feat(container)!: Update kube-prometheus-stack ( 58.7.2 β 61.2.0 ) #3179
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mahoro-bot[bot]](https://avatars.githubusercontent.com/u/39525900?s=60&v=4){kind=small}
mahoro-bot
bot
added
area/kubernetes
--- kubernetes/nas/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack HelmRelease: observability/kube-prometheus-stack
+++ kubernetes/nas/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack HelmRelease: observability/kube-prometheus-stack
@@ -13,13 +13,13 @@
spec:
chart: kube-prometheus-stack
sourceRef:
kind: HelmRepository
name: prometheus-community
namespace: flux-system
- version: 58.7.2
+ version: 61.2.0
dependsOn:
- name: openebs
namespace: openebs-system
install:
crds: CreateReplace
remediation: |
--- HelmRelease: observability/kube-prometheus-stack ServiceAccount: observability/kube-state-metrics
+++ HelmRelease: observability/kube-prometheus-stack ServiceAccount: observability/kube-state-metrics
@@ -1,9 +1,10 @@
---
apiVersion: v1
kind: ServiceAccount
+automountServiceAccountToken: true
metadata:
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/name: kube-state-metrics
--- HelmRelease: observability/kube-prometheus-stack ServiceAccount: observability/node-exporter
+++ HelmRelease: observability/kube-prometheus-stack ServiceAccount: observability/node-exporter
@@ -9,7 +9,8 @@
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: prometheus-node-exporter
app.kubernetes.io/name: prometheus-node-exporter
app.kubernetes.io/instance: kube-prometheus-stack
jobLabel: node-exporter
release: kube-prometheus-stack
+automountServiceAccountToken: false
--- HelmRelease: observability/kube-prometheus-stack DaemonSet: observability/node-exporter
+++ HelmRelease: observability/kube-prometheus-stack DaemonSet: observability/node-exporter
@@ -41,13 +41,13 @@
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: node-exporter
containers:
- name: node-exporter
- image: quay.io/prometheus/node-exporter:v1.8.0
+ image: quay.io/prometheus/node-exporter:v1.8.1
imagePullPolicy: IfNotPresent
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --path.udev.data=/host/root/run/udev/data
--- HelmRelease: observability/kube-prometheus-stack Deployment: observability/kube-state-metrics
+++ HelmRelease: observability/kube-prometheus-stack Deployment: observability/kube-state-metrics
@@ -27,12 +27,13 @@
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: kube-state-metrics
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/instance: kube-prometheus-stack
release: kube-prometheus-stack
spec:
+ automountServiceAccountToken: true
hostNetwork: false
serviceAccountName: kube-state-metrics
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsNonRoot: true
@@ -69,12 +70,13 @@
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
+ resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
--- HelmRelease: observability/kube-prometheus-stack Deployment: observability/kube-prometheus-stack-operator
+++ HelmRelease: observability/kube-prometheus-stack Deployment: observability/kube-prometheus-stack-operator
@@ -31,23 +31,23 @@
app: kube-prometheus-stack-operator
app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator
app.kubernetes.io/component: prometheus-operator
spec:
containers:
- name: kube-prometheus-stack
- image: quay.io/prometheus-operator/prometheus-operator:v0.73.2
+ image: quay.io/prometheus-operator/prometheus-operator:v0.75.0
imagePullPolicy: IfNotPresent
args:
- --kubelet-service=kube-system/kube-prometheus-stack-kubelet
- --localhost=127.0.0.1
- - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.73.2
+ - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.75.0
- --config-reloader-cpu-request=0
- --config-reloader-cpu-limit=0
- --config-reloader-memory-request=0
- --config-reloader-memory-limit=0
- - --thanos-default-base-image=quay.io/thanos/thanos:v0.35.0
+ - --thanos-default-base-image=quay.io/thanos/thanos:v0.35.1
