diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b23a64ac5..37476ad47f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,9 @@ - Bump solution-operator-lib Go version to 1.24 (PR[#4817](https://github.com/scality/metalk8s/pull/4817)) +- Bump prometheus-adapter chart version to [5.3.0](https://github.com/prometheus-community/helm-charts/releases/tag/prometheus-adapter-5.3.0) + (PR[#4825](https://github.com/scality/metalk8s/pull/4825)) + - Bump ingress-nginx chart version to [4.15.0](https://github.com/kubernetes/ingress-nginx/releases/tag/helm-chart-4.15.0) and ingress-nginx controller to [v1.15.0](https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.15.0) (PR[#4824](https://github.com/scality/metalk8s/pull/4824)) diff --git a/charts/prometheus-adapter/Chart.yaml b/charts/prometheus-adapter/Chart.yaml index d5bd6a6f51..d26eacc7bb 100644 --- a/charts/prometheus-adapter/Chart.yaml +++ b/charts/prometheus-adapter/Chart.yaml @@ -2,6 +2,7 @@ apiVersion: v1 appVersion: v0.12.0 description: A Helm chart for k8s prometheus adapter home: https://github.com/kubernetes-sigs/prometheus-adapter +icon: https://raw.githubusercontent.com/cncf/artwork/master/prometheus/icon/color/prometheus-icon-color.svg keywords: - hpa - metrics @@ -20,4 +21,4 @@ name: prometheus-adapter sources: - https://github.com/kubernetes/charts - https://github.com/kubernetes-sigs/prometheus-adapter -version: 4.14.1 +version: 5.3.0 diff --git a/charts/prometheus-adapter/README.md b/charts/prometheus-adapter/README.md index 368b4b3669..8da31a7f64 100644 --- a/charts/prometheus-adapter/README.md +++ b/charts/prometheus-adapter/README.md @@ -4,28 +4,28 @@ Installs the [Prometheus Adapter](https://github.com/kubernetes-sigs/prometheus- ## Prerequisites -Kubernetes 1.14+ +Kubernetes 1.21+ -## Get Helm Repositories Info +## Usage -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` +The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/). + +- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/prometheus-adapter` +- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `prometheus-adapter` -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ +The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository. -## Install Helm Chart +### Install Helm Chart ```console -helm install [RELEASE_NAME] prometheus-community/prometheus-adapter +helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prometheus-adapter ``` _See [configuration](#configuration) below._ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ -## Uninstall Helm Chart +### Uninstall Helm Chart ```console helm uninstall [RELEASE_NAME] @@ -35,7 +35,7 @@ This removes all the Kubernetes components associated with the chart and deletes _See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ -## Upgrading Helm Chart +### Upgrading Helm Chart ```console helm upgrade [RELEASE_NAME] [CHART] --install @@ -43,15 +43,19 @@ helm upgrade [RELEASE_NAME] [CHART] --install _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ -### To 4.2.0 +### To 5.0.0 + +This version removes support for the deprecated Kubernetes API `policy/v1beta1` for PodDisruptionBudgets. It also removes the deprecated `PodSecurityPolicy` resource. Minimum Kubernetes version >= 1.21 is now required. + +#### To 4.2.0 Readiness and liveness probes are now fully configurable through values `readinessProbe` and `livenessProbe`. The previous values have been kept as defaults. -### To 4.0.0 +#### To 4.0.0 Previously, security context of the container was set directly in the deployment template. This release makes it configurable through the new configuration variable `securityContext` whilst keeping the previously set values as defaults. Furthermore, previous variable `runAsUser` is now set in `securityContext` and is not used any longer. Please, use `securityContext.runAsUser` instead. In the same security context, `seccompProfile` has been enabled and set to type `RuntimeDefault`. -### To 3.0.0 +#### To 3.0.0 Due to a change in deployment labels, the upgrade requires `helm upgrade --force` in order to re-create the deployment. @@ -60,7 +64,7 @@ Due to a change in deployment labels, the upgrade requires `helm upgrade --force See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: ```console -helm show values prometheus-community/prometheus-adapter +helm show values oci://ghcr.io/prometheus-community/charts/prometheus-adapter ``` ### Prometheus Service Endpoint diff --git a/charts/prometheus-adapter/templates/_helpers.tpl b/charts/prometheus-adapter/templates/_helpers.tpl index 178c00b674..4b52f7b802 100644 --- a/charts/prometheus-adapter/templates/_helpers.tpl +++ b/charts/prometheus-adapter/templates/_helpers.tpl @@ -73,12 +73,3 @@ Create the name of the service account to use {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} - -{{/* Get Policy API Version */}} -{{- define "k8s-prometheus-adapter.pdb.apiVersion" -}} -{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} -{{- else -}} - {{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/prometheus-adapter/templates/deployment.yaml b/charts/prometheus-adapter/templates/deployment.yaml index 4036411818..b26256fbe6 100644 --- a/charts/prometheus-adapter/templates/deployment.yaml +++ b/charts/prometheus-adapter/templates/deployment.yaml @@ -16,6 +16,7 @@ metadata: namespace: {{ include "k8s-prometheus-adapter.namespace" . }} spec: replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: {{ toYaml .Values.strategy | nindent 4 }} selector: matchLabels: diff --git a/charts/prometheus-adapter/templates/pdb.yaml b/charts/prometheus-adapter/templates/pdb.yaml index 205761a9f1..68a6a13af9 100644 --- a/charts/prometheus-adapter/templates/pdb.yaml +++ b/charts/prometheus-adapter/templates/pdb.yaml @@ -1,5 +1,5 @@ {{- if .Values.podDisruptionBudget.enabled }} -apiVersion: {{ include "k8s-prometheus-adapter.pdb.