From 706ee46f37f9762f1202f494708e9afbfa14a23b Mon Sep 17 00:00:00 2001 From: Luvpreet Singh Date: Thu, 7 Sep 2023 20:19:22 +0530 Subject: [PATCH 01/12] [kube-state-metrics] add option to set updateStrategy to Recreate (#3766) * [kube-state-metrics] add option to set updateStrategy to Recreate Signed-off-by: Luvpreet Singh --- charts/kube-state-metrics/Chart.yaml | 2 +- charts/kube-state-metrics/templates/deployment.yaml | 4 ++++ charts/kube-state-metrics/values.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/kube-state-metrics/Chart.yaml b/charts/kube-state-metrics/Chart.yaml index 8367bb441b40..5c997ed0b501 100644 --- a/charts/kube-state-metrics/Chart.yaml +++ b/charts/kube-state-metrics/Chart.yaml @@ -7,7 +7,7 @@ keywords: - prometheus - kubernetes type: application -version: 5.12.1 +version: 5.13.0 appVersion: 2.10.0 home: https://github.com/kubernetes/kube-state-metrics/ sources: diff --git a/charts/kube-state-metrics/templates/deployment.yaml b/charts/kube-state-metrics/templates/deployment.yaml index 31aa6101818d..69a387a8cd30 100644 --- a/charts/kube-state-metrics/templates/deployment.yaml +++ b/charts/kube-state-metrics/templates/deployment.yaml @@ -18,6 +18,10 @@ spec: matchLabels: {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} replicas: {{ .Values.replicas }} + {{- if not .Values.autosharding.enabled }} + strategy: + type: {{ .Values.updateStrategy | default "RollingUpdate" }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.autosharding.enabled }} serviceName: {{ template "kube-state-metrics.fullname" . }} diff --git a/charts/kube-state-metrics/values.yaml b/charts/kube-state-metrics/values.yaml index 00eabab6ab09..29f59524d769 100644 --- a/charts/kube-state-metrics/values.yaml +++ b/charts/kube-state-metrics/values.yaml @@ -37,6 +37,9 @@ autosharding: replicas: 1 +# Change the deployment strategy when autosharding is disabled +# updateStrategy: Recreate + # Number of old history to retain to allow rollback # Default Kubernetes value is set to 10 revisionHistoryLimit: 10 From f2cbb4dd99272aed3e59594ae41fbb5137e3b38e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=87a=C4=9Fatay=20Erem?= Date: Fri, 8 Sep 2023 19:27:44 +0300 Subject: [PATCH 02/12] [prometheus-mongodb-exporter] Fix comments on podAnnotations (#3767) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Comment misguide information fixed for podAnnotations. Signed-off-by: Çağatay Erem * Update Chart.yaml Signed-off-by: Çağatay Erem * Update Chart.yaml Signed-off-by: Çağatay Erem * App version reverted Signed-off-by: Çağatay Erem * versions updated. Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> Signed-off-by: Çağatay Erem --------- Signed-off-by: Çağatay Erem Co-authored-by: cagatay.erem@seyirmobil.com Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> --- charts/prometheus-mongodb-exporter/Chart.yaml | 2 +- charts/prometheus-mongodb-exporter/values.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/prometheus-mongodb-exporter/Chart.yaml b/charts/prometheus-mongodb-exporter/Chart.yaml index 4be32a08d91e..d2a823972768 100644 --- a/charts/prometheus-mongodb-exporter/Chart.yaml +++ b/charts/prometheus-mongodb-exporter/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: prometheus-mongodb-exporter sources: - https://github.com/percona/mongodb_exporter -version: 3.3.0 +version: 3.3.1 diff --git a/charts/prometheus-mongodb-exporter/values.yaml b/charts/prometheus-mongodb-exporter/values.yaml index 9dc4fe1e4130..ab09d7e9ceba 100644 --- a/charts/prometheus-mongodb-exporter/values.yaml +++ b/charts/prometheus-mongodb-exporter/values.yaml @@ -44,7 +44,8 @@ nodeSelector: {} podAnnotations: {} # prometheus.io/scrape: "true" -# prometheus.io/port: "metrics" +# prometheus.io/port: "9216" +# prometheus.io/path: /metrics podLabels: {} From 67ccba3cf751071d01e0e6c5d4af7604b67ab5b6 Mon Sep 17 00:00:00 2001 From: Shubham Girdhar Date: Sat, 9 Sep 2023 09:08:00 +0530 Subject: [PATCH 03/12] [prometheus-cloudwatch-exporter] refactor: remove extra spaces from the ServiceAccount template (#1) (#3686) * refactor: remove extra spaces from the ServiceAccount template (#1) Signed-off-by: Shubham Girdhar * bump: chart minor version Signed-off-by: Shubham Girdhar --------- Signed-off-by: Shubham Girdhar Co-authored-by: Asher Foa --- charts/prometheus-cloudwatch-exporter/Chart.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/prometheus-cloudwatch-exporter/Chart.yaml b/charts/prometheus-cloudwatch-exporter/Chart.yaml index 79c971f1b76d..fde712a6be82 100644 --- a/charts/prometheus-cloudwatch-exporter/Chart.yaml +++ b/charts/prometheus-cloudwatch-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.15.4" description: A Helm chart for prometheus cloudwatch-exporter name: prometheus-cloudwatch-exporter -version: 0.25.1 +version: 0.25.2 home: https://github.com/prometheus/cloudwatch_exporter sources: - https://github.com/prometheus/cloudwatch_exporter diff --git a/charts/prometheus-cloudwatch-exporter/templates/serviceaccount.yaml b/charts/prometheus-cloudwatch-exporter/templates/serviceaccount.yaml index a086201dce5e..7eb7cf75ed7e 100644 --- a/charts/prometheus-cloudwatch-exporter/templates/serviceaccount.yaml +++ b/charts/prometheus-cloudwatch-exporter/templates/serviceaccount.yaml @@ -7,7 +7,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app: {{ template "prometheus-cloudwatch-exporter.name" . }} - chart: {{ template "prometheus-cloudwatch-exporter.chart" . }} + chart: {{ template "prometheus-cloudwatch-exporter.chart" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" {{- if .Values.serviceAccount.annotations }} From d6121801d2280bcde2370aaa84a8014d9c8448d9 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 11 Sep 2023 10:54:19 +0300 Subject: [PATCH 04/12] [kube-prometheus-stack] operator bump to 0.68.0 (#3770) * bump to 0.68.0 Signed-off-by: drfaust92 * bump to 0.68.0 Signed-off-by: drfaust92 * bump to 0.68.0 Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/kube-prometheus-stack/Chart.yaml | 4 +- charts/kube-prometheus-stack/README.md | 19 + .../crds/crds/crd-alertmanagerconfigs.yaml | 391 +++++++++++++++++- .../charts/crds/crds/crd-alertmanagers.yaml | 186 ++++++--- .../charts/crds/crds/crd-podmonitors.yaml | 8 +- .../charts/crds/crds/crd-probes.yaml | 8 +- .../crds/crds/crd-prometheusagents.yaml | 201 ++++++--- .../charts/crds/crds/crd-prometheuses.yaml | 201 ++++++--- .../charts/crds/crds/crd-prometheusrules.yaml | 2 +- .../charts/crds/crds/crd-scrapeconfigs.yaml | 118 +++++- .../charts/crds/crds/crd-servicemonitors.yaml | 8 +- .../charts/crds/crds/crd-thanosrulers.yaml | 186 ++++++--- charts/kube-prometheus-stack/values.yaml | 6 +- 13 files changed, 1108 insertions(+), 230 deletions(-) diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 98bb169a3f6d..e8a159d825d6 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -21,8 +21,8 @@ name: kube-prometheus-stack sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus -version: 50.3.1 -appVersion: v0.67.1 +version: 51.0.0 +appVersion: v0.68.0 kubeVersion: ">=1.19.0-0" home: https://github.com/prometheus-operator/kube-prometheus keywords: diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index 833c34be3be7..2888b976f399 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -82,6 +82,25 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. +### From 50.x to 51.x + +This version upgrades Prometheus-Operator to v0.68.0, Prometheus to 2.47.0 and Thanos to v0.32.2 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + ### From 49.x to 50.x This version requires Kubernetes 1.19+. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml index a1b2d69ca87b..5081e805d6d4 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -3180,9 +3180,11 @@ spec: If not specified, default API URL will be used. type: string botToken: - description: Telegram bot token The secret needs to be - in the same namespace as the AlertmanagerConfig object - and accessible by the Prometheus Operator. + description: "Telegram bot token. It is mutually exclusive + with `botTokenFile`. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. \n Either `botToken` or + `botTokenFile` is required." properties: key: description: The key of the secret to select from. Must @@ -3200,6 +3202,12 @@ spec: required: - key type: object + botTokenFile: + description: "File to read the Telegram bot token from. + It is mutually exclusive with `botToken`. Either `botToken` + or `botTokenFile` is required. \n It requires Alertmanager + >= v0.26.0." + type: string chatID: description: The Telegram chat ID. format: int64 @@ -3987,6 +3995,381 @@ spec: type: string type: object type: array + webexConfigs: + description: List of Webex configurations. + items: + description: WebexConfig configures notification via Cisco + Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config + properties: + apiURL: + description: The Webex Teams API URL i.e. https://webexapis.com/v1/messages + Provide if different from the default API URL. + pattern: ^https?://.+$ + type: string + httpConfig: + description: The HTTP client's configuration. You must + supply the bot token via the `httpConfig.authorization` + field. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + roomID: + description: ID of the Webex Teams room where to send + the messages. + minLength: 1 + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + required: + - roomID + type: object + type: array webhookConfigs: description: List of webhook configurations. items: diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml index b0610f7a1761..3cc6d45dc505 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2444,6 +2444,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -2565,8 +2584,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2599,16 +2618,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3787,6 +3802,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3908,8 +3942,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3942,16 +3976,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4469,7 +4499,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4533,14 +4564,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -5128,6 +5156,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -5135,19 +5208,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -5202,13 +5287,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml index e4dffc3fc5aa..ceaf19e9e8e3 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -53,6 +53,12 @@ spec: jobLabel: description: The label to use to retrieve the job name from. type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml index 3aaf10ff554e..1ebe86f1fa6d 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -142,6 +142,12 @@ spec: jobName: description: The job name assigned to scraped metrics by default. type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml index 1c655ba0fec1..3359beebff0d 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2047,6 +2047,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -2168,8 +2187,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2202,16 +2221,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -2516,6 +2531,15 @@ spec: v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + enforcedKeepDroppedTargets: + description: "When defined, enforcedKeepDroppedTargets specifies a + global limit on the number of targets dropped by relabeling that + will be kept in memory. The value overrides any `spec.keepDroppedTargets` + set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` + is greater than zero and less than `spec.enforcedKeepDroppedTargets`. + \n It requires Prometheus >= v2.47.0." + format: int64 + type: integer enforcedLabelLimit: description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any @@ -3530,6 +3554,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3651,8 +3694,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3685,16 +3728,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3973,6 +4012,12 @@ spec: - name type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. @@ -5115,7 +5160,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -5179,14 +5225,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -5881,6 +5924,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -5888,19 +5976,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -5955,13 +6055,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml index d4371aab3f00..200d033eea1b 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2385,6 +2385,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -2506,8 +2525,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2540,16 +2559,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -2865,6 +2880,15 @@ spec: v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + enforcedKeepDroppedTargets: + description: "When defined, enforcedKeepDroppedTargets specifies a + global limit on the number of targets dropped by relabeling that + will be kept in memory. The value overrides any `spec.keepDroppedTargets` + set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` + is greater than zero and less than `spec.enforcedKeepDroppedTargets`. + \n It requires Prometheus >= v2.47.0." + format: int64 + type: integer enforcedLabelLimit: description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any @@ -3898,6 +3922,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -4019,8 +4062,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4053,16 +4096,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4341,6 +4380,12 @@ spec: - name type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. @@ -6028,7 +6073,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -6092,14 +6138,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -6798,6 +6841,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -6805,19 +6893,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -6872,13 +6972,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml index b2c7309e6726..703b05b1f2b9 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml index 8dce1d8b0199..7c7314d6aeca 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -526,6 +526,44 @@ spec: - server type: object type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: DNSSDConfig allows specifying a set of DNS domain names + which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + type: string + minItems: 1 + type: array + port: + description: The port number used if the query type is not SRV + Ignored for SRV records + type: integer + refreshInterval: + description: RefreshInterval configures the time after which + the provided names are refreshed. If not set, Prometheus uses + its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: The type of DNS query to perform. One of SRV, A, + AAAA or MX. If not set, Prometheus uses its default value. + enum: + - SRV + - A + - AAAA + - MX + type: string + required: + - names + type: object + type: array fileSDConfigs: description: FileSDConfigs defines a list of file service discovery configurations. @@ -778,6 +816,12 @@ spec: - url type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer kubernetesSDConfigs: description: KubernetesSDConfigs defines a list of Kubernetes service discovery configurations. @@ -812,6 +856,78 @@ spec: and newer. format: int64 type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: "RelabelConfig allows dynamic rewriting of the label + set for targets, alerts, scraped samples and remote write samples. + \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus + >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source label + values. \n Only applicable when the action is `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace action + is performed if the regular expression matches. \n Regex capture + groups are available." + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured Separator + and matched against the configured regular expression. + items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, `HashMod`, + `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. + \n Regex capture groups are available." + type: string + type: object + type: array metricsPath: description: MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics). diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml index fa1168d64bf0..e6728a5286b8 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -606,6 +606,12 @@ spec: the given Service, the `job` label of the metrics defaults to the name of the Kubernetes Service." type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml index 8ab282b27ec1..6bfa675cdd80 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1822,6 +1822,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -1943,8 +1962,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -1977,16 +1996,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3327,6 +3342,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3448,8 +3482,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3482,16 +3516,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4168,7 +4198,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4232,14 +4263,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4819,6 +4847,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -4826,19 +4899,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -4893,13 +4978,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index 80beee59728b..99cc16186356 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -2385,7 +2385,7 @@ prometheusOperator: thanosImage: registry: quay.io repository: thanos/thanos - tag: v0.32.1 + tag: v0.32.2 sha: "" ## Set a Label Selector to filter watched prometheus and prometheusAgent @@ -2894,7 +2894,7 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v2.46.0 + tag: v2.47.0 sha: "" ## Tolerations for use with node taints @@ -3825,7 +3825,7 @@ thanosRuler: image: registry: quay.io repository: thanos/thanos - tag: v0.32.1 + tag: v0.32.2 sha: "" ## Namespaces to be selected for PrometheusRules discovery. From 33bf16af5eab30423f57d9eab0589a2e33c91565 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 11 Sep 2023 11:45:46 +0300 Subject: [PATCH 05/12] [prometheus-operator-crds] bump crds to 0.68.0 (#3771) --- charts/prometheus-operator-crds/.gitignore | 4 + charts/prometheus-operator-crds/Chart.yaml | 30 +- charts/prometheus-operator-crds/README.md | 6 + .../charts/crds/Chart.yaml | 3 + .../templates/crd-alertmanagerconfigs.yaml | 391 +++++++++++++++++- .../crds}/templates/crd-alertmanagers.yaml | 186 ++++++--- .../crds}/templates/crd-podmonitors.yaml | 8 +- .../crds}/templates/crd-probes.yaml | 8 +- .../crds}/templates/crd-prometheusagents.yaml | 201 ++++++--- .../crds}/templates/crd-prometheuses.yaml | 201 ++++++--- .../crds}/templates/crd-prometheusrules.yaml | 2 +- .../crds}/templates/crd-scrapeconfigs.yaml | 118 +++++- .../crds}/templates/crd-servicemonitors.yaml | 8 +- .../crds}/templates/crd-thanosrulers.yaml | 186 ++++++--- .../hack/update_crds.sh | 21 +- charts/prometheus-operator-crds/values.yaml | 3 +- 16 files changed, 1127 insertions(+), 249 deletions(-) create mode 100644 charts/prometheus-operator-crds/.gitignore create mode 100644 charts/prometheus-operator-crds/charts/crds/Chart.yaml rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-alertmanagerconfigs.yaml (92%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-alertmanagers.yaml (97%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-podmonitors.yaml (98%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-probes.yaml (99%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-prometheusagents.yaml (97%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-prometheuses.yaml (98%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-prometheusrules.yaml (99%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-scrapeconfigs.yaml (90%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-servicemonitors.yaml (99%) rename charts/prometheus-operator-crds/{ => charts/crds}/templates/crd-thanosrulers.yaml (97%) diff --git a/charts/prometheus-operator-crds/.gitignore b/charts/prometheus-operator-crds/.gitignore new file mode 100644 index 000000000000..9c8382f35275 --- /dev/null +++ b/charts/prometheus-operator-crds/.gitignore @@ -0,0 +1,4 @@ +!charts/crds/ +!charts/crds/** +!charts/crds/templates/ +!charts/crds/templates/** \ No newline at end of file diff --git a/charts/prometheus-operator-crds/Chart.yaml b/charts/prometheus-operator-crds/Chart.yaml index 16b42d255815..e41833b1eb8c 100644 --- a/charts/prometheus-operator-crds/Chart.yaml +++ b/charts/prometheus-operator-crds/Chart.yaml @@ -1,27 +1,27 @@ apiVersion: v2 type: application -version: 5.1.0 +version: 6.0.0 name: prometheus-operator-crds icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png description: | A Helm chart that collects custom resource definitions (CRDs) from the Prometheus Operator, allowing for seamless integration with GitOps tools keywords: -- prometheus -- crds -appVersion: 0.67.0 + - prometheus + - crds +appVersion: v0.68.0 kubeVersion: ">=1.16.0-0" sources: -- https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-community/helm-charts maintainers: -- name: dacamposol - email: dacamposol@gmail.com -- name: desaintmartin - email: cedric@desaintmartin.fr -- name: QuentinBisson - email: quentin.bisson@gmail.com -- name: jkroepke - email: github@jkroepke.de + - name: dacamposol + email: dacamposol@gmail.com + - name: desaintmartin + email: cedric@desaintmartin.fr + - name: QuentinBisson + email: quentin.bisson@gmail.com + - name: jkroepke + email: github@jkroepke.de annotations: artifacthub.io/links: | - name: Chart Source @@ -33,3 +33,7 @@ annotations: email: cedric@desaintmartin.fr - name: QuentinBisson email: quentin.bisson@gmail.com + +dependencies: + - name: crds + version: "0.0.0" diff --git a/charts/prometheus-operator-crds/README.md b/charts/prometheus-operator-crds/README.md index 4bf1f35a9be7..b4dfcedd59e8 100644 --- a/charts/prometheus-operator-crds/README.md +++ b/charts/prometheus-operator-crds/README.md @@ -48,6 +48,12 @@ helm upgrade [RELEASE_NAME] [CHART] --install _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ +## Upgrading to v6.0.0 + +The upgraded chart now the following changes: + +- `annotations` value has moved to `crds.annotations` + ## Configuring See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: diff --git a/charts/prometheus-operator-crds/charts/crds/Chart.yaml b/charts/prometheus-operator-crds/charts/crds/Chart.yaml new file mode 100644 index 000000000000..adb9e4a5d36c --- /dev/null +++ b/charts/prometheus-operator-crds/charts/crds/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: crds +version: 0.0.0 diff --git a/charts/prometheus-operator-crds/templates/crd-alertmanagerconfigs.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml similarity index 92% rename from charts/prometheus-operator-crds/templates/crd-alertmanagerconfigs.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml index 2ddf5b534683..d5d37adc98c8 100644 --- a/charts/prometheus-operator-crds/templates/crd-alertmanagerconfigs.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -3183,9 +3183,11 @@ spec: If not specified, default API URL will be used. type: string botToken: - description: Telegram bot token The secret needs to be - in the same namespace as the AlertmanagerConfig object - and accessible by the Prometheus Operator. + description: "Telegram bot token. It is mutually exclusive + with `botTokenFile`. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. \n Either `botToken` or + `botTokenFile` is required." properties: key: description: The key of the secret to select from. Must @@ -3203,6 +3205,12 @@ spec: required: - key type: object + botTokenFile: + description: "File to read the Telegram bot token from. + It is mutually exclusive with `botToken`. Either `botToken` + or `botTokenFile` is required. \n It requires Alertmanager + >= v0.26.0." + type: string chatID: description: The Telegram chat ID. format: int64 @@ -3990,6 +3998,381 @@ spec: type: string type: object type: array + webexConfigs: + description: List of Webex configurations. + items: + description: WebexConfig configures notification via Cisco + Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config + properties: + apiURL: + description: The Webex Teams API URL i.e. https://webexapis.com/v1/messages + Provide if different from the default API URL. + pattern: ^https?://.+$ + type: string + httpConfig: + description: The HTTP client's configuration. You must + supply the bot token via the `httpConfig.authorization` + field. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + roomID: + description: ID of the Webex Teams room where to send + the messages. + minLength: 1 + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + required: + - roomID + type: object + type: array webhookConfigs: description: List of webhook configurations. items: diff --git a/charts/prometheus-operator-crds/templates/crd-alertmanagers.