Skip to content

Commit

Permalink
Merge branch 'feat/51.0.3' into fix/remove-duplicate-datasource
Browse files Browse the repository at this point in the history
  • Loading branch information
eumel8 authored Sep 21, 2023
2 parents 37c2252 + 6719dec commit 9b4692a
Show file tree
Hide file tree
Showing 9 changed files with 398 additions and 21 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
charts/kube-prometheus-stack
demomon.yaml
6 changes: 3 additions & 3 deletions Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ annotations:
# catalog.cattle.io/certified: rancher
name: caas-project-monitoring
description: A Helm chart for Rancher Project Monitoring V3
version: 1.0.23-fix-duplicates
appVersion: "40.1.2"
version: 1.1.0
appVersion: "51.0.3"
icon: https://raw.githubusercontent.com/caas-team/caas-project-monitoring/main/logo.png
keywords:
- monitoring
dependencies:
- name: kube-prometheus-stack
version: "40.1.2"
version: "51.0.3"
repository: "https://prometheus-community.github.io/helm-charts"
sources:
- https://github.com/caas-team/caas-project-monitoring
Expand Down
Binary file removed charts/kube-prometheus-stack-40.1.2.tgz
Binary file not shown.
Binary file added charts/kube-prometheus-stack-51.0.3.tgz
Binary file not shown.
37 changes: 37 additions & 0 deletions patches/alertmanager-patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
spec:
containers:
- name: alertmanager
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
- name: config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
initContainers:
- name: init-config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
securityContext:
fsGroup: 1000
supplementalGroups:
- 1000
23 changes: 23 additions & 0 deletions patches/grafana-patch.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# kubectl patch deployment project-monitoring-grafana --patch-file patches/grafana-patch.json --type=json
- op: replace
path: "/spec/template/spec/containers/0/securityContext"
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 472
runAsGroup: 472
- op: replace
path: "/spec/template/spec/initContainers/0/securityContext"
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 472
runAsGroup: 472
39 changes: 39 additions & 0 deletions patches/prometheus-patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# https://prometheus-operator.dev/docs/operator/strategic-merge-patch/
# kubectl patch prometheus project-monitoring-prometheus --patch-file patches/prometheus-patch.yaml --type=merge
spec:
containers:
- name: config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
- name: prometheus
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
initContainers:
- name: init-config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
securityContext:
fsGroup: 1000
supplementalGroups:
- 1000
94 changes: 94 additions & 0 deletions templates/patch-job.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: project-monitoring-patch-job
labels:
{{- include "caas-project-monitoring.labels" . | nindent 4 }}
data:
{{ (.Files.Glob "patches/*").AsConfig | indent 2 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "caas-project-monitoring.labels" . | nindent 4 }}
name: project-monitoring-patch-job
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{- include "caas-project-monitoring.labels" . | nindent 4 }}
name: project-monitoring-patch-job
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- patch
- update
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "caas-project-monitoring.labels" . | nindent 4 }}
name: project-monitoring-patch-job
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: project-monitoring-patch-job
subjects:
- kind: ServiceAccount
name: project-monitoring-patch-job
---
apiVersion: batch/v1
kind: Job
metadata:
annotations:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "caas-project-monitoring.labels" . | nindent 4 }}
name: project-monitoring-patch-job
namespace: {{ include "caas-project-monitoring.namespace" . }}
spec:
backoffLimit: 1
completions: 1
parallelism: 1
template:
spec:
containers:
#- args: ["-c","kubectl patch prometheus project-monitoring-prometheus --patch-file patches/prometheus-patch.yaml --type=merge && kubectl patch alertmanager project-monitoring-alertmanager --patch-file patches/alertmanager-patch.yaml --type=merge && kubectl patch deployment project-monitoring-grafana --patch-file patches/grafana-patch.json --type=json && exit 0"]
- args: ["-c","kubectl patch prometheus project-monitoring-prometheus --patch-file patches/prometheus-patch.yaml --type=merge && kubectl patch alertmanager project-monitoring-alertmanager --patch-file patches/alertmanager-patch.yaml --type=merge && exit 0"]
command: ["sh"]
image: "{{ .Values.caas.patchjob.image.repository }}:{{ .Values.caas.patchjob.image.tag }}"
imagePullPolicy: {{ .Values.caas.patchjob.pullPolicy | default "Always" }}
name: kubectl
resources:
{{- toYaml .Values.caas.patchjob.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.caas.patchjob.securityContext | nindent 10 }}
volumeMounts:
- mountPath: /patches
name: project-monitoring-patch-job
restartPolicy: Never
securityContext:
{{- toYaml .Values.caas.patchjob.podSecurityContext | nindent 8 }}
serviceAccount: project-monitoring-patch-job
volumes:
- configMap:
defaultMode: 0755
name: project-monitoring-patch-job
name: project-monitoring-patch-job
Loading

0 comments on commit 9b4692a

Please sign in to comment.