Ksm upgrade to 2.12.0 (#887)

[comment]: # (Note that your PR title should follow the conventional
commit format: https://conventionalcommits.org/en/v1.0.0/#summary)
# PR Description
Upgrade ksm to 2.12.0
I have upgraded chart using backdoor deployment and found no issues ,
this is build link :
https://github-private.visualstudio.com/azure/_build/results?buildId=80951&view=logs&s=6884a131-87da-5381-61f3-d7acc3b91d76.

I have compared between old and new KSM chart versions of helm charts
for the charts we use(deployment,role,service,etc) and found no major
changes between the old and new. Mainly the changes are in the
parameterizing some properties based on some properties in values.yaml,
but we do not have those properties in our values-template.yaml in our
addon chart , so we are good there. Here are the comparison of K-S-M
[charts](prometheus-community/helm-charts@kube-state-metrics-5.10.1...kube-state-metrics-5.19.0#diff-964657bf9c31e2d1338046dc10aff7a7d28dc34813c6cd09d84228512e966132L25).

Screenshots of metrics flowing after upgrade:
<img width="1876" alt="ksmupgrade"
src="https://github.com/Azure/prometheus-collector/assets/31517098/7aed7ae8-4a7b-4453-86b2-062293b81344">

<img width="1901" alt="ksmupgrade1"
src="https://github.com/Azure/prometheus-collector/assets/31517098/19771142-1991-4b92-9131-83e957162be5">

This
[change](kubernetes/kube-state-metrics#2145) was
tested using following mechanism.

The annotations are flowing before and after the upgrade(below
screenshot). The metrics are flowing fine and upgrade was successful.

Change:
If the annotation or label has no configured allowed values
(--metric-annotations-allowlist, --metric-labels-allowlist) no
object_annotations or object_labels metrics should be created.

For our testing, no change was made in either flags
(--metric-annotations-allowlist, --metric-labels-allowlist) and upgraded
chart was deployed. The default labels and annotations stopped flowing
after the upgrade.

Before upgrade:
<img width="1738" alt="before"
src="https://github.com/Azure/prometheus-collector/assets/31517098/b4ec863f-3d40-4506-bdaa-ba46f1c64dad">


After upgrade:
<img width="1892" alt="after"
src="https://github.com/Azure/prometheus-collector/assets/31517098/95fe91a5-0f5b-4273-96cd-8d51a6d393ab">





[comment]: # (The below checklist is for PRs adding new features. If a
box is not checked, add a reason why it's not needed.)
# New Feature Checklist

- [ ] List telemetry added about the feature.
- [ ] Link to the one-pager about the feature.
- [ ] List any tasks necessary for release (3P docs, AKS RP chart
changes, etc.) after merging the PR.
- [ ] Attach results of scale and perf testing.

[comment]: # (The below checklist is for code changes. Not all boxes
necessarily need to be checked. Build, doc, and template changes do not
need to fill out the checklist.)
# Tests Checklist

- [ ] Have end-to-end Ginkgo tests been run on your cluster and passed?
To bootstrap your cluster to run the tests, follow [these
instructions](/otelcollector/test/README.md#bootstrap-a-dev-cluster-to-run-ginkgo-tests).
  - Labels used when running the tests on your cluster:
    - [ ] `operator`
    - [ ] `windows`
    - [ ] `arm64`
    - [ ] `arc-extension`
    - [ ] `fips`
- [ ] Have new tests been added? For features, have tests been added for
this feature? For fixes, is there a test that could have caught this
issue and could validate that the fix works?
  - [ ] Is a new scrape job needed?
- [ ] The scrape job was added to the folder
[test-cluster-yamls](/otelcollector/test/test-cluster-yamls/) in the
correct configmap or as a CR.
  - [ ] Was a new test label added?
- [ ] A string constant for the label was added to
[constants.go](/otelcollector/test/utils/constants.go).
- [ ] The label and description was added to the [test
README](/otelcollector/test/README.md).
- [ ] The label was added to this [PR
checklist](/.github/pull_request_template).
- [ ] The label was added as needed to
[testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).
  - [ ] Are additional API server permissions needed for the new tests?
- [ ] These permissions have been added to
[api-server-permissions.yaml](/otelcollector/test/testkube/api-server-permissions.yaml).
  - [ ] Was a new test suite (a new folder under `/tests`) added?
- [ ] The new test suite is included in
[testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).

