fix(base-cluster/monitoring): only watch and create metrics for latest apiVersion

[cwrau]

That way there are also no deprecatedAPIAlerts

Summary by CodeRabbit

Release Notes

• Chores
  • Enhanced Prometheus monitoring configuration for Flux custom resources. The kube-state-metrics setup now dynamically discovers custom resource definitions and resolves API versions from live cluster data instead of using static hardcoded configurations, providing more accurate and comprehensive metrics collection across all Flux resource types deployed in the cluster.

[coderabbitai]

📝 Walkthrough

Walkthrough

The Helm template for kube-state-metrics configuration was refactored to dynamically resolve Flux custom-resource configurations by iterating through CRD kinds and performing live lookups to extract API versions, replacing previously hardcoded entries.

Changes

Cohort / File(s)	Summary
Flux CRD Metric Collection charts/base-cluster/templates/monitoring/kube-prometheus-stack/_kube-state-metrics-config.yaml	Refactored kube-state-metrics Prometheus scrape configuration to dynamically iterate Flux CRD kinds and resolve API versions via CRD lookup, extracting storage versions from live CustomResourceDefinition objects and conditionally appending metrics only when CRDs exist.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(base-cluster/monitoring): add alert about base-cluster updates #1937 — Modifies the same kube-prometheus-stack metrics configuration file to add ImagePolicy metrics alongside this PR's CRD iteration and version resolution changes.

Suggested labels

base-cluster

Suggested reviewers

• tasches
• marvinWolff
• teutonet-bot

Poem

🐰 A bunny hops through Flux CRDs so fine,
With lookups and versions now all in line,
No hardcoding here, just dynamic grace,
Prometheus metrics find their rightful place! 📊✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating kube-state-metrics configuration to only monitor the latest apiVersion, which directly aligns with the PR's objective to eliminate deprecatedAPIAlerts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/only-watch-current-apiVersion

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the kube-state-metrics configuration to dynamically resolve Flux CRD versions using the Helm lookup function and introduces regex-based pluralization for resource names. Review feedback identifies a significant issue where the use of lookup causes the configuration to be omitted during static manifest generation or in GitOps environments without cluster access. Additionally, the regex logic for pluralization is flagged as fragile, with a recommendation to explicitly define plural names in the source data for better maintainability.

[Copilot]

Pull request overview

Updates the kube-state-metrics customResourceState configuration in the base-cluster Helm chart to pin Flux custom resource scraping to a single CRD version, aiming to avoid deprecated API usage alerts in the cluster.

Changes:

• Uses Helm lookup to fetch each Flux CRD and derive a specific version for the groupVersionKind config.
• Updates the generated Flux custom resource metrics entries to include the resolved groupVersionKind.version.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

charts/base-cluster/templates/monitoring/kube-prometheus-stack/_kube-state-metrics-config.yaml (1)

114-139: ⚠️ Potential issue | 🟠 Major

Static ImagePolicy entry lacks version field - inconsistent with PR objective.

The static ImagePolicy entry for the latest_version metric does not include a version in groupVersionKind (lines 115-118), while the dynamic entries now include the storage version. This means:

• Dynamic ImagePolicy entry (from loop): watches only the latest/storage API version
• This static entry: watches all API versions

This defeats the PR objective of "only watch and create metrics for the latest apiVersion" for the latest_version metric, and deprecatedAPIAlerts may still be generated for this resource.

Consider applying the same CRD lookup pattern here to include the version:

Proposed fix

+      {{- $imagePolicyCrd := lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "imagepolicies.image.toolkit.fluxcd.io" -}}
+      {{- if $imagePolicyCrd -}}
+        {{- $imagePolicyVersion := "" -}}
+        {{- range $version := $imagePolicyCrd.spec.versions -}}
+          {{- if $version.storage -}}
+            {{- $imagePolicyVersion = $version.name -}}
+          {{- end -}}
+        {{- end -}}
       {{- $resources = append $resources (dict
             "groupVersionKind" (dict
               "group" "image.toolkit.fluxcd.io"
               "kind" "ImagePolicy"
+              "version" $imagePolicyVersion
             )
             "metricNamePrefix" "image_policy"
             "metrics" (list
               ...
             )
           )
       }}
+      {{- end -}}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@charts/base-cluster/templates/monitoring/kube-prometheus-stack/_kube-state-metrics-config.yaml`
around lines 114 - 139, The static ImagePolicy resource dict (the dict with
"groupVersionKind" having group "image.toolkit.fluxcd.io" and kind
"ImagePolicy", metricNamePrefix "image_policy" and metric "latest_version") is
missing a "version" field and therefore watches all API versions; update this
dict to set "version" to the storage/latest API version using the same CRD
lookup pattern used for dynamic entries (i.e., compute the CRD's storage/version
value and inject it into groupVersionKind.version), leaving the metric
definition and labelsFromPath unchanged so the static entry matches the dynamic
entries' behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In
`@charts/base-cluster/templates/monitoring/kube-prometheus-stack/_kube-state-metrics-config.yaml`:
- Around line 114-139: The static ImagePolicy resource dict (the dict with
"groupVersionKind" having group "image.toolkit.fluxcd.io" and kind
"ImagePolicy", metricNamePrefix "image_policy" and metric "latest_version") is
missing a "version" field and therefore watches all API versions; update this
dict to set "version" to the storage/latest API version using the same CRD
lookup pattern used for dynamic entries (i.e., compute the CRD's storage/version
value and inject it into groupVersionKind.version), leaving the metric
definition and labelsFromPath unchanged so the static entry matches the dynamic
entries' behavior.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7eb00fa5-e6d5-4b0a-bfb4-d28a629ab3e4

📥 Commits

Reviewing files that changed from the base of the PR and between cab5a0d and 5815322.

📒 Files selected for processing (1)

• charts/base-cluster/templates/monitoring/kube-prometheus-stack/_kube-state-metrics-config.yaml