From 5a35fc61dc8a1f2b05913e387576358da728d614 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 14:19:31 -0700 Subject: [PATCH] chore(deps): update prometheus-stack (prometheus 3.0.1, operator 0.79.2) (#949) Note: This PR was initially generated by Renovate but due to changes needed in the operator/other places to support the latest Prometheus version this PR description has been scrubbed of the original contents. ## Description This PR contains a number of application updates to the prometheus stack: - Prometheus: `2.54.1` -> `3.0.1` - Prometheus Operator: `0.77.1` -> `0.79.2` - Prometheus Config Reloader: `0.77.1` -> `0.79.2` - Kube State Metrics: `2.13.0` -> `2.14.0` Two helm chart updates are also included for the prometheus stack: - Kube-Prometheus-Stack: `65.3.1` -> `67.3.1` - Prometheus-Operator-CRDs: `15.0.0` -> `17.0.2` In addition to provide a seamless upgrade experience with the new version of Prometheus 3.0 (specifically the change in behavior around [scrape protocol](https://prometheus.io/docs/prometheus/3.0/migration/#scrape-protocols)), the following changes were made: - Addition of support for setting `fallbackScrapeProtocol` in the `monitor` section of the `Package` CR spec - New mutation added to PodMonitor and ServiceMonitor code to set the `fallbackScrapeProtocol` to `PrometheusText004` by default (this matches the pre-3.x behavior in Prometheus) - "One-time" `onDeploy.after` task to annotate all existing pod and service monitors: This forces all monitors to go through the mutation cycle again and have the `fallbackScrapeProtocol` added immediately, without operator intervention. Note that other options were considered (i.e. doing this via Pepr) but this was seen as the easiest and most lightweight solution. - In order to support the above changes in the operator code the types for Prometheus CRDs were regenerated Also note that since this update includes a major version of Prometheus there are additional notes in the [upstream migration guide](https://prometheus.io/docs/prometheus/3.0/migration/). In testing with UDS Core and several apps on top of core no immediate issues were identified with this upgrade. ## Related Issue N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate The issue with metrics and scrape protocol can be seen with GitLab. To validate the proper behavior across upgrades I ran through the below steps: ```console # Using Colima the below VM was a good size to handle the GitLab workloads colima start --cpu 12 --memory 20 -t vz --disk 100 # Deploy part of core FROM `main` uds run test-single-layer --set LAYER=monitoring --set FLAVOR=unicorn # Deploy gitlab test bundle uds deploy ghcr.io/defenseunicorns/packages/uds/bundles/gitlab-test:17.6.2-uds.0 --confirm # Check metrics status using the e2e test (this is with main so all should pass, just here as a sanity check) uds run -f src/prometheus-stack/tasks.yaml e2e-test # Deploy core base, then monitoring FROM `renovate/prometheus-stack` branch uds run test:single-layer --set LAYER=base --set FLAVOR=unicorn uds run test:single-layer --set LAYER=monitoring --set FLAVOR=unicorn # Note that the tests may fail here due to timing, Prometheus takes upwards of 1 min to read in the new config, re-run them after a short wait uds run -f src/prometheus-stack/tasks.yaml e2e-test # Expected behavior here is that all metrics continue to work, simply by deploying latest core, despite upstream issues with GitLab's content type on some metrics # Check metrics status (manual version of the e2e test) if desired kubectl port-forward svc/kube-prometheus-stack-prometheus 9090:9090 -n monitoring # Navigate to http://localhost:9090/targets?pool= and validate all show as up/no targets ``` To more generally validate core: ```console # Test a complete install uds run test-uds-core --set FLAVOR=unicorn # Run the e2e tests for Prom uds run -f src/prometheus-stack/tasks.yaml e2e-test # Test a complete upgrade (e2e tests will run as part of this) uds run test-uds-core-upgrade --set FLAVOR=unicorn ``` ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Micah Nagel --- .codespellrc | 2 +- .../custom resources/packages-v1alpha1-cr.md | 2 +- package.json | 2 +- pepr.ts | 19 -- .../controllers/monitoring/pod-monitor.ts | 4 + .../controllers/monitoring/service-monitor.ts | 4 + .../crd/generated/package-v1alpha1.ts | 17 ++ .../crd/generated/prometheus/podmonitor-v1.ts | 252 +++++++----------- .../generated/prometheus/servicemonitor-v1.ts | 242 +++++++---------- .../operator/crd/sources/package/v1alpha1.ts | 13 + src/pepr/prometheus/index.ts | 25 ++ src/prometheus-stack/common/zarf.yaml | 7 +- src/prometheus-stack/tasks.yaml | 33 ++- .../values/registry1-values.yaml | 8 +- .../values/unicorn-values.yaml | 8 +- .../values/upstream-values.yaml | 8 +- src/prometheus-stack/zarf.yaml | 26 +- 17 files changed, 319 insertions(+), 353 deletions(-) diff --git a/.codespellrc b/.codespellrc index 6ea1ce354..85e343e0e 100644 --- a/.codespellrc +++ b/.codespellrc @@ -1,6 +1,6 @@ # Lint Codespell configurations [codespell] -skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md,.playwright,.terraform,*.svg +skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md,.playwright,.terraform,*.svg,**/pepr/operator/crd/generated/*.ts ignore-words-list = NotIn,AKS,LICENS,aks,afterAll enable-colors = check-hidden = diff --git a/docs/reference/configuration/custom resources/packages-v1alpha1-cr.md b/docs/reference/configuration/custom resources/packages-v1alpha1-cr.md index 653ea5594..f01c2655e 100644 --- a/docs/reference/configuration/custom resources/packages-v1alpha1-cr.md +++ b/docs/reference/configuration/custom resources/packages-v1alpha1-cr.md @@ -52,7 +52,7 @@ tableOfContents: - authorizationAuthorizationAuthorization settings.descriptionstringA description of this monitor entry, this will become part of the ServiceMonitor namekindstring (enum):The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the default.pathstringHTTP path from which to scrape for metrics, defaults to `/metrics`podSelectorLabels to match pods in the namespace to apply the policy to. Leave empty to apply to all pods in the namespaceportNamestringThe port name for the serviceMonitorselectorLabels to match pods in the namespace to apply the policy to. Leave empty to apply to all pods in the namespacetargetPortnumberThe service targetPort. This is required so the NetworkPolicy can be generated correctly. + authorizationAuthorizationAuthorization settings.descriptionstringA description of this monitor entry, this will become part of the ServiceMonitor namefallbackScrapeProtocolstring (enum):The protocol for Prometheus to use if a scrape returns a blank, unparsable, or otherwise invalid Content-Typekindstring (enum):The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the default.pathstringHTTP path from which to scrape for metrics, defaults to `/metrics`podSelectorLabels to match pods in the namespace to apply the policy to. Leave empty to apply to all pods in the namespaceportNamestringThe port name for the serviceMonitorselectorLabels to match pods in the namespace to apply the policy to. Leave empty to apply to all pods in the namespacetargetPortnumberThe service targetPort. This is required so the NetworkPolicy can be generated correctly. diff --git a/package.json b/package.json index 7592057a3..c00663b55 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "uds-core", - "version": "0.5.0", + "version": "0.6.0", "description": "A collection of capabilities for UDS Core", "keywords": [ "pepr", diff --git a/pepr.ts b/pepr.ts index 18493e612..67d9ca7f7 100644 --- a/pepr.ts +++ b/pepr.ts @@ -7,12 +7,10 @@ import { PeprModule } from "pepr"; import cfg from "./package.json"; -import { DataStore } from "pepr/dist/lib/storage"; import { istio } from "./src/pepr/istio"; import { Component, setupLogger } from "./src/pepr/logger"; import { operator } from "./src/pepr/operator"; import { setupAuthserviceSecret } from "./src/pepr/operator/controllers/keycloak/authservice/config"; -import { Policy } from "./src/pepr/operator/crd"; import { registerCRDs } from "./src/pepr/operator/crd/register"; import { patches } from "./src/pepr/patches"; import { policies, startExemptionWatch } from "./src/pepr/policies"; @@ -42,23 +40,6 @@ const log = setupLogger(Component.STARTUP); // Patches for specific components patches, ]); - // Remove legacy policy entries from the pepr store for the 0.5.0 upgrade - if ( - process.env.PEPR_MODE === "dev" || - (process.env.PEPR_WATCH_MODE === "true" && cfg.version === "0.5.0") - ) { - log.debug("Clearing legacy pepr store exemption entries..."); - policies.Store.onReady((data: DataStore) => { - const policiesList = Object.values(Policy); - for (const p of Object.keys(data)) { - // if p matches a Policy key, remove it - if (policiesList.includes(p as Policy)) { - log.debug(`Removing legacy storage of ${p} policy exemptions...