github.com/grafana/helm-charts/pull/2477

Full Changelog: grafana/helm-charts@mimir-distributed-4.5.0...grafana-6.57.4

`v6.57.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.57.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.57.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.57.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.56.6`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.56.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.56.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.56.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.56.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.56.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.55.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.55.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.54.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.53.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.9`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.8`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.7`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.6`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.52.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.51.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.51.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.51.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.51.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.51.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.51.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.8`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.7`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.6`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.5`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.4`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.3`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.1`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.50.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.49.0`

Compare Source

The leading tool for querying and visualizing time series and metrics.

`v6.48.2`

Compare Source

The leading tool for querying and visualizing time series and metrics.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

github-actions · 2023-10-29T04:19:39Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.1

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 8db2dfdc9e59140d14c1d113ef0b84bc1d0f2be410865a7ebe41ee258a8cea74
+        checksum/dashboards-json-config: da5f21f24ffbbb2af2c1e65cb84c1d754f08a2f2a353ba1bec01f48c571cefb6
+        checksum/sc-dashboard-provider-config: 7ae19f98d172d9bad4daab851d0ab8466c41aed4508662bb352608e7b08c91a7
+        checksum/secret: 05512b901c6dd2f4d3f7d041fbd85db9293a5867101f2db4a4629f09db0c06e8
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-10-31T13:08:18Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.2

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 6043e2810bef7ea529749c224ccf6e2d0bf9803993ccf6be509df51b503a582e
+        checksum/dashboards-json-config: 0a8a6c2222384bb982964e015d38419f7af449ad0ac27240398083ea8ab30f02
+        checksum/sc-dashboard-provider-config: dc6f63e34f8b12c2b1c0dde99e9d01e069136fe833134a24f583e581e220583e
+        checksum/secret: 255543ec8f86e160e713e804918ebd5b9eda30394d00ed1b9e120c01e95937cb
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-11-03T16:20:15Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.3

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 0ce5e76604270343c29fa8e02585f812b475b70ce37bbbbd940486a9da302d2c
+        checksum/dashboards-json-config: 22df7b9bab74df04e4549ebe09d6da806f1f1e2c6b2d3275072838228c0d7e31
+        checksum/sc-dashboard-provider-config: fcece55643fc41944ac58dc73e4ed6199e68a8a2e855b1d45da47b24e45bdcbb
+        checksum/secret: b611d5d4e11c37ebf361e8be28a1b6280a8ddc6eb27b763a3e2cb96ff0e25ef8
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-11-14T17:09:44Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.4

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: ca5a3684b233ca90e5ba504d9bd6326526e9f4ca53076a0ba529df52bed7850a
+        checksum/dashboards-json-config: fd91d32f8e109346b906b3d46e40af6fb2923d28544260a687537d842200a2d9
+        checksum/sc-dashboard-provider-config: bcf44610fa5b9da65016ce9ccb8fad91bc9428dde587b89a7c8bd5633327b552
+        checksum/secret: fc800cb375d166ba906dc54b2f5b48e10dfb0b11fb9c9883e2c84ab0590c0991
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-11-15T12:52:03Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.6

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 652c71e4c87d76d440621209a36b0d9c0c07fbb05ec9f5fb39481b2fd12ae94e
+        checksum/dashboards-json-config: c39c21c69759e208e2e873f1a9ed4689c41be20e6edbd0f4b9d784565a4f48f0
+        checksum/sc-dashboard-provider-config: cccb75bd1394c143a9ab215a3d5425358640029dd5c668b565be8a0cde2b9609
+        checksum/secret: a3bfc7326a7a02c48f75e908684caf822ce0923db83d2649a93fef1725e44dcb
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-11-20T17:14:01Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.8

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: d9da4eeefdc23a792d068a9c7fef5bef1565df630c006949104f742056e55f61
+        checksum/dashboards-json-config: 58daef74c29540a84bdc292fefd655cebc4acb83a9a17cc90160dc5745ce8f8b
+        checksum/sc-dashboard-provider-config: a008cbc1e11fb593ea5adc5bbdc70984ae3f0ffc05c2fcc498335c213662b7ba
+        checksum/secret: b27b0b93a961617425fa7ae610ee723ea1eb115f4fcfa481f7bf90219f564461
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-11-27T23:24:51Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.9

