From f406379022f7cb1d28673da7cffed5b4829f065c Mon Sep 17 00:00:00 2001 From: Tanmay Jain Date: Tue, 9 Jul 2024 16:41:14 +0530 Subject: [PATCH] Using fsgroup instead of init containers --- config/monitoring/alertmanager/service.yaml | 2 +- config/monitoring/alertmanager/statefulset.yaml | 6 ++---- config/monitoring/grafana/statefulset.yaml | 14 ++++---------- config/monitoring/prometheus/statefulset.yaml | 14 ++++---------- 4 files changed, 11 insertions(+), 25 deletions(-) diff --git a/config/monitoring/alertmanager/service.yaml b/config/monitoring/alertmanager/service.yaml index 07afe6644..32f98fdf2 100644 --- a/config/monitoring/alertmanager/service.yaml +++ b/config/monitoring/alertmanager/service.yaml @@ -7,7 +7,7 @@ metadata: app: aerospike-monitoring-stack-alertmanager chart: aerospike-monitoring-stack release: aerospike-monitoring-stack - app.kubernetes.io/component: alertmanager + app.kubernetes.io/component: aerospike-alertmanager spec: ports: - name: http diff --git a/config/monitoring/alertmanager/statefulset.yaml b/config/monitoring/alertmanager/statefulset.yaml index b9ef81d85..26a30951d 100644 --- a/config/monitoring/alertmanager/statefulset.yaml +++ b/config/monitoring/alertmanager/statefulset.yaml @@ -7,7 +7,7 @@ metadata: app: aerospike-monitoring-stack-alertmanager chart: aerospike-monitoring-stack release: aerospike-monitoring-stack - app.kubernetes.io/component: alertmanager + app.kubernetes.io/component: aerospike-alertmanager unique-app: aerospike-monitoring-stack-alertmanager spec: selector: {} @@ -15,7 +15,7 @@ spec: spec: containers: - name: alertmanager - image: prom/alertmanager:v0.24.0 + image: prom/alertmanager:latest args: - --config.file=/etc/alertmanager/alertmanager.yml - --storage.path=/alertmanager @@ -40,8 +40,6 @@ spec: name: alertmanagerdata securityContext: fsGroup: 26 - # supplementalGroups: - # - 65534 serviceAccountName: aerospike-monitoring-stack volumes: - name: alertmanagerdata diff --git a/config/monitoring/grafana/statefulset.yaml b/config/monitoring/grafana/statefulset.yaml index a721c4016..6059c3101 100644 --- a/config/monitoring/grafana/statefulset.yaml +++ b/config/monitoring/grafana/statefulset.yaml @@ -21,14 +21,6 @@ spec: spec: serviceAccountName: aerospike-monitoring-stack terminationGracePeriodSeconds: 120 - initContainers: - - name: "init-chmod-data" - image: debian:9 - imagePullPolicy: "IfNotPresent" - command: ["chmod", "777", "/var/lib/grafana"] - volumeMounts: - - name: grafanadata - mountPath: "/var/lib/grafana" containers: - name: grafana image: "grafana/grafana:latest" @@ -73,13 +65,15 @@ spec: timeoutSeconds: 10 successThreshold: 1 failureThreshold: 10 - resources: - {} env: - name: GF_SECURITY_ADMIN_USER value: "admin" - name: GF_SECURITY_ADMIN_PASSWORD value: "admin" + - name: GF_PATHS_DATA + value: /data/grafana/data + securityContext: + fsGroup: 472 volumes: - name: grafana-config configMap: diff --git a/config/monitoring/prometheus/statefulset.yaml b/config/monitoring/prometheus/statefulset.yaml index 8aeb7be54..18e486c24 100644 --- a/config/monitoring/prometheus/statefulset.yaml +++ b/config/monitoring/prometheus/statefulset.yaml @@ -23,21 +23,13 @@ spec: annotations: spec: serviceAccountName: aerospike-monitoring-stack - initContainers: - - name: "init-chown-data" - image: debian:9 - imagePullPolicy: "IfNotPresent" - command: ["chown", "-R", "65534:65534", "/data"] - volumeMounts: - - name: "prometheus-data" - mountPath: "/data" containers: - name: prometheus-server image: "prom/prometheus:latest" imagePullPolicy: "IfNotPresent" args: - --config.file=/etc/prometheus/prometheus.yml - - --storage.tsdb.path="/data" + - --storage.tsdb.path=/data - --web.listen-address=:9090 ports: - containerPort: 9090 @@ -65,10 +57,12 @@ spec: - name: config-volume mountPath: /etc/prometheus - name: "prometheus-data" - mountPath: "/data" + mountPath: /data - mountPath: /etc/prometheus/alert-rules.d name: alertmanagerrules terminationGracePeriodSeconds: 120 + securityContext: + fsGroup: 65534 volumes: - name: config-volume configMap: