prometheus-community · QuentinBisson · Jan 29, 2025 · Jan 15, 2025 · Jan 15, 2025 · Jan 15, 2025
@@ -1,5 +1,3 @@
-root = true
-
 [files/dashboards/*.json]
 indent_size = 2
-indent_style = space
+indent_style = space
@@ -27,3 +27,7 @@ kube-prometheus-*.tgz
 
 unittests/
 files/dashboards/
+
+README.md
+CONTRIBUTING.md
+.editorconfig
@@ -15,7 +15,7 @@ maintainers:
   - name: GMartinez-Sisti
     email: [email protected]
     url: https://github.com/GMartinez-Sisti
-  - name: Jan-Otto Kröpke
+  - name: jkroepke
     email: [email protected]
     url: https://github.com/jkroepke
   - name: scottrigby
@@ -31,7 +31,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 68.2.1
+version: 68.3.0
 appVersion: v0.79.2
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus

@@ -0,0 +1,20 @@
+{{/* Shortened name suffixed with upgrade-crd */}}
+{{- define "kube-prometheus-stack.upgradeCRD.name" -}}
+{{- print (include "kube-prometheus-stack.fullname" .) "-upgrade" -}}
+{{- end -}}
+
+{{- define "kube-prometheus-stack.upgradeCRD.labels" -}}
+{{- include "kube-prometheus-stack.labels" . }}
+app: {{ template "kube-prometheus-stack.name" . }}-operator
+app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
+app.kubernetes.io/component: crds-upgrade
+{{- end -}}
+
+{{/* Create the name of upgradeCRD service account to use */}}
+{{- define "kube-prometheus-stack.upgradeCRD.serviceAccountName" -}}
+{{- if .Values.upgradeJob.serviceAccount.create -}}
+    {{ default (include "kube-prometheus-stack.upgradeCRD.name" .) .Values.upgradeJob.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.upgradeJob.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
@@ -0,0 +1,28 @@
+{{- if .Values.upgradeJob.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kube-prometheus-stack.upgradeCRD.name" . }}
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    {{- include "kube-prometheus-stack.upgradeCRD.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - "apiextensions.k8s.io"
+    resources:
+      - "customresourcedefinitions"
+    verbs:
+      - create
+      - patch
+      - update
+      - get
+      - list
+    resourceNames:
+      {{- range $path, $_ := $.Files.Glob "crds/*.yaml" }}
+      - {{ ($.Files.Get $path | fromYaml ).metadata.name }}
+      {{- end }}
+{{- end }}
@@ -0,0 +1,21 @@
+{{- if .Values.upgradeJob.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kube-prometheus-stack.upgradeCRD.name" . }}
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-3"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    {{- include "kube-prometheus-stack.upgradeCRD.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ template "kube-prometheus-stack.namespace" . }}
+    name: {{ template "kube-prometheus-stack.upgradeCRD.serviceAccountName" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kube-prometheus-stack.upgradeCRD.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
@@ -0,0 +1,15 @@
+{{- if .Values.upgradeJob.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kube-prometheus-stack.upgradeCRD.serviceAccountName" . }}
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-2"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    {{- include "kube-prometheus-stack.upgradeCRD.labels" . | nindent 4 }}
+binaryData:
+  crds.bz2: {{ .Files.Get "files/crds.bz2" | b64enc }}
+{{- end }}
@@ -0,0 +1,142 @@
+{{- if .Values.upgradeJob.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kube-prometheus-stack.upgradeCRD.name" . }}
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    {{- with .Values.upgradeJob.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "kube-prometheus-stack.upgradeCRD.labels" . | nindent 4 }}
+    {{- with .Values.upgradeJob.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      {{- with .Values.upgradeJob.podLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.upgradeJob.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+      {{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "kube-prometheus-stack.upgradeCRD.serviceAccountName" . }}
+      initContainers:
+        - name: busybox
+          {{- $busyboxRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.busybox.registry -}}
+          {{- if .Values.upgradeJob.image.sha }}
+          image: "{{ $busyboxRegistry }}/{{ .Values.upgradeJob.image.busybox.repository }}:{{ .Values.upgradeJob.image.busybox.tag }}@sha256:{{ .Values.upgradeJob.image.busybox.sha }}"
+          {{- else }}
+          image: "{{ $busyboxRegistry }}/{{ .Values.upgradeJob.image.busybox.repository }}:{{ .Values.upgradeJob.image.busybox.tag }}"
+          {{- end }}
+          imagePullPolicy: "{{ .Values.upgradeJob.image.busybox.pullPolicy }}"
+          workingDir: /tmp/
+          command:
+            - sh
+          args:
+            - -c
+            - bzcat /crds/crds.bz2 > /tmp/crds.yaml
+          {{- with .Values.upgradeJob.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.upgradeJob.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /crds/
+              name: crds
+            - mountPath: /tmp/
+              name: tmp
+            {{- with .Values.upgradeJob.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.upgradeJob.env }}
+          env:
+            {{- range $key, $value := . }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+      containers:
+        - name: kubectl
+          {{- $kubectlRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.kubectl.registry -}}
+          {{- if .Values.upgradeJob.image.kubectl.sha }}
+          image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default .Capabilities.KubeVersion.Version }}@sha256:{{ .Values.upgradeJob.image.kubectl.sha }}"
+          {{- else }}
+          image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default .Capabilities.KubeVersion.Version }}"
+          {{- end }}
+          imagePullPolicy: "{{ .Values.upgradeJob.image.kubectl.pullPolicy }}"
+          command:
+            - kubectl
+          args:
+            - apply
+            - --server-side
+            - --filename
+            - /tmp/crds.yaml
+          {{- with .Values.upgradeJob.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.upgradeJob.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /tmp/
+              name: tmp
+            {{- with .Values.upgradeJob.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.upgradeJob.env }}
+          env:
+            {{- range $key, $value := . }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+      volumes:
+        - name: tmp
+          emptyDir: {}
+        - name: crds
+          configMap:
+            name: {{ template "kube-prometheus-stack.upgradeCRD.name" . }}
+        {{- with .Values.upgradeJob.extraVolumes }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      restartPolicy: OnFailure
+      {{- with .Values.upgradeJob.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.upgradeJob.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.upgradeJob.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.upgradeJob.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.upgradeJob.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
@@ -0,0 +1,20 @@
+{{- if and .Values.upgradeJob.enabled .Values.upgradeJob.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.upgradeJob.serviceAccount.automountServiceAccountToken }}
+metadata:
+  name: {{ include "kube-prometheus-stack.upgradeCRD.serviceAccountName" . }}
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "-4"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    {{- with .Values.upgradeJob.serviceAccount.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "kube-prometheus-stack.upgradeCRD.labels" . | nindent 4 }}
+    {{- with .Values.upgradeJob.serviceAccount.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}
@@ -0,0 +1,3 @@
+crds:
+  upgradeJob:
+    enabled: true
@@ -3,43 +3,44 @@
 set -euo pipefail
 