`); - policies.Store.removeItem(p); - } - } - }); - } })().catch(err => { log.error(err, "Critical error during startup. Exiting..."); process.exit(1); diff --git a/src/pepr/operator/controllers/monitoring/pod-monitor.ts b/src/pepr/operator/controllers/monitoring/pod-monitor.ts index 50e5ab756..62818668b 100644 --- a/src/pepr/operator/controllers/monitoring/pod-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/pod-monitor.ts @@ -8,6 +8,7 @@ import { K8s } from "pepr"; import { Component, setupLogger } from "../../../logger"; import { Monitor, PrometheusPodMonitor, UDSPackage } from "../../crd"; import { Kind } from "../../crd/generated/package-v1alpha1"; +import { FallbackScrapeProtocol } from "../../crd/generated/prometheus/podmonitor-v1"; import { getOwnerRef, purgeOrphans } from "../utils"; import { generateMonitorName } from "./common"; @@ -86,6 +87,9 @@ export function generatePodMonitor( selector: { matchLabels: podSelector ?? selector, }, + // Fallback to the Prometheus 2.x default if not defined + fallbackScrapeProtocol: + monitor.fallbackScrapeProtocol || FallbackScrapeProtocol.PrometheusText004, }, }; diff --git a/src/pepr/operator/controllers/monitoring/service-monitor.ts b/src/pepr/operator/controllers/monitoring/service-monitor.ts index e582faefc..47eb3d0fc 100644 --- a/src/pepr/operator/controllers/monitoring/service-monitor.ts +++ b/src/pepr/operator/controllers/monitoring/service-monitor.ts @@ -9,6 +9,7 @@ import { V1OwnerReference } from "@kubernetes/client-node"; import { Component, setupLogger } from "../../../logger"; import { Monitor, PrometheusServiceMonitor, UDSPackage } from "../../crd"; import { Kind } from "../../crd/generated/package-v1alpha1"; +import { FallbackScrapeProtocol } from "../../crd/generated/prometheus/servicemonitor-v1"; import { getOwnerRef, purgeOrphans } from "../utils"; import { generateMonitorName } from "./common"; @@ -89,6 +90,9 @@ export function generateServiceMonitor( selector: { matchLabels: selector, }, + // Fallback to the Prometheus 2.x default if not defined + fallbackScrapeProtocol: + monitor.fallbackScrapeProtocol || FallbackScrapeProtocol.PrometheusText004, }, }; diff --git a/src/pepr/operator/crd/generated/package-v1alpha1.ts b/src/pepr/operator/crd/generated/package-v1alpha1.ts index 1bed25c65..1a03f52a6 100644 --- a/src/pepr/operator/crd/generated/package-v1alpha1.ts +++ b/src/pepr/operator/crd/generated/package-v1alpha1.ts @@ -34,6 +34,11 @@ export interface Monitor { * A description of this monitor entry, this will become part of the ServiceMonitor name */ description?: string; + /** + * The protocol for Prometheus to use if a scrape returns a blank, unparsable, or otherwise + * invalid Content-Type + */ + fallbackScrapeProtocol?: FallbackScrapeProtocol; /** * The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the * default. @@ -99,6 +104,18 @@ export interface Credentials { optional?: boolean; } +/** + * The protocol for Prometheus to use if a scrape returns a blank, unparsable, or otherwise + * invalid Content-Type + */ +export enum FallbackScrapeProtocol { + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", + PrometheusText100 = "PrometheusText1.0.0", +} + /** * The type of monitor to create; PodMonitor or ServiceMonitor. ServiceMonitor is the * default. diff --git a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts index 654172626..dad597efa 100644 --- a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts @@ -4,9 +4,7 @@ */ // This file is auto-generated by kubernetes-fluent-client, do not edit manually - import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; - /** * The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and * `PrometheusAgent` can scrape metrics from a group of pods. @@ -16,11 +14,29 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; * * Authentication credentials to use. * * Target and metric relabeling. * - * * `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and * namespace selectors. */ export class PodMonitor extends GenericKind { + /** + * APIVersion defines the versioned schema of this representation of an object. + * Servers should convert recognized schemas to the latest internal value, and + * may reject unrecognized values. + * More info: + * https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + */ + declare apiVersion?: string; + /** + * Kind is a string value representing the REST resource this object represents. + * Servers may infer this from the endpoint the client submits requests to. + * Cannot be updated. + * In CamelCase. + * More info: + * https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + */ + declare kind?: string; + // eslint-disable-next-line @typescript-eslint/no-explicit-any + declare metadata?: { [key: string]: any }; /** * Specification of desired Pod selection for target discovery by Prometheus. */ @@ -35,7 +51,6 @@ export interface Spec { * `attachMetadata` defines additional metadata which is added to the * discovered targets. * - * * It requires Prometheus >= v2.35.0. */ attachMetadata?: AttachMetadata; @@ -43,21 +58,25 @@ export interface Spec { * When defined, bodySizeLimit specifies a job level limit on the size * of uncompressed response body that will be accepted by Prometheus. * - * * It requires Prometheus >= v2.28.0. */ bodySizeLimit?: string; + /** + * The protocol to use if a scrape returns blank, unparseable, or otherwise invalid + * Content-Type. + * + * It requires Prometheus >= v3.0.0. + */ + fallbackScrapeProtocol?: FallbackScrapeProtocol; /** * The label to use to retrieve the job name from. * `jobLabel` selects the label from the associated Kubernetes `Pod` * object which will be used as the `job` label for all metrics. * - * * For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` * label to all ingested metrics. * - * * If the value of this field is empty, the `job` label of the metrics * defaults to the namespace and name of the PodMonitor object (e.g. `/`). */ @@ -66,28 +85,24 @@ export interface Spec { * Per-scrape limit on the number of targets dropped by relabeling * that will be kept in memory. 