Skip to content

Commit

Permalink
fixup! fixup! fix: allow opting-into upstream probes
Browse files Browse the repository at this point in the history
  • Loading branch information
@rexagod
rexagod committed Sep 18, 2024
1 parent 590171f commit 24c2733
Show file tree
Hide file tree
Showing 8 changed files with 96 additions and 22 deletions.
20 changes: 18 additions & 2 deletions jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,16 +167,32 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
spec+: {
automountServiceAccountToken: true,
containers: std.map(function(c) c {
ports:: null,
securityContext+: {
runAsGroup: 65534,
},
args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
resources: ksm._config.resources,
} + if !ksm._config.enableProbes then {
ports:: null,
livenessProbe:: null,
readinessProbe:: null,
} else {}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
} else {
ports: defaults.kubeRbacProxyMain.ports + defaults.kubeRbacProxySelf.ports,
livenessProbe: {
httpGet: {
path: '/livez',
port: defaults.kubeRbacProxyMain.ports[0].name,
scheme: 'HTTPS',
},
},
readinessProbe: {
httpGet: {
path: '/readyz',
port: defaults.kubeRbacProxySelf.ports[0].name,
scheme: 'HTTPS',
},
},
}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
},
},
},
Expand Down
14 changes: 7 additions & 7 deletions jsonnetfile.lock.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
"subdir": "contrib/mixin"
}
},
"version": "6c1fe4a92a00854fc54828e257708f9e7f5b4f28",
"version": "2ed418c191bccc23d542b4081f96b694025fe031",
"sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
},
{
Expand Down Expand Up @@ -88,7 +88,7 @@
"subdir": "grafana-builder"
}
},
"version": "c0b39ad68a99c7791a19b14da92c7f886d8c55da",
"version": "a41bfeae97007b9ed047823e44974ce1a0817ca9",
"sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo="
},
{
Expand All @@ -98,7 +98,7 @@
"subdir": "mixin-utils"
}
},
"version": "c0b39ad68a99c7791a19b14da92c7f886d8c55da",
"version": "a41bfeae97007b9ed047823e44974ce1a0817ca9",
"sum": "LoYq5QxJmUXEtqkEG8CFUBLBhhzDDaNANHc7Gz36ZdM="
},
{
Expand Down Expand Up @@ -158,7 +158,7 @@
"subdir": "jsonnet/mixin"
}
},
"version": "1f36a6778f8e4b08799c43f3e2f9ba624feac416",
"version": "7fc97ea10dc1958e93bac0e066f5ec111c5ff193",
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
"name": "prometheus-operator-mixin"
},
Expand All @@ -169,8 +169,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "1f36a6778f8e4b08799c43f3e2f9ba624feac416",
"sum": "IYa+0bUT25fTKjjDyZw9gV8DAi1BgfmLE1ucouoxKCs="
"version": "7fc97ea10dc1958e93bac0e066f5ec111c5ff193",
"sum": "f2tfHUdjLBQOev2ernkHs0CLSUFap4zjH31swdTx+Bk="
},
{
"source": {
Expand Down Expand Up @@ -200,7 +200,7 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "e8fa1312a7a8934fd2928fab1bb8d7e5f2ea0a1a",
"version": "c328d5fc8820ec7fe45296cfd4de8036b58f4a3a",
"sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
"name": "prometheus"
},
Expand Down
10 changes: 9 additions & 1 deletion manifests/prometheusOperator-clusterRole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ rules:
resources:
- services
- services/finalizers
- endpoints
verbs:
- get
- create
Expand Down Expand Up @@ -98,6 +97,15 @@ rules:
- storageclasses
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
- delete
- apiGroups:
- authentication.k8s.io
resources:
Expand Down
2 changes: 2 additions & 0 deletions manifests/prometheusOperator-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ spec:
- args:
- --kubelet-service=kube-system/kubelet
- --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.76.2
- --kubelet-endpoints=true
- --kubelet-endpointslice=false
env:
- name: GOGC
value: "30"
Expand Down
18 changes: 15 additions & 3 deletions manifests/setup/0alertmanagerCustomResourceDefinition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7910,6 +7910,11 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
certFile:
description: |-
Path to the TLS certificate file in the Prometheus container for the server.
Mutually exclusive with `cert`.
type: string
cipherSuites:
description: |-
List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
Expand Down Expand Up @@ -7972,6 +7977,11 @@ spec:
For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType
type: string
clientCAFile:
description: |-
Path to the CA certificate file for client certificate authentication to the server.
Mutually exclusive with `client_ca`.
type: string
curvePreferences:
description: |-
Elliptic curves that will be used in an ECDHE handshake, in preference