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml similarity index 97% rename from charts/prometheus-operator-crds/templates/crd-alertmanagers.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml index 6dfefeb3dfea..c6564aec1972 100644 --- a/charts/prometheus-operator-crds/templates/crd-alertmanagers.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2447,6 +2447,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -2568,8 +2587,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2602,16 +2621,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3790,6 +3805,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3911,8 +3945,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3945,16 +3979,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4472,7 +4502,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4536,14 +4567,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -5131,6 +5159,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -5138,19 +5211,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -5205,13 +5290,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/prometheus-operator-crds/templates/crd-podmonitors.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml similarity index 98% rename from charts/prometheus-operator-crds/templates/crd-podmonitors.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml index b4bd16a6f98e..e455a6c83d6b 100644 --- a/charts/prometheus-operator-crds/templates/crd-podmonitors.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -56,6 +56,12 @@ spec: jobLabel: description: The label to use to retrieve the job name from. type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. diff --git a/charts/prometheus-operator-crds/templates/crd-probes.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml similarity index 99% rename from charts/prometheus-operator-crds/templates/crd-probes.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml index a10b0c8d8e6c..823fa789dced 100644 --- a/charts/prometheus-operator-crds/templates/crd-probes.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -145,6 +145,12 @@ spec: jobName: description: The job name assigned to scraped metrics by default. type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. diff --git a/charts/prometheus-operator-crds/templates/crd-prometheusagents.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml similarity index 97% rename from charts/prometheus-operator-crds/templates/crd-prometheusagents.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml index 1098e2428788..aa398b2531cd 100644 --- a/charts/prometheus-operator-crds/templates/crd-prometheusagents.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2050,6 +2050,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -2171,8 +2190,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2205,16 +2224,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -2519,6 +2534,15 @@ spec: v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + enforcedKeepDroppedTargets: + description: "When defined, enforcedKeepDroppedTargets specifies a + global limit on the number of targets dropped by relabeling that + will be kept in memory. The value overrides any `spec.keepDroppedTargets` + set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` + is greater than zero and less than `spec.enforcedKeepDroppedTargets`. + \n It requires Prometheus >= v2.47.0." + format: int64 + type: integer enforcedLabelLimit: description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any @@ -3533,6 +3557,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3654,8 +3697,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3688,16 +3731,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3976,6 +4015,12 @@ spec: - name type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. @@ -5118,7 +5163,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -5182,14 +5228,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -5884,6 +5927,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -5891,19 +5979,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -5958,13 +6058,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/prometheus-operator-crds/templates/crd-prometheuses.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml similarity index 98% rename from charts/prometheus-operator-crds/templates/crd-prometheuses.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml index f1f140c8903e..a1e5bcc478e7 100644 --- a/charts/prometheus-operator-crds/templates/crd-prometheuses.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2388,6 +2388,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -2509,8 +2528,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -2543,16 +2562,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -2868,6 +2883,15 @@ spec: v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + enforcedKeepDroppedTargets: + description: "When defined, enforcedKeepDroppedTargets specifies a + global limit on the number of targets dropped by relabeling that + will be kept in memory. The value overrides any `spec.keepDroppedTargets` + set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` + is greater than zero and less than `spec.enforcedKeepDroppedTargets`. + \n It requires Prometheus >= v2.47.0." + format: int64 + type: integer enforcedLabelLimit: description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any @@ -3901,6 +3925,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -4022,8 +4065,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4056,16 +4099,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4344,6 +4383,12 @@ spec: - name type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. @@ -6031,7 +6076,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -6095,14 +6141,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -6801,6 +6844,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -6808,19 +6896,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -6875,13 +6975,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/prometheus-operator-crds/templates/crd-prometheusrules.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml similarity index 99% rename from charts/prometheus-operator-crds/templates/crd-prometheusrules.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml index 0fa43e3e89fa..aade5c5218ae 100644 --- a/charts/prometheus-operator-crds/templates/crd-prometheusrules.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/charts/prometheus-operator-crds/templates/crd-scrapeconfigs.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml similarity index 90% rename from charts/prometheus-operator-crds/templates/crd-scrapeconfigs.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml index 7620ecf4a81e..4898b5ecf4d6 100644 --- a/charts/prometheus-operator-crds/templates/crd-scrapeconfigs.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -529,6 +529,44 @@ spec: - server type: object type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: DNSSDConfig allows specifying a set of DNS domain names + which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + type: string + minItems: 1 + type: array + port: + description: The port number used if the query type is not SRV + Ignored for SRV records + type: integer + refreshInterval: + description: RefreshInterval configures the time after which + the provided names are refreshed. If not set, Prometheus uses + its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: The type of DNS query to perform. One of SRV, A, + AAAA or MX. If not set, Prometheus uses its default value. + enum: + - SRV + - A + - AAAA + - MX + type: string + required: + - names + type: object + type: array fileSDConfigs: description: FileSDConfigs defines a list of file service discovery configurations. @@ -781,6 +819,12 @@ spec: - url type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer kubernetesSDConfigs: description: KubernetesSDConfigs defines a list of Kubernetes service discovery configurations. @@ -815,6 +859,78 @@ spec: and newer. format: int64 type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: "RelabelConfig allows dynamic rewriting of the label + set for targets, alerts, scraped samples and remote write samples. + \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus + >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source label + values. \n Only applicable when the action is `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace action + is performed if the regular expression matches. \n Regex capture + groups are available." + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured Separator + and matched against the configured regular expression. + items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, `HashMod`, + `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. + \n Regex capture groups are available." + type: string + type: object + type: array metricsPath: description: MetricsPath HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. /metrics). diff --git a/charts/prometheus-operator-crds/templates/crd-servicemonitors.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml similarity index 99% rename from charts/prometheus-operator-crds/templates/crd-servicemonitors.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml index 26223f4391dc..c367faa3fc2f 100644 --- a/charts/prometheus-operator-crds/templates/crd-servicemonitors.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -609,6 +609,12 @@ spec: the given Service, the `job` label of the metrics defaults to the name of the Kubernetes Service." type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. diff --git a/charts/prometheus-operator-crds/templates/crd-thanosrulers.yaml b/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml similarity index 97% rename from charts/prometheus-operator-crds/templates/crd-thanosrulers.yaml rename to charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml index 0e8835ba0c96..093610de2621 100644 --- a/charts/prometheus-operator-crds/templates/crd-thanosrulers.yaml +++ b/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1825,6 +1825,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -1946,8 +1965,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -1980,16 +1999,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3330,6 +3345,25 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -3451,8 +3485,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3485,16 +3519,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4171,7 +4201,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4235,14 +4266,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4822,6 +4850,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -4829,19 +4902,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -4896,13 +4981,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object diff --git a/charts/prometheus-operator-crds/hack/update_crds.sh b/charts/prometheus-operator-crds/hack/update_crds.sh index 545fa46968f5..b70284f031bc 100755 --- a/charts/prometheus-operator-crds/hack/update_crds.sh +++ b/charts/prometheus-operator-crds/hack/update_crds.sh @@ -1,9 +1,11 @@ #!/bin/bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + if [[ $(uname -s) = "Darwin" ]]; then - VERSION="$(grep ^appVersion ../Chart.yaml | sed 's/appVersion: /v/g')" + VERSION="$(grep ^appVersion "${SCRIPT_DIR}/../Chart.yaml" | sed 's/appVersion: //g')" else - VERSION="$(grep ^appVersion ../Chart.yaml | sed 's/appVersion:\s/v/g')" + VERSION="$(grep ^appVersion "${SCRIPT_DIR}/../Chart.yaml" | sed 's/appVersion:\s//g')" fi FILES=( @@ -14,8 +16,8 @@ FILES=( "crd-prometheusagents.yaml : monitoring.coreos.com_prometheusagents.yaml" "crd-prometheuses.yaml : monitoring.coreos.com_prometheuses.yaml" "crd-prometheusrules.yaml : monitoring.coreos.com_prometheusrules.yaml" - "crd-servicemonitors.yaml : monitoring.coreos.com_servicemonitors.yaml" "crd-scrapeconfigs.yaml : monitoring.coreos.com_scrapeconfigs.yaml" + "crd-servicemonitors.yaml : monitoring.coreos.com_servicemonitors.yaml" "crd-thanosrulers.yaml : monitoring.coreos.com_thanosrulers.yaml" ) @@ -27,18 +29,17 @@ for line in "${FILES[@]}"; do echo -e "Downloading Prometheus Operator CRD with Version ${VERSION}:\n${URL}\n" - echo "# ${URL}" > ../templates/"${DESTINATION}" + echo "# ${URL}" > "${SCRIPT_DIR}/../charts/crds/templates/${DESTINATION}" - if ! curl --silent --retry-all-errors --fail --location "${URL}" >> ../templates/"${DESTINATION}"; then + if ! curl --silent --retry-all-errors --fail --location "${URL}" >> "${SCRIPT_DIR}/../charts/crds/templates/${DESTINATION}"; then echo -e "Failed to download ${URL}!" exit 1 fi + # Update or insert annotations block - if yq -e '.metadata.annotations' ../templates/"${DESTINATION}" >/dev/null; then - sed -i '/^ annotations:$/a {{- with .Values.annotations }}\n{{- toYaml . | nindent 4 }}\n{{- end }}' ../templates/"${DESTINATION}" + if yq -e '.metadata.annotations' "${SCRIPT_DIR}/../charts/crds/crds/" >/dev/null; then + sed -i '/^ annotations:$/a {{- with .Values.annotations }}\n{{- toYaml . | nindent 4 }}\n{{- end }}' "${SCRIPT_DIR}/../charts/crds/templates/${DESTINATION}" else - sed -i '/^metadata:$/a {{- with .Values.annotations }}\n annotations:\n{{- toYaml . | nindent 4 }}\n{{- end }}' ../templates/"${DESTINATION}" + sed -i '/^metadata:$/a {{- with .Values.annotations }}\n annotations:\n{{- toYaml . | nindent 4 }}\n{{- end }}' "${SCRIPT_DIR}/../charts/crds/templates/${DESTINATION}" fi done - -exit diff --git a/charts/prometheus-operator-crds/values.yaml b/charts/prometheus-operator-crds/values.yaml index c9d50a615ed9..7990c631929f 100644 --- a/charts/prometheus-operator-crds/values.yaml +++ b/charts/prometheus-operator-crds/values.yaml @@ -1,3 +1,4 @@ ## Annotations for CRDs ## -annotations: {} +crds: + annotations: {} From 113954794bd3e4dbe6b85d1efbed522c8fef6a30 Mon Sep 17 00:00:00 2001 From: Starlight Romero <28881133+starlightromero@users.noreply.github.com> Date: Mon, 11 Sep 2023 02:09:33 -0700 Subject: [PATCH 06/12] [prometheus] allow more flexible poddisruptionbudget config (#3772) * fix(prometheus): allow more flexible poddisruptionbudget config Signed-off-by: Starlight Romero * chore(prometheus): bump helm chart version Signed-off-by: Starlight Romero * Update charts/prometheus/values.yaml Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> Signed-off-by: Starlight Romero <28881133+starlightromero@users.noreply.github.com> * Update charts/prometheus/templates/pdb.yaml Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> Signed-off-by: Starlight Romero <28881133+starlightromero@users.noreply.github.com> * Update charts/prometheus/templates/pdb.yaml Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> Signed-off-by: Starlight Romero <28881133+starlightromero@users.noreply.github.com> --------- Signed-off-by: Starlight Romero Signed-off-by: Starlight Romero <28881133+starlightromero@users.noreply.github.com> Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> --- charts/prometheus/Chart.yaml | 2 +- charts/prometheus/templates/pdb.yaml | 3 ++- charts/prometheus/values.yaml | 4 ++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/prometheus/Chart.yaml b/charts/prometheus/Chart.yaml index c82f523aef2a..c89d586252d5 100644 --- a/charts/prometheus/Chart.yaml +++ b/charts/prometheus/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: prometheus appVersion: v2.46.0 -version: 24.3.0 +version: 24.3.1 kubeVersion: ">=1.19.0-0" description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/charts/prometheus/templates/pdb.yaml b/charts/prometheus/templates/pdb.yaml index 852f1bb8fe5e..7ffe67307116 100644 --- a/charts/prometheus/templates/pdb.yaml +++ b/charts/prometheus/templates/pdb.yaml @@ -1,4 +1,5 @@ {{- if .Values.server.podDisruptionBudget.enabled }} +{{- $pdbSpec := omit .Values.server.podDisruptionBudget "enabled" }} apiVersion: {{ template "prometheus.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: @@ -7,8 +8,8 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} spec: - maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }} selector: matchLabels: {{- include "prometheus.server.matchLabels" . | nindent 6 }} + {{- toYaml $pdbSpec | nindent 2 }} {{- end }} diff --git a/charts/prometheus/values.yaml b/charts/prometheus/values.yaml index 90dd3c7db2c8..45d3bcd32b9c 100644 --- a/charts/prometheus/values.yaml +++ b/charts/prometheus/values.yaml @@ -374,6 +374,10 @@ server: podDisruptionBudget: enabled: false maxUnavailable: 1 + # minAvailable: 1 + ## unhealthyPodEvictionPolicy is available since 1.27.0 (beta) + ## https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy + # unhealthyPodEvictionPolicy: IfHealthyBudget ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ From 3005e3c2ed8ef08bb1a371963676d9b312120267 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 11 Sep 2023 22:32:41 +0300 Subject: [PATCH 07/12] [prometheus] update prometheus to 2.47.0 + deps (#3774) Signed-off-by: drfaust92 --- charts/prometheus/Chart.lock | 8 ++++---- charts/prometheus/Chart.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/prometheus/Chart.lock b/charts/prometheus/Chart.lock index 830add590715..008277c29d69 100644 --- a/charts/prometheus/Chart.lock +++ b/charts/prometheus/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 1.6.0 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 5.11.0 + version: 5.13.0 - name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 4.22.0 + version: 4.23.0 - name: prometheus-pushgateway repository: https://prometheus-community.github.io/helm-charts version: 2.4.0 -digest: sha256:1aa107e6e124974678660600ac0260321e81887a64fb7c0fd85d34a0bbb95e7d -generated: "2023-08-26T22:57:53.836095+09:00" +digest: sha256:bf13f4af7d61779aab6785b88cf6c51e24e2d46d06c847749be90c08317f0948 +generated: "2023-09-11T12:41:14.328722+03:00" diff --git a/charts/prometheus/Chart.yaml b/charts/prometheus/Chart.yaml index c89d586252d5..d65d78c7f6ae 100644 --- a/charts/prometheus/Chart.yaml +++ b/charts/prometheus/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: prometheus -appVersion: v2.46.0 -version: 24.3.1 +appVersion: v2.47.0 +version: 24.4.0 kubeVersion: ">=1.19.0-0" description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ @@ -30,11 +30,11 @@ dependencies: repository: https://prometheus-community.github.io/helm-charts condition: alertmanager.enabled - name: kube-state-metrics - version: "5.11.*" + version: "5.13.*" repository: https://prometheus-community.github.io/helm-charts condition: kube-state-metrics.enabled - name: prometheus-node-exporter - version: "4.22.*" + version: "4.23.