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "k8s-prometheus-adapter.fullname" . }} @@ -11,12 +11,17 @@ metadata: labels: {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} + {{- with .Values.podDisruptionBudget }} + {{- if .minAvailable }} + minAvailable: {{ .minAvailable }} + {{- end }} + {{- if .maxUnavailable }} + maxUnavailable: {{ .maxUnavailable }} + {{- end }} + {{- if .unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .unhealthyPodEvictionPolicy }} + {{- end }} + {{- end }} selector: matchLabels: {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 6 }} diff --git a/charts/prometheus-adapter/templates/psp.yaml b/charts/prometheus-adapter/templates/psp.yaml deleted file mode 100644 index ec26af502c..0000000000 --- a/charts/prometheus-adapter/templates/psp.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if and .Values.psp.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - {{- with (merge .Values.customAnnotations .Values.psp.annotations) }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - {{- if .Values.hostNetwork.enabled }} - hostNetwork: true - hostPorts: - - min: {{ .Values.listenPort }} - max: {{ .Values.listenPort }} - {{- end }} - fsGroup: - rule: RunAsAny - runAsGroup: - rule: RunAsAny - runAsUser: - rule: MustRunAs - ranges: - - min: 1024 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - emptyDir - - configMap ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -rules: -- apiGroups: - - 'policy' - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "k8s-prometheus-adapter.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/prometheus-adapter/values.yaml b/charts/prometheus-adapter/values.yaml index 710b365d3f..c5c9c4590b 100644 --- a/charts/prometheus-adapter/values.yaml +++ b/charts/prometheus-adapter/values.yaml @@ -2,6 +2,12 @@ affinity: {} topologySpreadConstraints: [] +# Override the name of the chart +nameOverride: "" + +# Override the full name of the release +fullnameOverride: "" + image: repository: registry.k8s.io/prometheus-adapter/prometheus-adapter # if not set appVersion field from Chart.yaml is used @@ -67,15 +73,6 @@ rbac: customMetrics: resources: ["*"] -psp: - # Specifies whether PSP resources should be created - create: false - # Annotations added to the pod security policy - annotations: {} - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - # If false then the user will opt out of automounting API credentials. automountServiceAccountToken: true @@ -292,6 +289,8 @@ podDisruptionBudget: enabled: false minAvailable: maxUnavailable: 1 + # See https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy for possible values + unhealthyPodEvictionPolicy: certManager: enabled: false @@ -312,3 +311,6 @@ extraManifests: [] # name: prometheus-extra # data: # extra-data: "value" + +# Optional: set revisionHistoryLimit for the Deployment +revisionHistoryLimit: 10 diff --git a/salt/metalk8s/addons/prometheus-adapter/deployed/chart.sls b/salt/metalk8s/addons/prometheus-adapter/deployed/chart.sls index 3432c6aede..8e8fd7e26a 100644 --- a/salt/metalk8s/addons/prometheus-adapter/deployed/chart.sls +++ b/salt/metalk8s/addons/prometheus-adapter/deployed/chart.sls @@ -18,7 +18,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter namespace: metalk8s-monitoring @@ -131,7 +131,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter namespace: metalk8s-monitoring @@ -146,7 +146,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-resource-reader namespace: metalk8s-monitoring @@ -173,7 +173,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-server-resources namespace: metalk8s-monitoring @@ -195,7 +195,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-metrics namespace: metalk8s-monitoring @@ -221,7 +221,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-system-auth-delegator namespace: metalk8s-monitoring @@ -244,7 +244,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-resource-reader namespace: metalk8s-monitoring @@ -267,7 +267,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-hpa-controller namespace: metalk8s-monitoring @@ -290,7 +290,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-hpa-controller-metrics namespace: metalk8s-monitoring @@ -313,7 +313,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter-auth-reader namespace: kube-system @@ -336,7 +336,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter namespace: metalk8s-monitoring @@ -361,12 +361,13 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter namespace: metalk8s-monitoring spec: replicas: 1 + revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: prometheus-adapter @@ -379,7 +380,7 @@ spec: template: metadata: annotations: - checksum/config: 279409461d8d7b609f44dee4111e1092b02935387fb219080b82b867c3d66113 + checksum/config: d166939f8f79db05bd0882127b339e0ebc5f63ac908617329717fd55021500d0 labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: prometheus-adapter @@ -387,7 +388,7 @@ spec: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: prometheus-adapter spec: @@ -469,7 +470,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: v1beta1.custom.metrics.k8s.io namespace: metalk8s-monitoring @@ -493,7 +494,7 @@ metadata: app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: metalk8s app.kubernetes.io/version: v0.12.0 - helm.sh/chart: prometheus-adapter-4.14.1 + helm.sh/chart: prometheus-adapter-5.3.0 heritage: metalk8s name: v1beta1.metrics.k8s.io namespace: metalk8s-monitoring