.pipelines/azure-pipeline-build.yml

@@ -19,7 +19,7 @@ variables:
   MCR_REPOSITORY: '/azuremonitor/containerinsights/cidev/prometheus-collector/images'
   MCR_REPOSITORY_HELM: '/azuremonitor/containerinsights/cidev/prometheus-collector'
   MCR_REPOSITORY_HELM_DEPENDENCIES: '/azuremonitor/containerinsights/cidev'
-  KUBE_STATE_METRICS_IMAGE: 'mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.9.2'
+  KUBE_STATE_METRICS_IMAGE: 'mcr.microsoft.com/oss/kubernetes/kube-state-metrics:v2.12.0'
   NODE_EXPORTER_IMAGE: 'mcr.microsoft.com/oss/prometheus/node-exporter:v1.6.0'
   IS_PR: $[eq(variables['Build.Reason'], 'PullRequest')]
   IS_MAIN_BRANCH: $[eq(variables['Build.SourceBranchName'], 'main')]

.trivyignore

@@ -49,13 +49,3 @@ CVE-2023-45284
 CVE-2023-5678
 # MEDIUM - ruby
 CVE-2024-27281
-# MEDIUM - KSM
-CVE-2023-29406
-CVE-2023-29409
-CVE-2023-39318
-CVE-2023-39319
-CVE-2023-39326
-CVE-2023-45284
-# HIGH - KSM
-CVE-2023-45283
-CVE-2023-29403

otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/templates/ama-metrics-ksm-clusterrolebinding.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: ama-metrics
     app.kubernetes.io/name: ama-metrics-ksm
     app.kubernetes.io/part-of: ama-metrics-ksm
-    app.kubernetes.io/version: 2.9.2
+    app.kubernetes.io/version: 2.12.0
     helm.sh/chart: azure-monitor-metrics-addon-0.1.0
   name: ama-metrics-ksm
 roleRef:

otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/templates/ama-metrics-ksm-deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: ama-metrics
     app.kubernetes.io/name: ama-metrics-ksm
     app.kubernetes.io/part-of: ama-metrics-ksm
-    app.kubernetes.io/version: 2.9.2
+    app.kubernetes.io/version: 2.12.0
     helm.sh/chart: azure-monitor-metrics-addon-0.1.0
 spec:
   selector:
@@ -21,7 +21,7 @@ spec:
         app.kubernetes.io/component: ama-metrics
         app.kubernetes.io/name: ama-metrics-ksm
         app.kubernetes.io/part-of: ama-metrics-ksm
-        app.kubernetes.io/version: 2.9.2
+        app.kubernetes.io/version: 2.12.0
         helm.sh/chart: azure-monitor-metrics-addon-0.1.0
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"

otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/templates/ama-metrics-ksm-role.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: ama-metrics
     app.kubernetes.io/name: ama-metrics-ksm
     app.kubernetes.io/part-of: ama-metrics-ksm
-    app.kubernetes.io/version: 2.9.2
+    app.kubernetes.io/version: 2.12.0
     helm.sh/chart: azure-monitor-metrics-addon-0.1.0
   name: ama-metrics-ksm
 rules:

otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/templates/ama-metrics-ksm-service.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: ama-metrics
     app.kubernetes.io/name: ama-metrics-ksm
     app.kubernetes.io/part-of: ama-metrics-ksm
-    app.kubernetes.io/version: 2.9.2
+    app.kubernetes.io/version: 2.12.0
     helm.sh/chart: azure-monitor-metrics-addon-0.1.0
   annotations:
     prometheus.io/scrape: 'true'

otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/templates/ama-metrics-ksm-serviceaccount.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/component: ama-metrics
     app.kubernetes.io/name: ama-metrics-ksm
     app.kubernetes.io/part-of: ama-metrics-ksm
-    app.kubernetes.io/version: 2.9.2
+    app.kubernetes.io/version: 2.12.0
     helm.sh/chart: azure-monitor-metrics-addon-0.1.0
   name: ama-metrics-ksm
   namespace: kube-system

otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/values-template.yaml

@@ -4,8 +4,8 @@ AzureMonitorMetrics:
     #MetricLabelsAllowlist: "testlabel=[.*]"
     #MetricAnnotationsAllowList: ""
     ImageRepository: "/oss/kubernetes/kube-state-metrics"
-# Kube-state-metrics ImageTag - 2.9.2, corresponds to chart version - 5.10.1
-    ImageTag: "v2.9.2"
+# Kube-state-metrics ImageTag - 2.12.0, corresponds to chart version - 5.19.0
+    ImageTag: "v2.12.0"
     Collectors:
       - certificatesigningrequests
       - configmaps