- --secret-field-selector=type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1
- --web.enable-tls=true
- --web.cert-file=/cert/cert
- --web.key-file=/cert/key
- --web.listen-address=:10250
- --web.tls-min-version=VersionTLS13
--- HelmRelease: observability/kube-prometheus-stack Prometheus: observability/kube-prometheus-stack
+++ HelmRelease: observability/kube-prometheus-stack Prometheus: observability/kube-prometheus-stack
@@ -9,12 +9,13 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: kube-prometheus-stack
app.kubernetes.io/part-of: kube-prometheus-stack
release: kube-prometheus-stack
heritage: Helm
spec:
+ automountServiceAccountToken: true
image: quay.io/prometheus/prometheus:v2.51.0-dedupelabels
version: v2.51.0-dedupelabels
externalLabels:
cluster: storage
replicaExternalLabelName: __replica__
externalUrl: http://prometheus.cnas.dev/
--- HelmRelease: observability/kube-prometheus-stack PrometheusRule: observability/kube-prometheus-stack-kube-prometheus-node-recording.rules
+++ HelmRelease: observability/kube-prometheus-stack PrometheusRule: observability/kube-prometheus-stack-kube-prometheus-node-recording.rules
@@ -20,13 +20,13 @@
record: instance:node_cpu:rate:sum
- expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance)
record: instance:node_network_receive_bytes:rate:sum
- expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)
record: instance:node_network_transmit_bytes:rate:sum
- expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))
- WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total)
+ WITHOUT (cpu, mode) / ON (instance) GROUP_LEFT() count(sum(node_cpu_seconds_total)
BY (instance, cpu)) BY (instance)
record: instance:node_cpu:ratio
- expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))
record: cluster:node_cpu:sum_rate5m
- expr: cluster:node_cpu:sum_rate5m / count(sum(node_cpu_seconds_total) BY (instance,
cpu))
--- HelmRelease: observability/kube-prometheus-stack PrometheusRule: observability/kube-prometheus-stack-prometheus
+++ HelmRelease: observability/kube-prometheus-stack PrometheusRule: observability/kube-prometheus-stack-prometheus
@@ -36,12 +36,24 @@
summary: Failed Prometheus SD refresh.
expr: increase(prometheus_sd_refresh_failures_total{job="kube-prometheus-stack-prometheus",namespace="observability"}[10m])
> 0
for: 20m
labels:
severity: warning
+ - alert: PrometheusKubernetesListWatchFailures
+ annotations:
+ description: Kubernetes service discovery of Prometheus {{$labels.namespace}}/{{$labels.pod}}
+ is experiencing {{ printf "%.0f" $value }} failures with LIST/WATCH requests
+ to the Kubernetes API in the last 5 minutes.
+ runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheuskuberneteslistwatchfailures
+ summary: Requests in Kubernetes SD are failing.
+ expr: increase(prometheus_sd_kubernetes_failures_total{job="kube-prometheus-stack-prometheus",namespace="observability"}[5m])
+ > 0
+ for: 15m
+ labels:
+ severity: warning
- alert: PrometheusNotificationQueueRunningFull
annotations:
description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}}
is running full.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusnotificationqueuerunningfull
summary: Prometheus alert notification queue predicted to run full in less |
mahoro-bot
bot
force-pushed
the
renovate/nas-kube-prometheus-stack-61.x
branch
from
5fcc710 to
89ce59b
Compare
mahoro-bot
bot
changed the title
mahoro-bot
bot
force-pushed
the
renovate/nas-kube-prometheus-stack-61.x
branch
2 times, most recently
from
0049a71 to
1617db9
Compare
mahoro-bot
bot
changed the title
mahoro-bot
bot
force-pushed
the
renovate/nas-kube-prometheus-stack-61.x
branch
2 times, most recently
from
540f835 to
47735c7
Compare
mahoro-bot
bot
force-pushed
the
renovate/nas-kube-prometheus-stack-61.x
branch
from
47735c7 to
dc82ab6
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
58.7.2->61.2.0Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.