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: cc0ae23fe297e27d011113e266e482c6134f57939a526633586cc74555685a58
+        checksum/dashboards-json-config: efb6c916e0fdef8bc24007aff577a6c74bcca2259fc21c0e94ea839161b7c01e
+        checksum/sc-dashboard-provider-config: 18710313ccdb7ed5d07d774ee8d7213f0eedbe486069da766a6c48a5ae1fc2cd
+        checksum/secret: e41eca89b1d83a275f02b12ca7ead2268960f75d131a2c5c3fe044551532e462
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.1.5"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-11-29T12:19:03Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.11

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 1b39576f706091a9cb8eef957d854844c49f1c47ff2ac4c5fa1bf3a0731a05d6
+        checksum/dashboards-json-config: 88f2ba3bd0ad3165c70ffef55dba14fc23b8121d3f0bc36f6719815de14fc999
+        checksum/sc-dashboard-provider-config: b9d137b9971abca89e568d91d6af9e037ded5a192d196552959a184d45b0e6a8
+        checksum/secret: 4dfcca38f834e7d5d14580efbf9cb6edba37ea93b35767746d14b6b9732f8139
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.2.2"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-12-11T12:06:49Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.14

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 2c844d3e0ad755bba7b37c927462f7c3598499570702a67bd9303751eadb580f
+        checksum/dashboards-json-config: bdbe13b4edd058769b59cdd993bc286c68e68e8499b1162f17c57ae05678e5d4
+        checksum/sc-dashboard-provider-config: a1ddd91939a186f0b995c45e333c1f3a44d2744e5f4d2b71ea022a3c715bdf1b
+        checksum/secret: 5a14afd2c0d7c73a5267a674b3151f144d1811c30f39d069bf0bab1f1bf7d4df
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.2.2"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2023-12-12T15:18:05Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.0.17

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: a2a5161191ede69a1880f0131c939c54e6f820b1595b5f60bce0fd2636e6a72c
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.2.2"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-02-27T13:19:55Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.3

@@ -9,17 +9,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +39,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +140,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +185,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +206,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +252,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: 8b7697c0a9860ac680c629cd7f414260ec6f888396114e25da97b99b02cbc331
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +288,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +301,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +353,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.3.3"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +396,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +511,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +535,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +549,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +604,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-03-11T03:40:48Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.4

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: 53349bc67e5f15247329d1f66c0614f70e17d833df1a1a6fa07fa47d7f652587
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.25.2"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.3.3"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-03-11T09:51:36Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.5

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: 61d101be4fcdb6d296b20c7e9b8cd7f05e6e4f234728a691dabebac103011f59
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.0"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.0"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.3.3"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-03-11T20:06:47Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.6

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: a2f07293c255b0fc56fac49ff5b4bd38c1b71c4533e71f44f75039ff84772a5c
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.3.3"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-03-14T03:38:35Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.7

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: a3dfd6ca0d8194cf3a81556236d37a0e0137889c8b5d92adbce4f5610f23ba8a
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.4.0"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-04-12T17:48:56Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.8

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: c3092dafbaf916966091a2476b10dc8c759001b2674671ae56c40c455baa6de6
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.4.1"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-04-18T10:35:58Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.9

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: c1fba2432db9d802fd112addbe50a4c94d66e7b146d39312d548a2fed63aa7ed
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.4.1"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

github-actions · 2024-05-07T23:12:55Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.10

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: 59fd577f6c1c72790a0501d192636f409c7a3f6dd39f3f2c0c8526061d65b698
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.4.1"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

Signed-off-by: Danny Froberg <[email protected]>

github-actions · 2024-05-10T07:53:48Z

Path: cluster/core/monitoring/grafana/helm-release.yaml
Version: 6.40.4 -> 7.3.11