*" repository: https://prometheus-community.github.io/helm-charts condition: prometheus-node-exporter.enabled - name: prometheus-pushgateway From 9f13ae0b7c8bba3ad504b8483606ef5ec2812239 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 12 Sep 2023 08:28:42 +0300 Subject: [PATCH 08/12] bump to 0.7.0 (#3780) --- charts/prom-label-proxy/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/prom-label-proxy/Chart.yaml b/charts/prom-label-proxy/Chart.yaml index 6dbaa82546c9..95950d75896d 100644 --- a/charts/prom-label-proxy/Chart.yaml +++ b/charts/prom-label-proxy/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: prom-label-proxy description: A proxy that enforces a given label in a given PromQL query. type: application -version: 0.5.0 -appVersion: "v0.6.0" +version: 0.6.0 +appVersion: "v0.7.0" home: "https://github.com/prometheus-community/prom-label-proxy" keywords: - metric From 5e249df2b45733e85e37d201a449f752048e5d95 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 12 Sep 2023 12:28:01 +0300 Subject: [PATCH 09/12] bump kafka exporter to 1.7.0 (#3787) Signed-off-by: drfaust92 --- charts/prometheus-kafka-exporter/Chart.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/prometheus-kafka-exporter/Chart.yaml b/charts/prometheus-kafka-exporter/Chart.yaml index 8e9b6c4a91b1..6019f8c9f161 100644 --- a/charts/prometheus-kafka-exporter/Chart.yaml +++ b/charts/prometheus-kafka-exporter/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "v1.6.0" +appVersion: "v1.7.0" description: A Helm chart to export the metrics from Kafka in Prometheus format using the kafka-exporter from https://github.com/danielqsj/kafka_exporter name: prometheus-kafka-exporter home: https://github.com/danielqsj/kafka_exporter -version: 2.4.0 +version: 2.5.0 kubeVersion: ">=1.19.0-0" sources: - https://gkarthiks.github.io/helm-charts/charts/prometheus-kafka-exporter @@ -22,7 +22,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-kafka-exporter dependencies: -- name: kafka - version: "18.5.0" - repository: https://charts.bitnami.com/bitnami - condition: kafka.enabled + - name: kafka + version: "18.5.0" + repository: https://charts.bitnami.com/bitnami + condition: kafka.enabled From 5c8dd881b104399569750a1c47afb9b408213d57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Nicol?= Date: Tue, 12 Sep 2023 11:28:36 +0200 Subject: [PATCH 10/12] [kube-prometheus-stack] fix prometheus-operator cilium netpol when using TLS (#3788) Signed-off-by: Herve Nicol <12008875+hervenicol@users.noreply.github.com> Co-authored-by: Herve Nicol <12008875+hervenicol@users.noreply.github.com> --- charts/kube-prometheus-stack/Chart.yaml | 2 +- .../templates/prometheus-operator/ciliumnetworkpolicy.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index e8a159d825d6..d0810a6aa6e1 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -21,7 +21,7 @@ name: kube-prometheus-stack sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus -version: 51.0.0 +version: 51.0.1 appVersion: v0.68.0 kubeVersion: ">=1.19.0-0" home: https://github.com/prometheus-operator/kube-prometheus diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml index af0fa57f5487..b75dcfd9449c 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml @@ -32,8 +32,10 @@ spec: - port: "8080" {{- end }} protocol: "TCP" + {{- if not .Values.prometheusOperator.tls.enabled }} rules: http: - method: "GET" path: "/metrics" + {{- end }} {{- end }} From c51646a9433b4786c2b89d1ed04d892f67d491b2 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 12 Sep 2023 12:29:55 +0300 Subject: [PATCH 11/12] bump admission webhook to 0.68.0 (#3786) Signed-off-by: drfaust92 --- .../prometheus-operator-admission-webhook/Chart.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/prometheus-operator-admission-webhook/Chart.yaml b/charts/prometheus-operator-admission-webhook/Chart.yaml index 4f57cc9836ba..25da69160d0a 100644 --- a/charts/prometheus-operator-admission-webhook/Chart.yaml +++ b/charts/prometheus-operator-admission-webhook/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 description: Prometheus Operator Admission Webhook name: prometheus-operator-admission-webhook -version: 0.6.0 -appVersion: 0.67.0 +version: 0.7.0 +appVersion: 0.68.0 home: https://github.com/prometheus-operator/prometheus-operator icon: https://github.com/prometheus-operator/prometheus-operator/raw/main/Documentation/logos/prometheus-operator-logo.png keywords: @@ -21,7 +21,7 @@ type: application annotations: "artifacthub.io/license": Apache-2.0 "artifacthub.io/links": | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/prometheus-operator + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/prometheus-operator From 1c1f688d57805389d051777bef8f55176494e09e Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 12 Sep 2023 13:07:47 +0300 Subject: [PATCH 12/12] [prometheus-pushgateway] bump pushgateway to 1.6.1 (#3785) * bump pushgateway to 1.6.1 Signed-off-by: drfaust92 * Update charts/prometheus-pushgateway/Chart.yaml Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> Signed-off-by: Ilia Lazebnik --------- Signed-off-by: drfaust92 Signed-off-by: Ilia Lazebnik Co-authored-by: zeritti <47476160+zeritti@users.noreply.github.com> --- charts/prometheus-pushgateway/Chart.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/prometheus-pushgateway/Chart.yaml b/charts/prometheus-pushgateway/Chart.yaml index 5a49ca875b4f..80f9a5530742 100644 --- a/charts/prometheus-pushgateway/Chart.yaml +++ b/charts/prometheus-pushgateway/Chart.yaml @@ -1,22 +1,22 @@ apiVersion: v2 -appVersion: "v1.6.0" +appVersion: "v1.6.1" description: A Helm chart for prometheus pushgateway name: prometheus-pushgateway -version: 2.4.0 +version: 2.4.1 home: https://github.com/prometheus/pushgateway sources: -- https://github.com/prometheus/pushgateway + - https://github.com/prometheus/pushgateway type: application keywords: -- pushgateway -- prometheus + - pushgateway + - prometheus maintainers: -- email: gianrubio@gmail.com - name: gianrubio -- email: christian.staude@staffbase.com - name: cstaud -- email: rootsandtrees@posteo.de - name: zeritti + - email: gianrubio@gmail.com + name: gianrubio + - email: christian.staude@staffbase.com + name: cstaud + - email: rootsandtrees@posteo.de + name: zeritti annotations: "artifacthub.io/license": Apache-2.0 "artifacthub.io/links": |