0 means no limit. * - * * It requires Prometheus >= v2.47.0. */ keepDroppedTargets?: number; /** * Per-scrape limit on number of labels that will be accepted for a sample. * - * * It requires Prometheus >= v2.27.0. */ labelLimit?: number; /** * Per-scrape limit on length of labels name that will be accepted for a sample. * - * * It requires Prometheus >= v2.27.0. */ labelNameLengthLimit?: number; /** * Per-scrape limit on length of labels value that will be accepted for a sample. * - * * It requires Prometheus >= v2.27.0. */ labelValueLengthLimit?: number; @@ -97,6 +112,18 @@ export interface Spec { * it is possible to select pods across different/all namespaces. */ namespaceSelector?: NamespaceSelector; + /** + * If there are more than this many buckets in a native histogram, + * buckets will be merged to stay within the limit. + * It requires Prometheus >= v2.45.0. + */ + nativeHistogramBucketLimit?: number; + /** + * If the growth factor of one bucket to the next is smaller than this, + * buckets will be merged to increase the factor sufficiently. + * It requires Prometheus >= v2.50.0. + */ + nativeHistogramMinBucketFactor?: number | string; /** * Defines how to scrape metrics from the selected pods. */ @@ -115,23 +142,36 @@ export interface Spec { * The scrape class to apply. */ scrapeClass?: string; + /** + * Whether to scrape a classic histogram that is also exposed as a native histogram. + * It requires Prometheus >= v2.45.0. + */ + scrapeClassicHistograms?: boolean; /** * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients * the - * protocols supported by Prometheus in order of preference (from most to least - * preferred). - * + * protocols supported by Prometheus in order of preference (from most to least preferred). * * If unset, Prometheus uses its default value. * - * * It requires Prometheus >= v2.49.0. */ - scrapeProtocols?: ScrapeProtocol[]; + scrapeProtocols?: FallbackScrapeProtocol[]; /** * Label selector to select the Kubernetes `Pod` objects to scrape metrics from. */ selector: Selector; + /** + * Mechanism used to select the endpoints to scrape. + * By default, the selection process relies on relabel configurations to filter the + * discovered targets. + * Alternatively, you can opt in for role selectors, which may offer better efficiency in + * large clusters. + * Which strategy is best for your use case needs to be carefully evaluated. + * + * It requires Prometheus >= v2.17.0. + */ + selectorMechanism?: SelectorMechanism; /** * `targetLimit` defines a limit on the number of scraped targets that will * be accepted. @@ -143,7 +183,6 @@ export interface Spec { * `attachMetadata` defines additional metadata which is added to the * discovered targets. * - * * It requires Prometheus >= v2.35.0. */ export interface AttachMetadata { @@ -151,13 +190,34 @@ export interface AttachMetadata { * When set to true, Prometheus attaches node metadata to the discovered * targets. * - * * The Prometheus service account must have the `list` and `watch` * permissions on the `Nodes` objects. */ node?: boolean; } +/** + * The protocol to use if a scrape returns blank, unparseable, or otherwise invalid + * Content-Type. + * + * It requires Prometheus >= v3.0.0. + * + * ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + * Supported values are: + * * `OpenMetricsText0.0.1` + * * `OpenMetricsText1.0.0` + * * `PrometheusProto` + * * `PrometheusText0.0.4` + * * `PrometheusText1.0.0` + */ +export enum FallbackScrapeProtocol { + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", + PrometheusText100 = "PrometheusText1.0.0", +} + /** * `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. * By default, the pods are discovered in the same namespace as the `PodMonitor` object but @@ -184,7 +244,6 @@ export interface PodMetricsEndpoint { * `authorization` configures the Authorization header credentials to use when * scraping the target. * - * * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ authorization?: Authorization; @@ -192,7 +251,6 @@ export interface PodMetricsEndpoint { * `basicAuth` configures the Basic Authentication credentials to use when * scraping the target. * - * * Cannot be set at the same time as `authorization`, or `oauth2`. */ basicAuth?: BasicAuth; @@ -201,7 +259,6 @@ export interface PodMetricsEndpoint { * token for scraping targets. The secret needs to be in the same namespace * as the PodMonitor object and readable by the Prometheus Operator. * - * * Deprecated: use `authorization` instead. */ bearerTokenSecret?: BearerTokenSecret; @@ -213,10 +270,8 @@ export interface PodMetricsEndpoint { * When true, the pods which are not running (e.g. either in Failed or * Succeeded state) are dropped during the target discovery. * - * * If unset, the filtering is enabled. * - * * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase */ filterRunning?: boolean; @@ -238,7 +293,6 @@ export interface PodMetricsEndpoint { /** * Interval at which Prometheus scrapes the metrics from the target. * - * * If empty, Prometheus uses the global scrape interval. */ interval?: string; @@ -250,10 +304,8 @@ export interface PodMetricsEndpoint { /** * `oauth2` configures the OAuth2 settings to use when scraping the target. * - * * It requires Prometheus >= 2.27.0. * - * * Cannot be set at the same time as `authorization`, or `basicAuth`. */ oauth2?: Oauth2; @@ -264,17 +316,19 @@ export interface PodMetricsEndpoint { /** * HTTP path from which to scrape for metrics. * - * * If empty, Prometheus uses the default value (e.g. `/metrics`). */ path?: string; /** - * Name of the Pod port which this endpoint refers to. - * + * The `Pod` port name which exposes the endpoint. * - * It takes precedence over `targetPort`. + * It takes precedence over the `portNumber` and `targetPort` fields. */ port?: string; + /** + * The `Pod` port number which exposes the endpoint. + */ + portNumber?: number; /** * `proxyURL` configures the HTTP Proxy URL (e.g. * "http://proxyserver:2195") to go through when scraping the target. @@ -284,13 +338,10 @@ export interface PodMetricsEndpoint { * `relabelings` configures the relabeling rules to apply the target's * metadata labels. * - * * The Operator automatically adds relabelings for a few standard Kubernetes fields. * - * * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. * - * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ @@ -298,18 +349,15 @@ export interface PodMetricsEndpoint { /** * HTTP scheme to use for scraping. * - * * `http` and `https` are the expected values unless you rewrite the * `__scheme__` label via relabeling. * - * * If empty, Prometheus uses the default value `http`. */ scheme?: Scheme; /** * Timeout after which Prometheus considers the scrape to be failed. * - * * If empty, Prometheus uses the global scrape timeout unless it is less * than the target's scrape interval value in which the latter is used. */ @@ -318,8 +366,7 @@ export interface PodMetricsEndpoint { * Name or number of the target port of the `Pod` object behind the Service, the * port must be specified with container port property. * - * - * Deprecated: use 'port' instead. + * Deprecated: use 'port' or 'portNumber' instead. */ targetPort?: number | string; /** @@ -331,7 +378,6 @@ export interface PodMetricsEndpoint { * the metrics that have an explicit timestamp present in scraped data. * Has no effect if `honorTimestamps` is false. * - * * It requires Prometheus >= v2.48.0. */ trackTimestampsStaleness?: boolean; @@ -341,7 +387,6 @@ export interface PodMetricsEndpoint { * `authorization` configures the Authorization header credentials to use when * scraping the target. * - * * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ export interface Authorization { @@ -353,10 +398,8 @@ export interface Authorization { /** * Defines the authentication type. The value is case-insensitive. * - * * "Basic" is not a supported value. * - * * Default: "Bearer" */ type?: string; @@ -376,10 +419,7 @@ export interface Credentials { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -392,7 +432,6 @@ export interface Credentials { * `basicAuth` configures the Basic Authentication credentials to use when * scraping the target. * - * * Cannot be set at the same time as `authorization`, or `oauth2`. */ export interface BasicAuth { @@ -422,10 +461,7 @@ export interface Password { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -448,10 +484,7 @@ export interface Username { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -465,7 +498,6 @@ export interface Username { * token for scraping targets. The secret needs to be in the same namespace * as the PodMonitor object and readable by the Prometheus Operator. * - * * Deprecated: use `authorization` instead. */ export interface BearerTokenSecret { @@ -478,10 +510,7 @@ export interface BearerTokenSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -494,7 +523,6 @@ export interface BearerTokenSecret { * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, * scraped samples and remote write samples. * - * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ @@ -502,18 +530,15 @@ export interface MetricRelabeling { /** * Action to perform based on the regex matching. * - * * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. * - * * Default: "Replace" */ action?: Action; /** * Modulus to take of the hash of the source label values. * - * * Only applicable when the action is `HashMod`. */ modulus?: number; @@ -525,7 +550,6 @@ export interface MetricRelabeling { * Replacement value against which a Replace action is performed if the * regular expression matches. * - * * Regex capture groups are available. */ replacement?: string; @@ -542,11 +566,9 @@ export interface MetricRelabeling { /** * Label to which the resulting string is written in a replacement. * - * * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, * `KeepEqual` and `DropEqual` actions. * - * * Regex capture groups are available. */ targetLabel?: string; @@ -555,11 +577,9 @@ export interface MetricRelabeling { /** * Action to perform based on the regex matching. * - * * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. * - * * Default: "Replace" */ export enum Action { @@ -590,10 +610,8 @@ export enum Action { /** * `oauth2` configures the OAuth2 settings to use when scraping the target. * - * * It requires Prometheus >= 2.27.0. * - * * Cannot be set at the same time as `authorization`, or `basicAuth`. */ export interface Oauth2 { @@ -617,32 +635,25 @@ export interface Oauth2 { * that should be excluded from proxying. IP and domain names can * contain port numbers. * - * - * It requires Prometheus >= v2.43.0. + * It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. */ noProxy?: string; /** * ProxyConnectHeader optionally specifies headers to send to * proxies during CONNECT requests. * - * - * It requires Prometheus >= v2.43.0. + * It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. */ proxyConnectHeader?: { [key: string]: ProxyConnectHeader[] }; /** * Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, * HTTPS_PROXY, and NO_PROXY). - * If unset, Prometheus uses its default value. * - * - * It requires Prometheus >= v2.43.0. + * It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. */ proxyFromEnvironment?: boolean; /** * `proxyURL` defines the HTTP proxy server to use. - * - * - * It requires Prometheus >= v2.43.0. */ proxyUrl?: string; /** @@ -688,10 +699,7 @@ export interface ClientIDConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -713,10 +721,7 @@ export interface ClientIDSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -739,10 +744,7 @@ export interface ClientSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -764,10 +766,7 @@ export interface ProxyConnectHeader { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -800,14 +799,12 @@ export interface Oauth2TLSConfig { /** * Maximum acceptable TLS version. * - * * It requires Prometheus >= v2.41.0. */ maxVersion?: Version; /** * Minimum acceptable TLS version. * - * * It requires Prometheus >= v2.35.0. */ minVersion?: Version; @@ -844,10 +841,7 @@ export interface PurpleConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -869,10 +863,7 @@ export interface PurpleSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -908,10 +899,7 @@ export interface FluffyConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -933,10 +921,7 @@ export interface FluffySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -958,10 +943,7 @@ export interface PurpleKeySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -973,12 +955,10 @@ export interface PurpleKeySecret { /** * Maximum acceptable TLS version. * - * * It requires Prometheus >= v2.41.0. * * Minimum acceptable TLS version. * - * * It requires Prometheus >= v2.35.0. */ export enum Version { @@ -992,7 +972,6 @@ export enum Version { * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, * scraped samples and remote write samples. * - * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ @@ -1000,18 +979,15 @@ export interface Relabeling { /** * Action to perform based on the regex matching. * - * * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. * - * * Default: "Replace" */ action?: Action; /** * Modulus to take of the hash of the source label values. * - * * Only applicable when the action is `HashMod`. */ modulus?: number; @@ -1023,7 +999,6 @@ export interface Relabeling { * Replacement value against which a Replace action is performed if the * regular expression matches. * - * * Regex capture groups are available. */ replacement?: string; @@ -1040,11 +1015,9 @@ export interface Relabeling { /** * Label to which the resulting string is written in a replacement. * - * * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, * `KeepEqual` and `DropEqual` actions. * - * * Regex capture groups are available. */ targetLabel?: string; @@ -1053,11 +1026,9 @@ export interface Relabeling { /** * HTTP scheme to use for scraping. * - * * `http` and `https` are the expected values unless you rewrite the * `__scheme__` label via relabeling. * - * * If empty, Prometheus uses the default value `http`. */ export enum Scheme { @@ -1088,14 +1059,12 @@ export interface PodMetricsEndpointTLSConfig { /** * Maximum acceptable TLS version. * - * * It requires Prometheus >= v2.41.0. */ maxVersion?: Version; /** * Minimum acceptable TLS version. * - * * It requires Prometheus >= v2.35.0. */ minVersion?: Version; @@ -1132,10 +1101,7 @@ export interface TentacledConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1157,10 +1123,7 @@ export interface TentacledSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1196,10 +1159,7 @@ export interface StickyConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1221,10 +1181,7 @@ export interface StickySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1246,10 +1203,7 @@ export interface FluffyKeySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1258,21 +1212,6 @@ export interface FluffyKeySecret { optional?: boolean; } -/** - * ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. - * Supported values are: - * * `OpenMetricsText0.0.1` - * * `OpenMetricsText1.0.0` - * * `PrometheusProto` - * * `PrometheusText0.0.4` - */ -export enum ScrapeProtocol { - OpenMetricsText001 = "OpenMetricsText0.0.1", - OpenMetricsText100 = "OpenMetricsText1.0.0", - PrometheusProto = "PrometheusProto", - PrometheusText004 = "PrometheusText0.0.4", -} - /** * Label selector to select the Kubernetes `Pod` objects to scrape metrics from. */ @@ -1313,6 +1252,21 @@ export interface MatchExpression { values?: string[]; } +/** + * Mechanism used to select the endpoints to scrape. + * By default, the selection process relies on relabel configurations to filter the + * discovered targets. + * Alternatively, you can opt in for role selectors, which may offer better efficiency in + * large clusters. + * Which strategy is best for your use case needs to be carefully evaluated. + * + * It requires Prometheus >= v2.17.0. + */ +export enum SelectorMechanism { + RelabelConfig = "RelabelConfig", + RoleSelector = "RoleSelector", +} + RegisterKind(PodMonitor, { group: "monitoring.coreos.com", version: "v1", diff --git a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts index 3acf678e8..912e39810 100644 --- a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts @@ -4,9 +4,7 @@ */ // This file is auto-generated by kubernetes-fluent-client, do not edit manually - import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; - /** * The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and * `PrometheusAgent` can scrape metrics from a group of services. @@ -16,11 +14,29 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; * * Authentication credentials to use. * * Target and metric relabeling. * - * * `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label * and namespace selectors. */ export class ServiceMonitor extends GenericKind { + /** + * APIVersion defines the versioned schema of this representation of an object. + * Servers should convert recognized schemas to the latest internal value, and + * may reject unrecognized values. + * More info: + * https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + */ + declare apiVersion?: string; + /** + * Kind is a string value representing the REST resource this object represents. + * Servers may infer this from the endpoint the client submits requests to. + * Cannot be updated. + * In CamelCase. + * More info: + * https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + */ + declare kind?: string; + // eslint-disable-next-line @typescript-eslint/no-explicit-any + declare metadata?: { [key: string]: any }; /** * Specification of desired Service selection for target discovery by * Prometheus. @@ -37,7 +53,6 @@ export interface Spec { * `attachMetadata` defines additional metadata which is added to the * discovered targets. * - * * It requires Prometheus >= v2.37.0. */ attachMetadata?: AttachMetadata; @@ -45,7 +60,6 @@ export interface Spec { * When defined, bodySizeLimit specifies a job level limit on the size * of uncompressed response body that will be accepted by Prometheus. * - * * It requires Prometheus >= v2.28.0. */ bodySizeLimit?: string; @@ -59,16 +73,21 @@ export interface Spec { * the same name and labels. */ endpoints: Endpoint[]; + /** + * The protocol to use if a scrape returns blank, unparseable, or otherwise invalid + * Content-Type. + * + * It requires Prometheus >= v3.0.0. + */ + fallbackScrapeProtocol?: FallbackScrapeProtocol; /** * `jobLabel` selects the label from the associated Kubernetes `Service` * object which will be used as the `job` label for all metrics. * - * * For example if `jobLabel` is set to `foo` and the Kubernetes `Service` * object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` * label to all ingested metrics. * - * * If the value of this field is empty or if the label doesn't exist for * the given Service, the `job` label of the metrics defaults to the name * of the associated Kubernetes `Service`. @@ -78,28 +97,24 @@ export interface Spec { * Per-scrape limit on the number of targets dropped by relabeling * that will be kept in memory. 0 means no limit. * - * * It requires Prometheus >= v2.47.0. */ keepDroppedTargets?: number; /** * Per-scrape limit on number of labels that will be accepted for a sample. * - * * It requires Prometheus >= v2.27.0. */ labelLimit?: number; /** * Per-scrape limit on length of labels name that will be accepted for a sample. * - * * It requires Prometheus >= v2.27.0. */ labelNameLengthLimit?: number; /** * Per-scrape limit on length of labels value that will be accepted for a sample. * - * * It requires Prometheus >= v2.27.0. */ labelValueLengthLimit?: number; @@ -110,6 +125,18 @@ export interface Spec { * object but it is possible to select pods across different/all namespaces. */ namespaceSelector?: NamespaceSelector; + /** + * If there are more than this many buckets in a native histogram, + * buckets will be merged to stay within the limit. + * It requires Prometheus >= v2.45.0. + */ + nativeHistogramBucketLimit?: number; + /** + * If the growth factor of one bucket to the next is smaller than this, + * buckets will be merged to increase the factor sufficiently. + * It requires Prometheus >= v2.50.0. + */ + nativeHistogramMinBucketFactor?: number | string; /** * `podTargetLabels` defines the labels which are transferred from the * associated Kubernetes `Pod` object onto the ingested metrics. @@ -124,23 +151,36 @@ export interface Spec { * The scrape class to apply. */ scrapeClass?: string; + /** + * Whether to scrape a classic histogram that is also exposed as a native histogram. + * It requires Prometheus >= v2.45.0. + */ + scrapeClassicHistograms?: boolean; /** * `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients * the - * protocols supported by Prometheus in order of preference (from most to least - * preferred). - * + * protocols supported by Prometheus in order of preference (from most to least preferred). * * If unset, Prometheus uses its default value. * - * * It requires Prometheus >= v2.49.0. */ - scrapeProtocols?: ScrapeProtocol[]; + scrapeProtocols?: FallbackScrapeProtocol[]; /** * Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. */ selector: Selector; + /** + * Mechanism used to select the endpoints to scrape. + * By default, the selection process relies on relabel configurations to filter the + * discovered targets. + * Alternatively, you can opt in for role selectors, which may offer better efficiency in + * large clusters. + * Which strategy is best for your use case needs to be carefully evaluated. + * + * It requires Prometheus >= v2.17.0. + */ + selectorMechanism?: SelectorMechanism; /** * `targetLabels` defines the labels which are transferred from the * associated Kubernetes `Service` object onto the ingested metrics. @@ -157,7 +197,6 @@ export interface Spec { * `attachMetadata` defines additional metadata which is added to the * discovered targets. * - * * It requires Prometheus >= v2.37.0. */ export interface AttachMetadata { @@ -165,7 +204,6 @@ export interface AttachMetadata { * When set to true, Prometheus attaches node metadata to the discovered * targets. * - * * The Prometheus service account must have the `list` and `watch` * permissions on the `Nodes` objects. */ @@ -181,7 +219,6 @@ export interface Endpoint { * `authorization` configures the Authorization header credentials to use when * scraping the target. * - * * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ authorization?: Authorization; @@ -189,14 +226,12 @@ export interface Endpoint { * `basicAuth` configures the Basic Authentication credentials to use when * scraping the target. * - * * Cannot be set at the same time as `authorization`, or `oauth2`. */ basicAuth?: BasicAuth; /** * File to read bearer token for scraping the target. * - * * Deprecated: use `authorization` instead. */ bearerTokenFile?: string; @@ -205,7 +240,6 @@ export interface Endpoint { * token for scraping targets. The secret needs to be in the same namespace * as the ServiceMonitor object and readable by the Prometheus Operator. * - * * Deprecated: use `authorization` instead. */ bearerTokenSecret?: BearerTokenSecret; @@ -217,10 +251,8 @@ export interface Endpoint { * When true, the pods which are not running (e.g. either in Failed or * Succeeded state) are dropped during the target discovery. * - * * If unset, the filtering is enabled. * - * * More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase */ filterRunning?: boolean; @@ -242,7 +274,6 @@ export interface Endpoint { /** * Interval at which Prometheus scrapes the metrics from the target. * - * * If empty, Prometheus uses the global scrape interval. */ interval?: string; @@ -254,10 +285,8 @@ export interface Endpoint { /** * `oauth2` configures the OAuth2 settings to use when scraping the target. * - * * It requires Prometheus >= 2.27.0. * - * * Cannot be set at the same time as `authorization`, or `basicAuth`. */ oauth2?: Oauth2; @@ -268,14 +297,12 @@ export interface Endpoint { /** * HTTP path from which to scrape for metrics. * - * * If empty, Prometheus uses the default value (e.g. `/metrics`). */ path?: string; /** * Name of the Service port which this endpoint refers to. * - * * It takes precedence over `targetPort`. */ port?: string; @@ -288,13 +315,10 @@ export interface Endpoint { * `relabelings` configures the relabeling rules to apply the target's * metadata labels. * - * * The Operator automatically adds relabelings for a few standard Kubernetes fields. * - * * The original scrape job's name is available via the `__tmp_prometheus_job_name` label. * - * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ @@ -302,18 +326,15 @@ export interface Endpoint { /** * HTTP scheme to use for scraping. * - * * `http` and `https` are the expected values unless you rewrite the * `__scheme__` label via relabeling. * - * * If empty, Prometheus uses the default value `http`. */ scheme?: Scheme; /** * Timeout after which Prometheus considers the scrape to be failed. * - * * If empty, Prometheus uses the global scrape timeout unless it is less * than the target's scrape interval value in which the latter is used. */ @@ -332,7 +353,6 @@ export interface Endpoint { * the metrics that have an explicit timestamp present in scraped data. * Has no effect if `honorTimestamps` is false. * - * * It requires Prometheus >= v2.48.0. */ trackTimestampsStaleness?: boolean; @@ -342,7 +362,6 @@ export interface Endpoint { * `authorization` configures the Authorization header credentials to use when * scraping the target. * - * * Cannot be set at the same time as `basicAuth`, or `oauth2`. */ export interface Authorization { @@ -354,10 +373,8 @@ export interface Authorization { /** * Defines the authentication type. The value is case-insensitive. * - * * "Basic" is not a supported value. * - * * Default: "Bearer" */ type?: string; @@ -377,10 +394,7 @@ export interface Credentials { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -393,7 +407,6 @@ export interface Credentials { * `basicAuth` configures the Basic Authentication credentials to use when * scraping the target. * - * * Cannot be set at the same time as `authorization`, or `oauth2`. */ export interface BasicAuth { @@ -423,10 +436,7 @@ export interface Password { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -449,10 +459,7 @@ export interface Username { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -466,7 +473,6 @@ export interface Username { * token for scraping targets. The secret needs to be in the same namespace * as the ServiceMonitor object and readable by the Prometheus Operator. * - * * Deprecated: use `authorization` instead. */ export interface BearerTokenSecret { @@ -479,10 +485,7 @@ export interface BearerTokenSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -495,7 +498,6 @@ export interface BearerTokenSecret { * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, * scraped samples and remote write samples. * - * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ @@ -503,18 +505,15 @@ export interface MetricRelabeling { /** * Action to perform based on the regex matching. * - * * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. * - * * Default: "Replace" */ action?: Action; /** * Modulus to take of the hash of the source label values. * - * * Only applicable when the action is `HashMod`. */ modulus?: number; @@ -526,7 +525,6 @@ export interface MetricRelabeling { * Replacement value against which a Replace action is performed if the * regular expression matches. * - * * Regex capture groups are available. */ replacement?: string; @@ -543,11 +541,9 @@ export interface MetricRelabeling { /** * Label to which the resulting string is written in a replacement. * - * * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, * `KeepEqual` and `DropEqual` actions. * - * * Regex capture groups are available. */ targetLabel?: string; @@ -556,11 +552,9 @@ export interface MetricRelabeling { /** * Action to perform based on the regex matching. * - * * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. * - * * Default: "Replace" */ export enum Action { @@ -591,10 +585,8 @@ export enum Action { /** * `oauth2` configures the OAuth2 settings to use when scraping the target. * - * * It requires Prometheus >= 2.27.0. * - * * Cannot be set at the same time as `authorization`, or `basicAuth`. */ export interface Oauth2 { @@ -618,32 +610,25 @@ export interface Oauth2 { * that should be excluded from proxying. IP and domain names can * contain port numbers. * - * - * It requires Prometheus >= v2.43.0. + * It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. */ noProxy?: string; /** * ProxyConnectHeader optionally specifies headers to send to * proxies during CONNECT requests. * - * - * It requires Prometheus >= v2.43.0. + * It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. */ proxyConnectHeader?: { [key: string]: ProxyConnectHeader[] }; /** * Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, * HTTPS_PROXY, and NO_PROXY). - * If unset, Prometheus uses its default value. * - * - * It requires Prometheus >= v2.43.0. + * It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. */ proxyFromEnvironment?: boolean; /** * `proxyURL` defines the HTTP proxy server to use. - * - * - * It requires Prometheus >= v2.43.0. */ proxyUrl?: string; /** @@ -689,10 +674,7 @@ export interface ClientIDConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -714,10 +696,7 @@ export interface ClientIDSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -740,10 +719,7 @@ export interface ClientSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -765,10 +741,7 @@ export interface ProxyConnectHeader { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -801,14 +774,12 @@ export interface Oauth2TLSConfig { /** * Maximum acceptable TLS version. * - * * It requires Prometheus >= v2.41.0. */ maxVersion?: Version; /** * Minimum acceptable TLS version. * - * * It requires Prometheus >= v2.35.0. */ minVersion?: Version; @@ -845,10 +816,7 @@ export interface PurpleConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -870,10 +838,7 @@ export interface PurpleSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -909,10 +874,7 @@ export interface FluffyConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -934,10 +896,7 @@ export interface FluffySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -959,10 +918,7 @@ export interface PurpleKeySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -974,12 +930,10 @@ export interface PurpleKeySecret { /** * Maximum acceptable TLS version. * - * * It requires Prometheus >= v2.41.0. * * Minimum acceptable TLS version. * - * * It requires Prometheus >= v2.35.0. */ export enum Version { @@ -993,7 +947,6 @@ export enum Version { * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, * scraped samples and remote write samples. * - * * More info: * https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config */ @@ -1001,18 +954,15 @@ export interface Relabeling { /** * Action to perform based on the regex matching. * - * * `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. * `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. * - * * Default: "Replace" */ action?: Action; /** * Modulus to take of the hash of the source label values. * - * * Only applicable when the action is `HashMod`. */ modulus?: number; @@ -1024,7 +974,6 @@ export interface Relabeling { * Replacement value against which a Replace action is performed if the * regular expression matches. * - * * Regex capture groups are available. */ replacement?: string; @@ -1041,11 +990,9 @@ export interface Relabeling { /** * Label to which the resulting string is written in a replacement. * - * * It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, * `KeepEqual` and `DropEqual` actions. * - * * Regex capture groups are available. */ targetLabel?: string; @@ -1054,11 +1001,9 @@ export interface Relabeling { /** * HTTP scheme to use for scraping. * - * * `http` and `https` are the expected values unless you rewrite the * `__scheme__` label via relabeling. * - * * If empty, Prometheus uses the default value `http`. */ export enum Scheme { @@ -1101,14 +1046,12 @@ export interface EndpointTLSConfig { /** * Maximum acceptable TLS version. * - * * It requires Prometheus >= v2.41.0. */ maxVersion?: Version; /** * Minimum acceptable TLS version. * - * * It requires Prometheus >= v2.35.0. */ minVersion?: Version; @@ -1145,10 +1088,7 @@ export interface TentacledConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1170,10 +1110,7 @@ export interface TentacledSecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1209,10 +1146,7 @@ export interface StickyConfigMap { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1234,10 +1168,7 @@ export interface StickySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1259,10 +1190,7 @@ export interface FluffyKeySecret { * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. - * TODO: Add other useful fields. apiVersion, kind, uid? * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it - * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. */ name?: string; /** @@ -1271,6 +1199,28 @@ export interface FluffyKeySecret { optional?: boolean; } +/** + * The protocol to use if a scrape returns blank, unparseable, or otherwise invalid + * Content-Type. + * + * It requires Prometheus >= v3.0.0. + * + * ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. + * Supported values are: + * * `OpenMetricsText0.0.1` + * * `OpenMetricsText1.0.0` + * * `PrometheusProto` + * * `PrometheusText0.0.4` + * * `PrometheusText1.0.0` + */ +export enum FallbackScrapeProtocol { + OpenMetricsText001 = "OpenMetricsText0.0.1", + OpenMetricsText100 = "OpenMetricsText1.0.0", + PrometheusProto = "PrometheusProto", + PrometheusText004 = "PrometheusText0.0.4", + PrometheusText100 = "PrometheusText1.0.0", +} + /** * `namespaceSelector` defines in which namespace(s) Prometheus should discover the * services. @@ -1289,21 +1239,6 @@ export interface NamespaceSelector { matchNames?: string[]; } -/** - * ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. - * Supported values are: - * * `OpenMetricsText0.0.1` - * * `OpenMetricsText1.0.0` - * * `PrometheusProto` - * * `PrometheusText0.0.4` - */ -export enum ScrapeProtocol { - OpenMetricsText001 = "OpenMetricsText0.0.1", - OpenMetricsText100 = "OpenMetricsText1.0.0", - PrometheusProto = "PrometheusProto", - PrometheusText004 = "PrometheusText0.0.4", -} - /** * Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. */ @@ -1344,6 +1279,21 @@ export interface MatchExpression { values?: string[]; } +/** + * Mechanism used to select the endpoints to scrape. + * By default, the selection process relies on relabel configurations to filter the + * discovered targets. + * Alternatively, you can opt in for role selectors, which may offer better efficiency in + * large clusters. + * Which strategy is best for your use case needs to be carefully evaluated. + * + * It requires Prometheus >= v2.17.0. + */ +export enum SelectorMechanism { + RelabelConfig = "RelabelConfig", + RoleSelector = "RoleSelector", +} + RegisterKind(ServiceMonitor, { group: "monitoring.coreos.com", version: "v1", diff --git a/src/pepr/operator/crd/sources/package/v1alpha1.ts b/src/pepr/operator/crd/sources/package/v1alpha1.ts index bac9b73c6..f52587bd8 100644 --- a/src/pepr/operator/crd/sources/package/v1alpha1.ts +++ b/src/pepr/operator/crd/sources/package/v1alpha1.ts @@ -251,6 +251,19 @@ const monitor = { enum: ["PodMonitor", "ServiceMonitor"], type: "string", }, + fallbackScrapeProtocol: { + description: + "The protocol for Prometheus to use if a scrape returns a blank, unparsable, or otherwise invalid Content-Type", + // Enum copied from upstream Prometheus supported values + enum: [ + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusProto", + "PrometheusText0.0.4", + "PrometheusText1.0.0", + ], + type: "string", + }, authorization: AuthorizationSchema, }, }, diff --git a/src/pepr/prometheus/index.ts b/src/pepr/prometheus/index.ts index cb06542b4..7ff354d87 100644 --- a/src/pepr/prometheus/index.ts +++ b/src/pepr/prometheus/index.ts @@ -13,6 +13,7 @@ import { ServiceMonitorEndpoint, ServiceMonitorScheme, } from "../operator/crd"; +import { FallbackScrapeProtocol } from "../operator/crd/generated/prometheus/servicemonitor-v1"; // configure subproject logger const log = setupLogger(Component.PROMETHEUS); @@ -30,6 +31,10 @@ When(PrometheusServiceMonitor) .IsCreatedOrUpdated() .Mutate(async sm => { if (sm.Raw.spec === undefined || sm.Raw.spec.scrapeClass != undefined) { + // Support the legacy (Prometheus 2.x fallback) until upstream applications properly handle protocol + if (sm.Raw.spec && !sm.Raw.spec.fallbackScrapeProtocol) { + sm.Raw.spec.fallbackScrapeProtocol = FallbackScrapeProtocol.PrometheusText004; + } return; } @@ -43,6 +48,10 @@ When(PrometheusServiceMonitor) `Mutating scrapeClass to exempt ServiceMonitor ${sm.Raw.metadata?.name} from default scrapeClass mTLS config`, ); sm.Raw.spec.scrapeClass = "exempt"; + // Support the legacy (Prometheus 2.x fallback) until upstream applications properly handle protocol + if (!sm.Raw.spec.fallbackScrapeProtocol) { + sm.Raw.spec.fallbackScrapeProtocol = FallbackScrapeProtocol.PrometheusText004; + } return; } else { @@ -60,6 +69,10 @@ When(PrometheusServiceMonitor) endpoint.tlsConfig = tlsConfig; }); sm.Raw.spec.endpoints = endpoints; + // Support the legacy (Prometheus 2.x fallback) until upstream applications properly handle protocol + if (!sm.Raw.spec.fallbackScrapeProtocol) { + sm.Raw.spec.fallbackScrapeProtocol = FallbackScrapeProtocol.PrometheusText004; + } } }); @@ -70,6 +83,10 @@ When(PrometheusPodMonitor) .IsCreatedOrUpdated() .Mutate(async pm => { if (pm.Raw.spec === undefined || pm.Raw.spec.scrapeClass != undefined) { + // Support the legacy (Prometheus 2.x fallback) until upstream applications properly handle protocol + if (pm.Raw.spec && !pm.Raw.spec.fallbackScrapeProtocol) { + pm.Raw.spec.fallbackScrapeProtocol = FallbackScrapeProtocol.PrometheusText004; + } return; } @@ -79,6 +96,10 @@ When(PrometheusPodMonitor) `Mutating scrapeClass to exempt PodMonitor ${pm.Raw.metadata?.name} from default scrapeClass mTLS config`, ); pm.Raw.spec.scrapeClass = "exempt"; + // Support the legacy (Prometheus 2.x fallback) until upstream applications properly handle protocol + if (!pm.Raw.spec.fallbackScrapeProtocol) { + pm.Raw.spec.fallbackScrapeProtocol = FallbackScrapeProtocol.PrometheusText004; + } return; } else { @@ -88,6 +109,10 @@ When(PrometheusPodMonitor) endpoint.scheme = PodMonitorScheme.HTTPS; }); pm.Raw.spec.podMetricsEndpoints = endpoints; + // Support the legacy (Prometheus 2.x fallback) until upstream applications properly handle protocol + if (!pm.Raw.spec.fallbackScrapeProtocol) { + pm.Raw.spec.fallbackScrapeProtocol = FallbackScrapeProtocol.PrometheusText004; + } } }); diff --git a/src/prometheus-stack/common/zarf.yaml b/src/prometheus-stack/common/zarf.yaml index 77bb91d0a..08455c165 100644 --- a/src/prometheus-stack/common/zarf.yaml +++ b/src/prometheus-stack/common/zarf.yaml @@ -18,7 +18,7 @@ components: - name: kube-prometheus-stack namespace: monitoring url: https://prometheus-community.github.io/helm-charts - version: 65.3.1 + version: 67.3.1 valuesFiles: - "../values/values.yaml" actions: @@ -32,3 +32,8 @@ components: name: prometheus-stack namespace: monitoring condition: "'{.status.phase}'=Ready" + - description: Annotate all service and pod monitors to ensure they are mutated with the 3.x fallbackScrapeProtocol + cmd: | + # This ensures that all monitors go through the latest Pepr mutation