Expand All @@ -7980,6 +7990,11 @@ spec:
items:
type: string
type: array
keyFile:
description: |-
Path to the TLS key file in the Prometheus container for the server.
Mutually exclusive with `keySecret`.
type: string
keySecret:
description: Secret containing the TLS key for the server.
properties:
Expand Down Expand Up @@ -8015,9 +8030,6 @@ spec:
cipher suite. If true then the server's preference, as expressed in
the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
Expand Down
18 changes: 15 additions & 3 deletions manifests/setup/0prometheusCustomResourceDefinition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11757,6 +11757,11 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
certFile:
description: |-
Path to the TLS certificate file in the Prometheus container for the server.
Mutually exclusive with `cert`.
type: string
cipherSuites:
description: |-
List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
Expand Down Expand Up @@ -11819,6 +11824,11 @@ spec:
For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType
type: string
clientCAFile:
description: |-
Path to the CA certificate file for client certificate authentication to the server.
Mutually exclusive with `client_ca`.
type: string
curvePreferences:
description: |-
Elliptic curves that will be used in an ECDHE handshake, in preference
Expand All @@ -11827,6 +11837,11 @@ spec:
items:
type: string
type: array
keyFile:
description: |-
Path to the TLS key file in the Prometheus container for the server.
Mutually exclusive with `keySecret`.
type: string
keySecret:
description: Secret containing the TLS key for the server.
properties:
Expand Down Expand Up @@ -11862,9 +11877,6 @@ spec:
cipher suite. If true then the server's preference, as expressed in
the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
Expand Down
18 changes: 15 additions & 3 deletions manifests/setup/0prometheusagentCustomResourceDefinition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9723,6 +9723,11 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
certFile:
description: |-
Path to the TLS certificate file in the Prometheus container for the server.
Mutually exclusive with `cert`.
type: string
cipherSuites:
description: |-
List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
Expand Down Expand Up @@ -9785,6 +9790,11 @@ spec:
For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType
type: string
clientCAFile:
description: |-
Path to the CA certificate file for client certificate authentication to the server.
Mutually exclusive with `client_ca`.
type: string
curvePreferences:
description: |-
Elliptic curves that will be used in an ECDHE handshake, in preference
Expand All @@ -9793,6 +9803,11 @@ spec:
items:
type: string
type: array
keyFile:
description: |-
Path to the TLS key file in the Prometheus container for the server.
Mutually exclusive with `keySecret`.
type: string
keySecret:
description: Secret containing the TLS key for the server.
properties:
Expand Down Expand Up @@ -9828,9 +9843,6 @@ spec:
cipher suite. If true then the server's preference, as expressed in
the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
Expand Down
18 changes: 15 additions & 3 deletions manifests/setup/0thanosrulerCustomResourceDefinition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7355,6 +7355,11 @@ spec:
type: object
x-kubernetes-map-type: atomic
type: object
certFile:
description: |-
Path to the TLS certificate file in the Prometheus container for the server.
Mutually exclusive with `cert`.
type: string
cipherSuites:
description: |-
List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
Expand Down Expand Up @@ -7417,6 +7422,11 @@ spec:
For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType
type: string
clientCAFile:
description: |-
Path to the CA certificate file for client certificate authentication to the server.
Mutually exclusive with `client_ca`.
type: string
curvePreferences:
description: |-
Elliptic curves that will be used in an ECDHE handshake, in preference
Expand All @@ -7425,6 +7435,11 @@ spec:
items:
type: string
type: array
keyFile:
description: |-
Path to the TLS key file in the Prometheus container for the server.
Mutually exclusive with `keySecret`.
type: string
keySecret:
description: Secret containing the TLS key for the server.
properties:
Expand Down Expand Up @@ -7460,9 +7475,6 @@ spec:
cipher suite. If true then the server's preference, as expressed in
the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
Expand Down

0 comments on commit 24c2733

Please sign in to comment.