 {
-    SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
+  SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
 
-    cd "${SCRIPT_DIR}/../"
+  cd "${SCRIPT_DIR}/../"
 
-    ./hack/update_crds.sh
-    if ! git diff "$GITHUB_SHA" --color=always --exit-code; then
-      echo "Please run ./hack/update_crds.sh"
-      exit 1
-    fi
+  ./hack/update_crds.sh
+  if ! git diff "$GITHUB_SHA" --color=always --exit-code; then
+    echo "Please run ./hack/update_crds.sh"
 
-    cd hack
+    exit 1
+  fi
 
-    export PIP_DISABLE_PIP_VERSION_CHECK=1
+  cd hack
 
-    python3 -m venv venv
-    # shellcheck disable=SC1091
-    source venv/bin/activate
+  export PIP_DISABLE_PIP_VERSION_CHECK=1
 
-    pip3 install -r requirements.txt
+  python3 -m venv venv
+  # shellcheck disable=SC1091
+  source venv/bin/activate
 
-    go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
-    PATH="$(go env GOPATH)/bin:$PATH"
-    export PATH
+  pip3 install -r requirements.txt
 
-    ./sync_prometheus_rules.py
-    if ! git diff "$GITHUB_SHA" --color=always --exit-code; then
-      echo "Changes inside rules are not supported!"
-      echo "Please go into the ./hack/ directory and run ./sync_prometheus_rules.py"
-      exit 1
-    fi
+  go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
+  PATH="$(go env GOPATH)/bin:$PATH"
+  export PATH
 
-    ./sync_grafana_dashboards.py
-    if ! git diff "$GITHUB_SHA" --color=always --exit-code; then
-      echo "Changes inside dashboards are not supported!"
-      echo "Please go into the ./hack/ directory and run ./sync_grafana_dashboards.py"
-      exit 1
-    fi
+  ./sync_prometheus_rules.py
+  if ! git diff "$GITHUB_SHA" --color=always --exit-code; then
+    echo "Changes inside rules are not supported!"
+    echo "Please go into the ./hack/ directory and run ./sync_prometheus_rules.py"
+    exit 1
+  fi
 
-    rm -rf ./venv ./*.git
+  ./sync_grafana_dashboards.py
+  if ! git diff "$GITHUB_SHA" --color=always --exit-code; then
+    echo "Changes inside dashboards are not supported!"
+    echo "Please go into the ./hack/ directory and run ./sync_grafana_dashboards.py"
+    exit 1
+  fi
+
+  rm -rf ./venv ./*.git
 } 2>&1