diff --git a/cluster/manifests/deletions.yaml b/cluster/manifests/deletions.yaml index 690a9e42cc..ee7a5d65ff 100644 --- a/cluster/manifests/deletions.yaml +++ b/cluster/manifests/deletions.yaml @@ -305,34 +305,10 @@ post_apply: namespace: kube-system {{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -- name: kubernetes-dashboard - namespace: kube-system - kind: Deployment -- name: kubernetes-dashboard - namespace: kube-system - kind: Service -- name: dashboard-metrics-scraper - namespace: kube-system - kind: Service -- name: dashboard-metrics-scraper - namespace: kube-system - kind: Deployment -- name: kubernetes-dashboard - namespace: kube-system +- name: readonly-dashboard kind: Role -- name: kubernetes-dashboard namespace: kube-system +- name: readonly-dashboard kind: RoleBinding -- name: kubernetes-dashboard - kind: ClusterRole -- name: kubernetes-dashboard-internal - kind: ClusterRoleBinding -- name: kubernetes-dashboard-readonly - kind: ClusterRoleBinding -- name: dashboard-metrics-scraper-vpa namespace: kube-system - kind: VerticalPodAutoscaler -- name: kubernetes-dashboard - namespace: kube-system - kind: ServiceAccount {{ end }} diff --git a/cluster/manifests/metrics-server/deployment.yaml b/cluster/manifests/metrics-server/deployment.yaml index 32ec62d962..cd8d98c944 100644 --- a/cluster/manifests/metrics-server/deployment.yaml +++ b/cluster/manifests/metrics-server/deployment.yaml @@ -28,7 +28,7 @@ spec: serviceAccountName: metrics-server containers: - name: metrics-server - image: container-registry.zalando.net/teapot/metrics-server:v0.7.0-master-16 + image: container-registry.zalando.net/teapot/metrics-server:v0.7.2-master-18 args: - --cert-dir=/tmp - --secure-port=4443 diff --git a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml index 0450d3e774..b230577454 100644 --- a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml +++ b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml @@ -60,7 +60,7 @@ spec: {{- end}} containers: - name: nvidia-gpu-device-plugin - image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.0-master-13 + image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.2-master-14 args: - --fail-on-init-error=false - --pass-device-specs diff --git a/cluster/manifests/prometheus/statefulset.yaml b/cluster/manifests/prometheus/statefulset.yaml index 41d67727d9..50927eb999 100644 --- a/cluster/manifests/prometheus/statefulset.yaml +++ b/cluster/manifests/prometheus/statefulset.yaml @@ -57,7 +57,7 @@ spec: mountPath: /prometheus containers: - name: prometheus - image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-56 + image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-57 args: - "--config.file=/prometheus/prometheus.yaml" - "--storage.tsdb.path=/prometheus/" diff --git a/cluster/manifests/roles/readonly-binding.yaml b/cluster/manifests/roles/readonly-binding.yaml index 708fcf8c93..4000a6b5ba 100644 --- a/cluster/manifests/roles/readonly-binding.yaml +++ b/cluster/manifests/roles/readonly-binding.yaml @@ -19,6 +19,7 @@ subjects: - kind: Group name: "okta:common/read-only" apiGroup: rbac.authorization.k8s.io +{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -42,6 +43,7 @@ subjects: - kind: Group name: "okta:common/read-only" apiGroup: rbac.authorization.k8s.io +{{ end }} --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/cluster/manifests/roles/readonly-dashboard.yaml b/cluster/manifests/roles/readonly-dashboard.yaml index ddd9fc2604..c85576295d 100644 --- a/cluster/manifests/roles/readonly-dashboard.yaml +++ b/cluster/manifests/roles/readonly-dashboard.yaml @@ -1,3 +1,4 @@ +{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -8,3 +9,4 @@ rules: resources: [ "services/proxy" ] verbs: [ "get" ] resourceNames: [ "kubernetes-dashboard" ] +{{ end }} diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml index 20fb36b0b6..497074766d 100644 --- a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml +++ b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml @@ -25,13 +25,27 @@ spec: containers: - name: skipper-canary-controller terminationMessagePolicy: FallbackToLogsOnError - image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-20 + image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-21 env: - name: _PLATFORM_OBSERVABILITY_ACCESS_TOKEN valueFrom: secretKeyRef: name: skipper-ingress key: lightstep-token + - name: _PLATFORM_OBSERVABILITY_COLLECTOR_SCHEME + value: "{{ .Cluster.ConfigItems.observability_collector_scheme }}" + - name: _PLATFORM_OBSERVABILITY_COLLECTOR_PORT + value: "{{ .Cluster.ConfigItems.observability_collector_port }}" + - name: _PLATFORM_OBSERVABILITY_COLLECTOR_ENDPOINT + value: "{{ .Cluster.ConfigItems.observability_collector_endpoint }}" + - name: _PLATFORM_OBSERVABILITY_METRICS_ENDPOINT + value: "{{ .Cluster.ConfigItems.observability_metrics_endpoint }}" + - name: _PLATFORM_OBSERVABILITY_METRICS_PORT + value: "{{ .Cluster.ConfigItems.observability_metrics_port }}" + - name: _PLATFORM_ACCOUNT + value: "{{ .Cluster.Alias }}" + - name: _PLATFORM_OBSERVABILITY_COMMON_ATTRIBUTE_CLOUD__ACCOUNT__ID + value: "{{ .Cluster.Alias }}" - name: LIGHTSTEP_DEBUG value: "true" args: