diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 3a94966..d2216aa 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -44,7 +44,7 @@ jobs: - name: Install Prometheus Operator CRDs id: prom - run: kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml + run: kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.69/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) diff --git a/helm/oauth2-proxy/Chart.lock b/helm/oauth2-proxy/Chart.lock index ba7fc18..f30cb29 100644 --- a/helm/oauth2-proxy/Chart.lock +++ b/helm/oauth2-proxy/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis repository: https://charts.bitnami.com/bitnami - version: 18.1.5 -digest: sha256:1b36e81e2d34a33ba7aa2229bfe6216ace85789aea70f9c2d72c59d58f3a2b4f -generated: "2023-10-17T15:27:08.54732+02:00" + version: 18.3.2 +digest: sha256:c4d7208b098ca3c44f960f02fb0e505ac6493cf00c6539ee7bf0a603371d9959 +generated: "2023-11-13T12:24:54.470708+01:00" diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index cf283e4..841d8a7 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.18.1 +version: 6.19.1 apiVersion: v2 appVersion: 7.5.1 home: https://oauth2-proxy.github.io/oauth2-proxy/ @@ -14,7 +14,7 @@ keywords: - redis dependencies: - name: redis - version: ~18.1.5 + version: ~18.3.2 repository: https://charts.bitnami.com/bitnami alias: redis condition: redis.enabled diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md index e947f56..ff02c75 100644 --- a/helm/oauth2-proxy/README.md +++ b/helm/oauth2-proxy/README.md @@ -144,6 +144,8 @@ Parameter | Description | Default `ingress.hosts` | Ingress accepted hostnames | `nil` `ingress.tls` | Ingress TLS configuration | `nil` `initContainers.waitForRedis.enabled` | if `redis.enabled` is true, use an init container to wait for the redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list and watch the redis master pod | `true` +`initContainers.waitForRedis.image.pullPolicy` | kubectl image pull policy | `IfNotPresent` +`initContainers.waitForRedis.image.repository` | kubectl image repository | `docker.io/bitnami/kubectl` `initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "")` `initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container | `true` `initContainers.waitForRedis.timeout` | number of seconds | 180 @@ -199,12 +201,18 @@ Parameter | Description | Default `metrics.port` | Serve Prometheus metrics on this port | `44180` `metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil` `metrics.service.appProtocol` | application protocol of the metrics port in the service | `http` -`metrics.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false` -`metrics.servicemonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""` -`metrics.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default` -`metrics.servicemonitor.interval` | Prometheus scrape interval | `60s` -`metrics.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` -`metrics.servicemonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}` +`metrics.serviceMonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false` +`metrics.serviceMonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""` +`metrics.serviceMonitor.prometheusInstance` | Prometheus Instance definition | `default` +`metrics.serviceMonitor.interval` | Prometheus scrape interval | `60s` +`metrics.serviceMonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` +`metrics.serviceMonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}` +`metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.| `""` +`metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS.| `{}` +`metrics.serviceMonitor.bearerTokenFile` | Path to bearer token file.| `""` +`metrics.serviceMonitor.annotations` | Used to pass annotations that are used by the Prometheus installed in your cluster| `{}` +`metrics.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion.| `[]` +`metrics.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion.| `[]` `extraObjects` | Extra K8s manifests to deploy | `[]` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/helm/oauth2-proxy/ci/servicemonitor-values.yaml b/helm/oauth2-proxy/ci/servicemonitor-values.yaml index 9d31c28..0c232bf 100644 --- a/helm/oauth2-proxy/ci/servicemonitor-values.yaml +++ b/helm/oauth2-proxy/ci/servicemonitor-values.yaml @@ -2,3 +2,17 @@ metrics: enabled: true serviceMonitor: enabled: true + annotations: + key: value + metricRelabelings: + - action: keep + regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + sourceLabels: [__name__] + + relabelings: + - sourceLabels: [__meta_kubernetes_pod_node_name] + separator: ; + regex: ^(.*)$ + targetLabel: nodename + replacement: $1 + action: replace diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml index 1958b16..990e53a 100644 --- a/helm/oauth2-proxy/templates/deployment.yaml +++ b/helm/oauth2-proxy/templates/deployment.yaml @@ -60,7 +60,8 @@ spec: {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} initContainers: - name: wait-for-redis - image: "docker.io/bitnami/kubectl:{{ include "kubectl.version" . }}" + image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ include "kubectl.version" . }}" + imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }} args: - wait - pod/{{ include "oauth2-proxy.redis.fullname" . }}-master-0 diff --git a/helm/oauth2-proxy/templates/servicemonitor.yaml b/helm/oauth2-proxy/templates/servicemonitor.yaml index 1a2dbce..bfb3084 100644 --- a/helm/oauth2-proxy/templates/servicemonitor.yaml +++ b/helm/oauth2-proxy/templates/servicemonitor.yaml @@ -1,19 +1,23 @@ -{{- if and .Values.metrics.enabled .Values.metrics.servicemonitor.enabled }} +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + {{- with .Values.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ template "oauth2-proxy.fullname" . }} -{{- if .Values.metrics.servicemonitor.namespace }} - namespace: {{ .Values.metrics.servicemonitor.namespace }} +{{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} {{- else }} namespace: {{ template "oauth2-proxy.namespace" $ }} {{- end }} labels: - prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }} + prometheus: {{ .Values.metrics.serviceMonitor.prometheusInstance }} app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} -{{- if .Values.metrics.servicemonitor.labels }} -{{ toYaml .Values.metrics.servicemonitor.labels | indent 4}} +{{- if .Values.metrics.serviceMonitor.labels }} +{{ toYaml .Values.metrics.serviceMonitor.labels | indent 4}} {{- end }} spec: jobLabel: {{ template "oauth2-proxy.fullname" . }} @@ -26,6 +30,28 @@ spec: endpoints: - port: metrics path: "/metrics" - interval: {{ .Values.metrics.servicemonitor.interval }} - scrapeTimeout: {{ .Values.metrics.servicemonitor.scrapeTimeout }} + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml index f7d6c45..4365e24 100644 --- a/helm/oauth2-proxy/values.yaml +++ b/helm/oauth2-proxy/values.yaml @@ -276,6 +276,9 @@ initContainers: # if service account is enabled waitForRedis: enabled: true + image: + repository: "docker.io/bitnami/kubectl" + pullPolicy: "IfNotPresent" # uses the kubernetes version of the cluster # the chart is deployed on, if not set kubectlVersion: "" @@ -359,7 +362,7 @@ metrics: # Protocol set on the service for the metrics port service: appProtocol: http - servicemonitor: + serviceMonitor: # Enable Prometheus Operator ServiceMonitor enabled: false # Define the namespace where to deploy the ServiceMonitor resource @@ -373,6 +376,37 @@ metrics: # Add custom labels to the ServiceMonitor resource labels: {} + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + ## bearerTokenFile: Path to bearer token file. + bearerTokenFile: "" + + ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + annotations: {} + + ## Metric relabel configs to apply to samples before ingestion. + ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## Relabel configs to apply to samples before ingestion. + ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + # Extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1