code to have fallbackScrapeProtocol added + ./zarf tools kubectl annotate servicemonitors -A --all uds.dev/prometheus-fallback=true + ./zarf tools kubectl annotate podmonitors -A --all uds.dev/prometheus-fallback=true diff --git a/src/prometheus-stack/tasks.yaml b/src/prometheus-stack/tasks.yaml index 6d4f621ef..8da51a60b 100644 --- a/src/prometheus-stack/tasks.yaml +++ b/src/prometheus-stack/tasks.yaml @@ -32,19 +32,32 @@ tasks: name: app.kubernetes.io/name=prometheus-node-exporter namespace: monitoring condition: Ready - # Below task can be used to generate CRD types, but is commented out pending resolution of https://github.com/defenseunicorns/kubernetes-fluent-client/issues/374 - # - name: gen-crds - # actions: - # - description: Generate servicemonitor types - # cmd: "npx kubernetes-fluent-client crd https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml src/pepr/operator/crd/generated/prometheus" - # - description: Generate podmonitor types - # cmd: "npx kubernetes-fluent-client crd https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml src/pepr/operator/crd/generated/prometheus" - # - description: Pepr Format - # cmd: "npx pepr format" + + - name: gen-crds + actions: + - description: Generate servicemonitor types + cmd: "npx kubernetes-fluent-client crd https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml src/pepr/operator/crd/generated/prometheus" + - description: Generate podmonitor types + cmd: "npx kubernetes-fluent-client crd https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml src/pepr/operator/crd/generated/prometheus" + - description: "Add license headers to generated CRD files" + shell: + darwin: bash + linux: bash + cmd: | + # check for addlicense bin + if [ -x "$HOME/go/bin/addlicense" ]; then + echo "addlicense installed in $HOME/go/bin" + else + echo "Error: addlicense is not installed in $HOME/go/bin" >&2 + exit 1 + fi + $HOME/go/bin/addlicense -l "AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial" -s=only -v -c "Defense Unicorns" src/pepr/operator/crd/generated + - description: Pepr Format + cmd: "npx pepr format" - name: e2e-test actions: - description: "Run Prometheus-Stack E2E tests" cmd: | - npm ci && npx jest --testPathPattern prometheus* + npm ci && npx jest --testPathPattern prometheus* dir: test/jest diff --git a/src/prometheus-stack/values/registry1-values.yaml b/src/prometheus-stack/values/registry1-values.yaml index c5f39b658..9662fc3d1 100644 --- a/src/prometheus-stack/values/registry1-values.yaml +++ b/src/prometheus-stack/values/registry1-values.yaml @@ -11,7 +11,7 @@ kube-state-metrics: image: registry: registry1.dso.mil repository: ironbank/opensource/kubernetes/kube-state-metrics - tag: v2.13.0 + tag: v2.14.0 securityContext: enabled: true fsGroup: 65532 @@ -23,7 +23,7 @@ prometheus: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus/prometheus - tag: v2.54.1 + tag: v3.0.1 prometheus-node-exporter: image: registry: registry1.dso.mil @@ -51,9 +51,9 @@ prometheusOperator: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus-operator/prometheus-operator - tag: v0.77.1 + tag: v0.79.2 prometheusConfigReloader: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus-operator/prometheus-config-reloader - tag: v0.77.1 + tag: v0.79.2 diff --git a/src/prometheus-stack/values/unicorn-values.yaml b/src/prometheus-stack/values/unicorn-values.yaml index df2b75f14..09cfeac66 100644 --- a/src/prometheus-stack/values/unicorn-values.yaml +++ b/src/prometheus-stack/values/unicorn-values.yaml @@ -11,7 +11,7 @@ kube-state-metrics: image: registry: cgr.dev repository: du-uds-defenseunicorns/kube-state-metrics-fips - tag: 2.13.0 + tag: 2.14.0 securityContext: enabled: true fsGroup: 65532 @@ -23,7 +23,7 @@ prometheus: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-fips - tag: 2.54.1 + tag: 3.0.1 prometheus-node-exporter: image: registry: cgr.dev @@ -51,9 +51,9 @@ prometheusOperator: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-operator-fips - tag: 0.77.1 + tag: 0.79.2 prometheusConfigReloader: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-config-reloader-fips - tag: 0.77.1 + tag: 0.79.2 diff --git a/src/prometheus-stack/values/upstream-values.yaml b/src/prometheus-stack/values/upstream-values.yaml index e539454dd..17f699d0b 100644 --- a/src/prometheus-stack/values/upstream-values.yaml +++ b/src/prometheus-stack/values/upstream-values.yaml @@ -11,7 +11,7 @@ kube-state-metrics: image: registry: registry.k8s.io repository: kube-state-metrics/kube-state-metrics - tag: v2.13.0 + tag: v2.14.0 securityContext: enabled: true fsGroup: 65534 @@ -23,7 +23,7 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v2.54.1 + tag: v3.0.1 prometheus-node-exporter: image: registry: quay.io @@ -43,9 +43,9 @@ prometheusOperator: image: registry: quay.io repository: prometheus-operator/prometheus-operator - tag: v0.77.1 + tag: v0.79.2 prometheusConfigReloader: image: registry: quay.io repository: prometheus-operator/prometheus-config-reloader - tag: v0.77.1 + tag: v0.79.2 diff --git a/src/prometheus-stack/zarf.yaml b/src/prometheus-stack/zarf.yaml index 6b0d667a0..d41a39117 100644 --- a/src/prometheus-stack/zarf.yaml +++ b/src/prometheus-stack/zarf.yaml @@ -13,7 +13,7 @@ components: charts: - name: prometheus-operator-crds url: https://prometheus-community.github.io/helm-charts - version: 15.0.0 + version: 17.0.2 namespace: uds-crds valuesFiles: - "values/crd-values.yaml" @@ -31,11 +31,11 @@ components: - "values/upstream-values.yaml" images: - "quay.io/prometheus/node-exporter:v1.8.2" - - "quay.io/prometheus-operator/prometheus-operator:v0.77.1" - - "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0" + - "quay.io/prometheus-operator/prometheus-operator:v0.79.2" + - "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0" - "quay.io/prometheus/alertmanager:v0.27.0" - - "quay.io/prometheus-operator/prometheus-config-reloader:v0.77.1" - - "quay.io/prometheus/prometheus:v2.54.1" + - "quay.io/prometheus-operator/prometheus-config-reloader:v0.79.2" + - "quay.io/prometheus/prometheus:v3.0.1" - "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.4" - name: kube-prometheus-stack @@ -51,11 +51,11 @@ components: - "values/registry1-values.yaml" images: - "registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.8.2" - - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.77.1" - - "registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.13.0" + - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.79.2" + - "registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.14.0" - "registry1.dso.mil/ironbank/opensource/prometheus/alertmanager:v0.27.0" - - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.77.1" - - "registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.54.1" + - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.79.2" + - "registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v3.0.1" - "registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen:v1.4.4" - name: kube-prometheus-stack @@ -71,9 +71,9 @@ components: - "values/unicorn-values.yaml" images: - "cgr.dev/du-uds-defenseunicorns/prometheus-node-exporter-fips:1.8.2" - - "cgr.dev/du-uds-defenseunicorns/prometheus-operator-fips:0.77.1" - - "cgr.dev/du-uds-defenseunicorns/kube-state-metrics-fips:2.13.0" + - "cgr.dev/du-uds-defenseunicorns/prometheus-operator-fips:0.79.2" + - "cgr.dev/du-uds-defenseunicorns/kube-state-metrics-fips:2.14.0" - "cgr.dev/du-uds-defenseunicorns/prometheus-alertmanager-fips:0.27.0" - - "cgr.dev/du-uds-defenseunicorns/prometheus-config-reloader-fips:0.77.1" - - "cgr.dev/du-uds-defenseunicorns/prometheus-fips:2.54.1" + - "cgr.dev/du-uds-defenseunicorns/prometheus-config-reloader-fips:0.79.2" + - "cgr.dev/du-uds-defenseunicorns/prometheus-fips:3.0.1" - "cgr.dev/du-uds-defenseunicorns/kube-webhook-certgen-fips:1.11.3"