@@ -1,6 +1,7 @@
 # Source: grafana/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: true
 metadata:
   labels:
     app.kubernetes.io/name: grafana
@@ -9,17 +10,6 @@
   name: grafana
   namespace: default
 ---
-# Source: grafana/templates/tests/test-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-  name: grafana-test
-  namespace: default
----
 # Source: grafana/templates/secret.yaml
 apiVersion: v1
 kind: Secret
@@ -50,16 +40,16 @@
   provider.yaml: |-
     apiVersion: 1
     providers:
-    - name: 'sidecarProvider'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      allowUiUpdates: false
-      updateIntervalSeconds: 30
-      options:
-        foldersFromFilesStructure: false
-        path: /tmp/dashboards
+      - name: 'sidecarProvider'
+        orgId: 1
+        folder: ''
+        type: file
+        disableDeletion: false
+        allowUiUpdates: false
+        updateIntervalSeconds: 30
+        options:
+          foldersFromFilesStructure: false
+          path: /tmp/dashboards
 ---
 # Source: grafana/templates/configmap.yaml
 apiVersion: v1
@@ -151,27 +141,9 @@
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
     dashboard-provider: default
+    grafana_dashboard: ""
 data: {}
 ---
-# Source: grafana/templates/tests/test-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-data:
-  run.sh: |-
-    @test "Test Health" {
-      url="http://grafana/api/health"
-
-      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
-      [ "$code" == "200" ]
-    }
----
 # Source: grafana/templates/clusterrole.yaml
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -214,27 +186,7 @@
     app.kubernetes.io/name: grafana
     app.kubernetes.io/instance: grafana
     app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['extensions']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana]
----
-# Source: grafana/templates/tests/test-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups: ['policy']
-    resources: ['podsecuritypolicies']
-    verbs: ['use']
-    resourceNames: [grafana-test]
+rules: []
 ---
 # Source: grafana/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -255,25 +207,6 @@
     name: grafana
     namespace: default
 ---
-# Source: grafana/templates/tests/test-rolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: grafana-test
-  namespace: default
-  labels:
-    app.kubernetes.io/name: grafana
-    app.kubernetes.io/instance: grafana
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: grafana-test
-subjects:
-  - kind: ServiceAccount
-    name: grafana-test
-    namespace: default
----
 # Source: grafana/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -320,24 +253,33 @@
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
-        checksum/config: 2f76c91babf4c50bb6e4ad5890ba25835bd2d037b05452e13fff1317661f93ec
-        checksum/dashboards-json-config: a652350250573ac5d0a297866f63cd1542e38764f44849812602331ec4a44ba0
-        checksum/sc-dashboard-provider-config: 7dffc9de897da308d1d87ba3237f265bd382d64730d454a5a26b24ea9e1f6009
-        checksum/secret: 9e9fb76c95b670be03455fe71cd145a6c31de42f78eed0cd976243298d90199c
+        checksum/config: 330cae61f960c400b62f029b22fcdc6fcd6cb105ac1153553dd63eaad3fb86b3
+        checksum/dashboards-json-config: 4fce80be5fe014b9a9bc5b18348eb8d39df153c7df93a8f5ef76d4a7d4805212
+        checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c
+        checksum/secret: 385abea46313993d8c36a07faff7897b4f5f75e1b5adec56f895c00cd2dc2c7e
+        kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472
         runAsGroup: 472
+        runAsNonRoot: true
         runAsUser: 472
       initContainers:
         - name: download-dashboards
-          image: "curlimages/curl:7.85.0"
+          image: "docker.io/curlimages/curl:7.85.0"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh"]
           env:
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/download_dashboards.sh"
@@ -347,7 +289,7 @@
       enableServiceLinks: true
       containers:
         - name: grafana-sc-dashboard
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -360,11 +302,32 @@
               value: "both"
             - name: NAMESPACE
               value: "ALL"
+            - name: REQ_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-user
+            - name: REQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: grafana
+                  key: admin-password
+            - name: REQ_URL
+              value: http://localhost:3000/api/admin/provisioning/dashboards/reload
+            - name: REQ_METHOD
+              value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-dashboard-volume
               mountPath: "/tmp/dashboards"
         - name: grafana-sc-datasources
-          image: "quay.io/kiwigrid/k8s-sidecar:1.19.2"
+          image: "quay.io/kiwigrid/k8s-sidecar:1.26.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: METHOD
@@ -391,12 +354,26 @@
               value: http://localhost:3000/api/admin/provisioning/datasources/reload
             - name: REQ_METHOD
               value: POST
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: sc-datasources-volume
               mountPath: "/etc/grafana/provisioning/datasources"
         - name: grafana
-          image: "ghcr.io/k8s-at-home/grafana:9.1.7"
+          image: "docker.io/ghcr.io/k8s-at-home/grafana:10.4.1"
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
             - name: config
               mountPath: "/etc/grafana/grafana.ini"
@@ -420,7 +397,17 @@
             - name: grafana
               containerPort: 3000
               protocol: TCP
+            - name: gossip-tcp
+              containerPort: 9094
+              protocol: TCP
+            - name: gossip-udp
+              containerPort: 9094
+              protocol: UDP
           env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: GF_SECURITY_ADMIN_USER
               valueFrom:
                 secretKeyRef:
@@ -525,7 +512,7 @@
         - grafana.${SECRET_DOMAIN}
       secretName: ${SECRET_DOMAIN//./-}-tls
   rules:
-    - host: grafana.${SECRET_DOMAIN}
+    - host: "grafana.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /
@@ -549,7 +536,7 @@
 spec:
   endpoints:
     - port: service
-      interval: 1m
+      interval: 30s
       scrapeTimeout: 30s
       honorLabels: true
       path: /metrics
@@ -563,6 +550,42 @@
     matchNames:
       - default
 ---
+# Source: grafana/templates/tests/test-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+---
+# Source: grafana/templates/tests/test-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-test
+  namespace: default
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+  labels:
+    app.kubernetes.io/name: grafana
+    app.kubernetes.io/instance: grafana
+    app.kubernetes.io/managed-by: Helm
+data:
+  run.sh: |-
+    @test "Test Health" {
+      url="http://grafana/api/health"
+
+      code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^  HTTP/{print $2}')
+      [ "$code" == "200" ]
+    }
+---
 # Source: grafana/templates/tests/test.yaml
 apiVersion: v1
 kind: Pod
@@ -582,7 +605,7 @@
     worker: true
   containers:
     - name: grafana-test
-      image: "bats/bats:v1.4.1"
+      image: "docker.io/bats/bats:v1.4.1"
       imagePullPolicy: "IfNotPresent"
       command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
       volumeMounts:

renovate bot requested a review from dfroberg as a code owner October 29, 2023 04:19

renovate bot added the renovate/helm label Oct 29, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from 4962b26 to d669d8b Compare October 31, 2023 13:07

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.1~~ feat(charts)!: Update Helm release grafana to 7.0.2 Oct 31, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from d669d8b to 3ee8bb8 Compare November 3, 2023 16:19

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.2~~ feat(charts)!: Update Helm release grafana to 7.0.3 Nov 3, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from 3ee8bb8 to 1545197 Compare November 14, 2023 17:09

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.3~~ feat(charts)!: Update Helm release grafana to 7.0.4 Nov 14, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from 1545197 to cdbe877 Compare November 15, 2023 12:51

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.4~~ feat(charts)!: Update Helm release grafana to 7.0.6 Nov 15, 2023

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.6~~ feat(charts)!: Update Helm release grafana to 7.0.8 Nov 20, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from cdbe877 to 5b92d50 Compare November 20, 2023 17:13

renovate bot force-pushed the renovate/grafana-7.x branch from 5b92d50 to 2d890cf Compare November 27, 2023 23:24

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.8~~ feat(charts)!: Update Helm release grafana to 7.0.9 Nov 27, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from 2d890cf to 896af49 Compare November 29, 2023 12:18

