Skip to content

Commit bfd6a70

Browse files
LiZhenCheng9527LiZhenCheng9527
authored
update gen tools version (#689)
Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
1 parent f26951f commit bfd6a70

File tree

75 files changed

+7975
-2140
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

75 files changed

+7975
-2140
lines changed

Makefile.tools.mk

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ register-gen@v := k8s.io/code-generator/cmd/register-gen@v0.25.2
2929
deepcopy-gen@v := k8s.io/code-generator/cmd/deepcopy-gen@v0.25.2
3030
controller-gen@v := sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
3131
kustomize@v := sigs.k8s.io/kustomize/kustomize/v4@v4.5.5
32-
jb@v := github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@v0.5.1
32+
jb@v := github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@v0.6.0
3333
gojsontoyaml@v := github.com/brancz/gojsontoyaml@v0.1.0
3434
jsonnet@v := github.com/google/go-jsonnet/cmd/jsonnet@v0.18.0
3535

hack/gen-prom.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ JB="${REPO_ROOT}/.tools/jb"
1111
PROM_OUT_PATH=${REPO_ROOT}/out/prom
1212
PROM_JSONNET_FILE=${REPO_ROOT}/$1
1313
PROM_MANIFESTS_PATH=${REPO_ROOT}/${2}
14-
KUBE_PROM_VER=${KUBE_PROM_VER:-v0.10.0}
14+
KUBE_PROM_VER=${KUBE_PROM_VER:-v0.12.0}
1515

1616
echo 'begin to generate prom manifests'
1717
echo "jsonnet: ${PROM_JSONNET_FILE}"

manifests/profiles/prom-thanos/kube-state-metrics-clusterRole.yaml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
app.kubernetes.io/component: exporter
66
app.kubernetes.io/name: kube-state-metrics
77
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
8+
app.kubernetes.io/version: 2.7.0
99
name: kube-state-metrics
1010
rules:
1111
- apiGroups:
@@ -16,6 +16,7 @@ rules:
1616
- nodes
1717
- pods
1818
- services
19+
- serviceaccounts
1920
- resourcequotas
2021
- replicationcontrollers
2122
- limitranges
@@ -97,6 +98,7 @@ rules:
9798
- networking.k8s.io
9899
resources:
99100
- networkpolicies
101+
- ingressclasses
100102
- ingresses
101103
verbs:
102104
- list
@@ -108,3 +110,13 @@ rules:
108110
verbs:
109111
- list
110112
- watch
113+
- apiGroups:
114+
- rbac.authorization.k8s.io
115+
resources:
116+
- clusterrolebindings
117+
- clusterroles
118+
- rolebindings
119+
- roles
120+
verbs:
121+
- list
122+
- watch

manifests/profiles/prom-thanos/kube-state-metrics-clusterRoleBinding.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
app.kubernetes.io/component: exporter
66
app.kubernetes.io/name: kube-state-metrics
77
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
8+
app.kubernetes.io/version: 2.7.0
99
name: kube-state-metrics
1010
roleRef:
1111
apiGroup: rbac.authorization.k8s.io

manifests/profiles/prom-thanos/kube-state-metrics-deployment.yaml

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
app.kubernetes.io/component: exporter
66
app.kubernetes.io/name: kube-state-metrics
77
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
8+
app.kubernetes.io/version: 2.7.0
99
name: kube-state-metrics
1010
namespace: monitoring
1111
spec:
@@ -23,15 +23,16 @@ spec:
2323
app.kubernetes.io/component: exporter
2424
app.kubernetes.io/name: kube-state-metrics
2525
app.kubernetes.io/part-of: kube-prometheus
26-
app.kubernetes.io/version: 2.3.0
26+
app.kubernetes.io/version: 2.7.0
2727
spec:
28+
automountServiceAccountToken: true
2829
containers:
2930
- args:
3031
- --host=127.0.0.1
3132
- --port=8081
3233
- --telemetry-host=127.0.0.1
3334
- --telemetry-port=8082
34-
image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.3.0
35+
image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0
3536
name: kube-state-metrics
3637
resources:
3738
limits:
@@ -41,13 +42,18 @@ spec:
4142
cpu: 10m
4243
memory: 190Mi
4344
securityContext:
45+
allowPrivilegeEscalation: false
46+
capabilities:
47+
drop:
48+
- ALL
49+
readOnlyRootFilesystem: true
4450
runAsUser: 65534
4551
- args:
4652
- --logtostderr
4753
- --secure-listen-address=:8443
4854
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
4955
- --upstream=http://127.0.0.1:8081/
50-
image: quay.io/brancz/kube-rbac-proxy:v0.11.0
56+
image: quay.io/brancz/kube-rbac-proxy:v0.14.0
5157
name: kube-rbac-proxy-main
5258
ports:
5359
- containerPort: 8443
@@ -60,6 +66,11 @@ spec:
6066
cpu: 20m
6167
memory: 20Mi
6268
securityContext:
69+
allowPrivilegeEscalation: false
70+
capabilities:
71+
drop:
72+
- ALL
73+
readOnlyRootFilesystem: true
6374
runAsGroup: 65532
6475
runAsNonRoot: true
6576
runAsUser: 65532
@@ -68,7 +79,7 @@ spec:
6879
- --secure-listen-address=:9443
6980
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
7081
- --upstream=http://127.0.0.1:8082/
71-
image: quay.io/brancz/kube-rbac-proxy:v0.11.0
82+
image: quay.io/brancz/kube-rbac-proxy:v0.14.0
7283
name: kube-rbac-proxy-self
7384
ports:
7485
- containerPort: 9443
@@ -81,6 +92,11 @@ spec:
8192
cpu: 10m
8293
memory: 20Mi
8394
securityContext:
95+
allowPrivilegeEscalation: false
96+
capabilities:
97+
drop:
98+
- ALL
99+
readOnlyRootFilesystem: true
84100
runAsGroup: 65532
85101
runAsNonRoot: true
86102
runAsUser: 65532

manifests/profiles/prom-thanos/kube-state-metrics-networkPolicy.yaml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
apiVersion: networking.k8s.io/v1
2+
kind: NetworkPolicy
3+
metadata:
4+
labels:
5+
app.kubernetes.io/component: exporter
6+
app.kubernetes.io/name: kube-state-metrics
7+
app.kubernetes.io/part-of: kube-prometheus
8+
app.kubernetes.io/version: 2.7.0
9+
name: kube-state-metrics
10+
namespace: monitoring
11+
spec:
12+
egress:
13+
- {}
14+
ingress:
15+
- from:
16+
- podSelector:
17+
matchLabels:
18+
app.kubernetes.io/name: prometheus
19+
ports:
20+
- port: 8443
21+
protocol: TCP
22+
- port: 9443
23+
protocol: TCP
24+
podSelector:
25+
matchLabels:
26+
app.kubernetes.io/component: exporter
27+
app.kubernetes.io/name: kube-state-metrics
28+
app.kubernetes.io/part-of: kube-prometheus
29+
policyTypes:
30+
- Egress
31+
- Ingress

manifests/profiles/prom-thanos/kube-state-metrics-prometheusRule.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
app.kubernetes.io/component: exporter
66
app.kubernetes.io/name: kube-state-metrics
77
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
8+
app.kubernetes.io/version: 2.7.0
99
prometheus: thanos
1010
role: alert-rules
1111
name: kube-state-metrics-rules

manifests/profiles/prom-thanos/kube-state-metrics-service.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
app.kubernetes.io/component: exporter
66
app.kubernetes.io/name: kube-state-metrics
77
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
8+
app.kubernetes.io/version: 2.7.0
99
name: kube-state-metrics
1010
namespace: monitoring
1111
spec:

manifests/profiles/prom-thanos/kube-state-metrics-serviceAccount.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
11
apiVersion: v1
2+
automountServiceAccountToken: false
23
kind: ServiceAccount
34
metadata:
45
labels:
56
app.kubernetes.io/component: exporter
67
app.kubernetes.io/name: kube-state-metrics
78
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
9+
app.kubernetes.io/version: 2.7.0
910
name: kube-state-metrics
1011
namespace: monitoring

manifests/profiles/prom-thanos/kube-state-metrics-serviceMonitor.yaml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,19 @@ metadata:
55
app.kubernetes.io/component: exporter
66
app.kubernetes.io/name: kube-state-metrics
77
app.kubernetes.io/part-of: kube-prometheus
8-
app.kubernetes.io/version: 2.3.0
8+
app.kubernetes.io/version: 2.7.0
99
name: kube-state-metrics
1010
namespace: monitoring
1111
spec:
1212
endpoints:
1313
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
1414
honorLabels: true
1515
interval: 30s
16+
metricRelabelings:
17+
- action: drop
18+
regex: kube_endpoint_address_not_ready|kube_endpoint_address_available
19+
sourceLabels:
20+
- __name__
1621
port: https-main
1722
relabelings:
1823
- action: labeldrop

0 commit comments

Comments
 (0)