Skip to content

Commit

Permalink
[prometheus] Do not skip certificate verification in scrape configs (#…
Browse files Browse the repository at this point in the history
…5169)

Signed-off-by: zeritti <[email protected]>
Co-authored-by: MH <[email protected]>
  • Loading branch information
zeritti and zanhsieh authored Jan 17, 2025
1 parent 92809b2 commit 7c7bc2e
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
2 changes: 1 addition & 1 deletion charts/prometheus/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: prometheus
appVersion: v3.1.0
version: 26.1.0
version: 27.0.0
kubeVersion: ">=1.19.0-0"
description: Prometheus is a monitoring system and time series database.
home: https://prometheus.io/
Expand Down
5 changes: 5 additions & 0 deletions charts/prometheus/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,11 @@ helm upgrade [RELEASE_NAME] prometheus-community/prometheus --install

_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._

### To 27.0

Prometheus' configuration parameter `insecure_skip_verify` in scrape configs `serverFiles."prometheus.yml".scrape_configs` has been commented out keeping thus the default Prometheus' value.
If certificate verification must be skipped, please, uncomment the line before upgrading.

### To 26.0

This release changes default version of promethues to v3.0.0, See official [migration guide](https://prometheus.io/docs/prometheus/latest/migration/#prometheus-3-0-migration-guide
Expand Down
6 changes: 3 additions & 3 deletions charts/prometheus/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -835,7 +835,7 @@ serverFiles:
# so this should only be disabled in a controlled environment. You can
# disable certificate verification by uncommenting the line below.
#
insecure_skip_verify: true
# insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

# Keep only the default/kubernetes service endpoints for the https port. This
Expand Down Expand Up @@ -866,7 +866,7 @@ serverFiles:
# so this should only be disabled in a controlled environment. You can
# disable certificate verification by uncommenting the line below.
#
insecure_skip_verify: true
# insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

kubernetes_sd_configs:
Expand Down Expand Up @@ -903,7 +903,7 @@ serverFiles:
# so this should only be disabled in a controlled environment. You can
# disable certificate verification by uncommenting the line below.
#
insecure_skip_verify: true
# insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

kubernetes_sd_configs:
Expand Down

0 comments on commit 7c7bc2e

Please sign in to comment.