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.9~~ feat(charts)!: Update Helm release grafana to 7.0.11 Nov 29, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from 896af49 to f309fbf Compare December 11, 2023 12:06

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.11~~ feat(charts)!: Update Helm release grafana to 7.0.14 Dec 11, 2023

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.0.14~~ feat(charts)!: Update Helm release grafana to 7.0.17 Dec 12, 2023

renovate bot force-pushed the renovate/grafana-7.x branch from f309fbf to 2a85157 Compare December 12, 2023 15:17

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.2~~ feat(charts)!: Update Helm release grafana to 7.3.3 Feb 27, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from 9ad1b99 to 72fe519 Compare March 11, 2024 03:40

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.3~~ feat(charts)!: Update Helm release grafana to 7.3.4 Mar 11, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from 72fe519 to 5f83879 Compare March 11, 2024 09:51

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.4~~ feat(charts)!: Update Helm release grafana to 7.3.5 Mar 11, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from 5f83879 to b8d3233 Compare March 11, 2024 20:06

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.5~~ feat(charts)!: Update Helm release grafana to 7.3.6 Mar 11, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from b8d3233 to fc8f6ce Compare March 14, 2024 03:38

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.6~~ feat(charts)!: Update Helm release grafana to 7.3.7 Mar 14, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from fc8f6ce to 309f9c4 Compare April 12, 2024 17:48

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.7~~ feat(charts)!: Update Helm release grafana to 7.3.8 Apr 12, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from 309f9c4 to d737f9b Compare April 18, 2024 10:35

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.8~~ feat(charts)!: Update Helm release grafana to 7.3.9 Apr 18, 2024

renovate bot force-pushed the renovate/grafana-7.x branch from d737f9b to 1cd9267 Compare May 7, 2024 23:12

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.9~~ feat(charts)!: Update Helm release grafana to 7.3.10 May 7, 2024

feat(charts)!: Update Helm release grafana to 7.3.11

4a8d59f

Signed-off-by: Danny Froberg <[email protected]>

renovate bot force-pushed the renovate/grafana-7.x branch from 1cd9267 to 4a8d59f Compare May 10, 2024 07:53

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.10~~ feat(charts)!: Update Helm release grafana to 7.3.11 May 10, 2024

renovate bot changed the title ~~feat(charts)!: Update Helm release grafana to 7.3.11~~ feat(charts)!: Update Helm release grafana to 7.3.11 - autoclosed Jun 3, 2024

renovate bot closed this Jun 3, 2024

renovate bot deleted the renovate/grafana-7.x branch June 3, 2024 16:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(charts)!: Update Helm release grafana to 7.3.11 - autoclosed #2377

feat(charts)!: Update Helm release grafana to 7.3.11 - autoclosed #2377

renovate bot commented Oct 29, 2023 •

edited

Loading

github-actions bot commented Oct 29, 2023

github-actions bot commented Oct 31, 2023

github-actions bot commented Nov 3, 2023

github-actions bot commented Nov 14, 2023

github-actions bot commented Nov 15, 2023

github-actions bot commented Nov 20, 2023

github-actions bot commented Nov 27, 2023

github-actions bot commented Nov 29, 2023

github-actions bot commented Dec 11, 2023

github-actions bot commented Dec 12, 2023

github-actions bot commented Feb 27, 2024

github-actions bot commented Mar 11, 2024

github-actions bot commented Mar 11, 2024

github-actions bot commented Mar 11, 2024

github-actions bot commented Mar 14, 2024

github-actions bot commented Apr 12, 2024

github-actions bot commented Apr 18, 2024

github-actions bot commented May 7, 2024

github-actions bot commented May 10, 2024

feat(charts)!: Update Helm release grafana to 7.3.11 - autoclosed #2377

feat(charts)!: Update Helm release grafana to 7.3.11 - autoclosed #2377

Conversation

renovate bot commented Oct 29, 2023 • edited Loading

Release Notes

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

renovate bot commented Oct 29, 2023 •

edited

Loading