From 120ab8fb11fd0578b14743ffd897eab6cbbf3cc7 Mon Sep 17 00:00:00 2001 From: koooge Date: Sat, 20 Jan 2024 18:11:25 +0100 Subject: [PATCH] [kube-prometheus-stack] Label promstack-operator pods with k8s recommended labels (#4094) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jan-Otto Kröpke --- charts/kube-prometheus-stack/Chart.yaml | 2 +- .../prometheus-operator/_prometheus-operator.tpl | 7 +++++++ .../admission-webhooks/_prometheus-operator-webhook.tpl | 6 ++++++ .../admission-webhooks/deployment/deployment.yaml | 3 ++- .../admission-webhooks/deployment/pdb.yaml | 2 +- .../admission-webhooks/deployment/service.yaml | 2 +- .../admission-webhooks/deployment/serviceaccount.yaml | 4 +--- .../job-patch/ciliumnetworkpolicy-createSecret.yaml | 6 +++--- .../job-patch/ciliumnetworkpolicy-patchWebhook.yaml | 7 +++---- .../admission-webhooks/job-patch/clusterrole.yaml | 2 +- .../admission-webhooks/job-patch/clusterrolebinding.yaml | 2 +- .../admission-webhooks/job-patch/job-createSecret.yaml | 6 +++--- .../admission-webhooks/job-patch/job-patchWebhook.yaml | 6 +++--- .../job-patch/networkpolicy-createSecret.yaml | 6 +++--- .../job-patch/networkpolicy-patchWebhook.yaml | 6 +++--- .../admission-webhooks/job-patch/psp.yaml | 2 +- .../admission-webhooks/job-patch/role.yaml | 2 +- .../admission-webhooks/job-patch/rolebinding.yaml | 2 +- .../admission-webhooks/job-patch/serviceaccount.yaml | 2 +- .../admission-webhooks/mutatingWebhookConfiguration.yaml | 6 +++--- .../validatingWebhookConfiguration.yaml | 2 +- .../prometheus-operator/aggregate-clusterroles.yaml | 6 ++---- .../prometheus-operator/ciliumnetworkpolicy.yaml | 7 +++---- .../templates/prometheus-operator/clusterrole.yaml | 3 +-- .../templates/prometheus-operator/clusterrolebinding.yaml | 3 +-- .../templates/prometheus-operator/deployment.yaml | 8 +++----- .../templates/prometheus-operator/networkpolicy.yaml | 5 ++--- .../templates/prometheus-operator/psp-clusterrole.yaml | 3 +-- .../prometheus-operator/psp-clusterrolebinding.yaml | 3 +-- .../templates/prometheus-operator/psp.yaml | 3 +-- .../templates/prometheus-operator/service.yaml | 3 +-- .../templates/prometheus-operator/serviceaccount.yaml | 5 +---- .../templates/prometheus-operator/servicemonitor.yaml | 3 +-- .../prometheus-operator/verticalpodautoscaler.yaml | 3 +-- 34 files changed, 66 insertions(+), 72 deletions(-) create mode 100644 charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl create mode 100644 charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 01e311a1d96c..8cbca9eb9fe0 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -23,7 +23,7 @@ name: kube-prometheus-stack sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus -version: 56.0.0 +version: 56.0.1 appVersion: v0.71.0 kubeVersion: ">=1.19.0-0" home: https://github.com/prometheus-operator/kube-prometheus diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl b/charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl new file mode 100644 index 000000000000..6ae9dc72e6c8 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl @@ -0,0 +1,7 @@ +{{/* Generate basic labels for prometheus-operator */}} +{{- define "kube-prometheus-stack.prometheus-operator.labels" }} +{{- include "kube-prometheus-stack.labels" . }} +app: {{ template "kube-prometheus-stack.name" . }}-operator +app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator +app.kubernetes.io/component: prometheus-operator +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl new file mode 100644 index 000000000000..f419caf54bee --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl @@ -0,0 +1,6 @@ +{{/* Generate basic labels for prometheus-operator-webhook */}} +{{- define "kube-prometheus-stack.prometheus-operator-webhook.labels" }} +{{- include "kube-prometheus-stack.labels" . }} +app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator +app.kubernetes.io/component: prometheus-operator-webhook +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml index 935668dec081..5206f244aaaa 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }} {{- if .Values.prometheusOperator.admissionWebhooks.deployment.labels }} {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.labels | indent 4 }} {{- end }} @@ -25,6 +25,7 @@ spec: metadata: labels: app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 8 }} release: {{ $.Release.Name | quote }} {{- if .Values.prometheusOperator.admissionWebhooks.deployment.podLabels }} {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podLabels | indent 8 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml index 25eac46e207c..48459ad55a54 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator-webhook namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml index c9fd3203e081..18f96efe3c4c 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }} {{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.labels }} {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.labels | indent 4 }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml index 48011e67dc35..55511da36b7b 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml @@ -7,9 +7,7 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-operator - app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator - app.kubernetes.io/component: prometheus-operator-webhook -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | indent 4 }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml index c4517b6b90f3..f7543b0f1aff 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml @@ -12,10 +12,10 @@ metadata: helm.sh/hook-weight: "-5" {{- with .Values.prometheusOperator.admissionWebhooks.annotations }} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-create - {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: endpointSelector: matchLabels: @@ -23,7 +23,7 @@ spec: {{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{- else }} - {{- include "kube-prometheus-stack.labels" $ | nindent 6 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }} {{- end }} egress: {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml index f6eb5220c9f8..4e3b0d922515 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml @@ -12,10 +12,10 @@ metadata: helm.sh/hook-weight: "-5" {{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch - {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: endpointSelector: matchLabels: @@ -23,7 +23,7 @@ spec: {{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{- else }} - {{- include "kube-prometheus-stack.labels" $ | nindent 6 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }} {{- end }} egress: {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }} @@ -34,4 +34,3 @@ spec: {{- end }} {{- end }} {{- end }} - diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml index cf2787b5a518..16954903548d 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml @@ -8,7 +8,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} rules: - apiGroups: - admissionregistration.k8s.io diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml index b909d14ebded..4cf1335b229c 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -8,7 +8,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml index a871dade5b3b..96e4f9285355 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml @@ -9,10 +9,10 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded {{- with .Values.prometheusOperator.admissionWebhooks.annotations }} {{ toYaml . | indent 4 }} -{{- end }} +{{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-create -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} # Alpha feature since k8s 1.12 @@ -27,7 +27,7 @@ spec: {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-create -{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }} spec: {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml index 350669afce96..b53a6ded348c 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -9,10 +9,10 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded {{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }} {{ toYaml . | indent 4 }} -{{- end }} +{{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} # Alpha feature since k8s 1.12 @@ -27,7 +27,7 @@ spec: {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch -{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }} spec: {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml index 18e021154a65..864deb52a0ac 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml @@ -12,10 +12,10 @@ metadata: "helm.sh/hook-weight": "-5" {{- with .Values.prometheusOperator.admissionWebhooks.annotations }} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-create - {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: podSelector: matchLabels: @@ -23,7 +23,7 @@ spec: {{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{- else }} - {{- include "kube-prometheus-stack.labels" $ | nindent 6 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }} {{- end }} egress: - {} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml index 805c0165796c..076c46700405 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml @@ -12,10 +12,10 @@ metadata: "helm.sh/hook-weight": "-5" {{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch - {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} spec: podSelector: matchLabels: @@ -23,7 +23,7 @@ spec: {{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{- else }} - {{- include "kube-prometheus-stack.labels" $ | nindent 6 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }} {{- end }} egress: - {} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml index 5a8c19a209e8..92c624001b07 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml @@ -11,7 +11,7 @@ metadata: {{- end }} labels: app: {{ template "kube-prometheus-stack.name" . }}-admission -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }} spec: privileged: false # Allow core volume types. diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml index a64e982a3d40..f15abf4395e7 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml @@ -9,7 +9,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} rules: - apiGroups: - "" diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml index d71362983466..30bde920b699 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml @@ -9,7 +9,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml index 4fd52ae0a9e4..02594547d114 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml @@ -9,7 +9,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml index 8573f4384cbd..da01f3b57ea4 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} webhooks: - name: prometheusrulemutate.monitoring.coreos.com {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} @@ -57,7 +57,7 @@ webhooks: - key: kubernetes.io/metadata.name operator: NotIn values: - {{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }} + {{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }} - {{ $namespace }} {{- end }} {{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }} @@ -68,7 +68,7 @@ webhooks: {{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} - {{ $namespace }} {{- end }} - {{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }} + {{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }} - {{ $namespace }} {{- end }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml index ca20395e1168..4827871cca81 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} labels: app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }} webhooks: - name: prometheusrulemutate.monitoring.coreos.com {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml index ec999fb9611f..0c52000d6dfb 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml @@ -8,8 +8,7 @@ metadata: rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" - app: {{ template "kube-prometheus-stack.name" . }}-operator - {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} rules: - apiGroups: ["monitoring.coreos.com"] resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"] @@ -22,8 +21,7 @@ metadata: labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" - app: {{ template "kube-prometheus-stack.name" . }}-operator - {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} rules: - apiGroups: ["monitoring.coreos.com"] resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"] diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml index b75dcfd9449c..018c4e3c9c99 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml @@ -5,16 +5,15 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator - {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} spec: endpointSelector: matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-operator {{- if .Values.prometheusOperator.networkPolicy.matchLabels }} + app: {{ template "kube-prometheus-stack.name" . }}-operator {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{- else }} - {{- include "kube-prometheus-stack.labels" $ | nindent 6 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" $ | nindent 6 }} {{- end }} egress: {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml index 623d1b3c9637..64353107f4d2 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml @@ -4,8 +4,7 @@ kind: ClusterRole metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} rules: - apiGroups: - monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml index c9ab0ab8720c..93b5a1d16f91 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml @@ -4,8 +4,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml index 12d6b2044a5a..1d19d2ce7f96 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml @@ -7,8 +7,7 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} {{- if .Values.prometheusOperator.labels }} {{ toYaml .Values.prometheusOperator.labels | indent 4 }} {{- end }} @@ -26,8 +25,7 @@ spec: template: metadata: labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 8 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 8 }} {{- if .Values.prometheusOperator.podLabels }} {{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} {{- end }} @@ -117,7 +115,7 @@ spec: - --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }} {{- else }} - --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }} - {{- end }} + {{- end }} {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }} - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml index 2aa5f3c366f1..1953cf2fe374 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml @@ -5,10 +5,9 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator - {{- include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} spec: - egress: + egress: - {} ingress: - ports: diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml index f701222de8ef..31d2ff164c0e 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml @@ -5,8 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} rules: {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml index 8a13fbb9835f..aa33292511fb 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml @@ -5,8 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml index 0b42e973edb0..beb4fe1e3d57 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml @@ -5,12 +5,11 @@ kind: PodSecurityPolicy metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} {{- if .Values.global.rbac.pspAnnotations }} annotations: {{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: privileged: false # Allow core volume types. diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml index b5ef5b93d513..f424c4be99bf 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml @@ -5,8 +5,7 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} {{- if .Values.prometheusOperator.service.labels }} {{ toYaml .Values.prometheusOperator.service.labels | indent 4 }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml index 781975f32e92..60ccf2fe5811 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator - app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator - app.kubernetes.io/component: prometheus-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml index 16e6e09022ad..ee6e3a4c5737 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml @@ -5,8 +5,7 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} {{- with .Values.prometheusOperator.serviceMonitor.additionalLabels }} {{ toYaml . | indent 4 }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml index ec96b343105b..2d9906300fb5 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml @@ -5,8 +5,7 @@ metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} + {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }} spec: {{- with .Values.prometheusOperator.verticalPodAutoscaler.recommenders }} recommenders: