Merge branch 'main' into feature/proxyVarsFromSecret

.github/workflows/lint-test.yaml

@@ -44,7 +44,7 @@ jobs:
 
       - name: Install Prometheus Operator CRDs
         id: prom
-        run: kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+        run: kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.69/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install)

helm/oauth2-proxy/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: redis
   repository: https://charts.bitnami.com/bitnami
-  version: 18.1.5
-digest: sha256:1b36e81e2d34a33ba7aa2229bfe6216ace85789aea70f9c2d72c59d58f3a2b4f
-generated: "2023-10-17T15:27:08.54732+02:00"
+  version: 18.3.2
+digest: sha256:c4d7208b098ca3c44f960f02fb0e505ac6493cf00c6539ee7bf0a603371d9959
+generated: "2023-11-13T12:24:54.470708+01:00"

helm/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 6.18.1
+version: 6.19.1
 apiVersion: v2
 appVersion: 7.5.1
 home: https://oauth2-proxy.github.io/oauth2-proxy/
@@ -14,7 +14,7 @@ keywords:
   - redis
 dependencies:
   - name: redis
-    version: ~18.1.5
+    version: ~18.3.2
     repository: https://charts.bitnami.com/bitnami
     alias: redis
     condition: redis.enabled

helm/oauth2-proxy/README.md

@@ -144,6 +144,8 @@ Parameter | Description | Default
 `ingress.hosts` | Ingress accepted hostnames | `nil`
 `ingress.tls` | Ingress TLS configuration | `nil`
 `initContainers.waitForRedis.enabled` | if `redis.enabled` is true, use an init container to wait for the redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list and watch the redis master pod | `true`
+`initContainers.waitForRedis.image.pullPolicy` | kubectl image pull policy | `IfNotPresent`
+`initContainers.waitForRedis.image.repository` | kubectl image repository | `docker.io/bitnami/kubectl`
 `initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "")`
 `initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container | `true`
 `initContainers.waitForRedis.timeout` | number of seconds | 180
@@ -199,12 +201,18 @@ Parameter | Description | Default
 `metrics.port` | Serve Prometheus metrics on this port | `44180`
 `metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil`
 `metrics.service.appProtocol` | application protocol of the metrics port in the service | `http`
-`metrics.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false`
-`metrics.servicemonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""`
-`metrics.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default`
-`metrics.servicemonitor.interval` | Prometheus scrape interval | `60s`
-`metrics.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s`
-`metrics.servicemonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}`
+`metrics.serviceMonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false`
+`metrics.serviceMonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""`
+`metrics.serviceMonitor.prometheusInstance` | Prometheus Instance definition | `default`
+`metrics.serviceMonitor.interval` | Prometheus scrape interval | `60s`
+`metrics.serviceMonitor.scrapeTimeout` | Prometheus scrape timeout | `30s`
+`metrics.serviceMonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}`
+`metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.| `""`
+`metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS.| `{}`
+`metrics.serviceMonitor.bearerTokenFile` | Path to bearer token file.| `""`
+`metrics.serviceMonitor.annotations` | Used to pass annotations that are used by the Prometheus installed in your cluster| `{}`
+`metrics.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion.| `[]`
+`metrics.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion.| `[]`
 `extraObjects` | Extra K8s manifests to deploy | `[]`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

helm/oauth2-proxy/ci/servicemonitor-values.yaml

@@ -2,3 +2,17 @@ metrics:
   enabled: true
   serviceMonitor:
     enabled: true
+    annotations:
+      key: value
+    metricRelabelings:
+    - action: keep
+      regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+      sourceLabels: [__name__]
+
+    relabelings:
+    - sourceLabels: [__meta_kubernetes_pod_node_name]
+      separator: ;
+      regex: ^(.*)$
+      targetLabel: nodename
+      replacement: $1
+      action: replace

helm/oauth2-proxy/templates/deployment.yaml

@@ -60,7 +60,8 @@ spec:
       {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
       initContainers:
       - name: wait-for-redis
-        image: "docker.io/bitnami/kubectl:{{ include "kubectl.version" . }}"
+        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ include "kubectl.version" . }}"
+        imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }}
         args:
           - wait
           - pod/{{ include "oauth2-proxy.redis.fullname" . }}-master-0

helm/oauth2-proxy/templates/servicemonitor.yaml

@@ -1,19 +1,23 @@
-{{- if and .Values.metrics.enabled .Values.metrics.servicemonitor.enabled }}
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
+  {{- with .Values.metrics.serviceMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ template "oauth2-proxy.fullname" . }}
-{{- if .Values.metrics.servicemonitor.namespace }}
-  namespace: {{ .Values.metrics.servicemonitor.namespace }}
+{{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
 {{- else }}
   namespace: {{ template "oauth2-proxy.namespace" $ }}
 {{- end }}
   labels:
-    prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }}
+    prometheus: {{ .Values.metrics.serviceMonitor.prometheusInstance }}
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
-{{- if .Values.metrics.servicemonitor.labels }}
-{{ toYaml .Values.metrics.servicemonitor.labels | indent 4}}
+{{- if .Values.metrics.serviceMonitor.labels }}
+{{ toYaml .Values.metrics.serviceMonitor.labels | indent 4}}
 {{- end }}
 spec:
   jobLabel: {{ template "oauth2-proxy.fullname" . }}
@@ -26,6 +30,28 @@ spec:
   endpoints:
   - port: metrics
     path: "/metrics"
-    interval: {{ .Values.metrics.servicemonitor.interval }}
-    scrapeTimeout: {{ .Values.metrics.servicemonitor.scrapeTimeout }}
+    {{- with .Values.metrics.serviceMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.scheme }}
+    scheme: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.bearerTokenFile }}
+    bearerTokenFile: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.tlsConfig }}
+    tlsConfig:
+      {{- toYaml .| nindent 4 }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
 {{- end }}

helm/oauth2-proxy/values.yaml

@@ -276,6 +276,9 @@ initContainers:
   # if service account is enabled
   waitForRedis:
     enabled: true
+    image:
+      repository: "docker.io/bitnami/kubectl"
+      pullPolicy: "IfNotPresent"
     # uses the kubernetes version of the cluster
     # the chart is deployed on, if not set
     kubectlVersion: ""
@@ -359,7 +362,7 @@ metrics:
   # Protocol set on the service for the metrics port
   service:
     appProtocol: http
-  servicemonitor:
+  serviceMonitor:
     # Enable Prometheus Operator ServiceMonitor
     enabled: false
     # Define the namespace where to deploy the ServiceMonitor resource
@@ -373,6 +376,37 @@ metrics:
     # Add custom labels to the ServiceMonitor resource
     labels: {}
 
+    ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+    scheme: ""
+
+    ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+    ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+    tlsConfig: {}
+
+    ## bearerTokenFile: Path to bearer token file.
+    bearerTokenFile: ""
+
+    ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    annotations: {}
+
+    ## Metric relabel configs to apply to samples before ingestion.
+    ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+    metricRelabelings: []
+    # - action: keep
+    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+    #   sourceLabels: [__name__]
+
+    ## Relabel configs to apply to samples before ingestion.
+    ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+    relabelings: []
+    # - sourceLabels: [__meta_kubernetes_pod_node_name]
+    #   separator: ;
+    #   regex: ^(.*)$
+    #   targetLabel: nodename
+    #   replacement: $1
+    #   action: replace
+
 # Extra K8s manifests to deploy
 extraObjects: []
   # - apiVersion: secrets-store.csi.x-k8s.io/v1