From 7d6183a9ec5b1cc1c63a856af0d2da362af11b5f Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Fri, 12 Jul 2019 13:36:24 +0200 Subject: [PATCH 1/8] jsonnet/kube-prometheus/kube-state-metrics: Move rules into array --- .../kube-state-metrics.libsonnet | 149 +++++++++--------- 1 file changed, 75 insertions(+), 74 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 8a9840af..c3621663 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -43,88 +43,89 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; local clusterRole = k.rbac.v1.clusterRole; local rulesType = clusterRole.rulesType; - local coreRule = rulesType.new() + - rulesType.withApiGroups(['']) + - rulesType.withResources([ - 'configmaps', - 'secrets', - 'nodes', - 'pods', - 'services', - 'resourcequotas', - 'replicationcontrollers', - 'limitranges', - 'persistentvolumeclaims', - 'persistentvolumes', - 'namespaces', - 'endpoints', - ]) + - rulesType.withVerbs(['list', 'watch']); + local rules = [ + rulesType.new() + + rulesType.withApiGroups(['']) + + rulesType.withResources([ + 'configmaps', + 'secrets', + 'nodes', + 'pods', + 'services', + 'resourcequotas', + 'replicationcontrollers', + 'limitranges', + 'persistentvolumeclaims', + 'persistentvolumes', + 'namespaces', + 'endpoints', + ]) + + rulesType.withVerbs(['list', 'watch']), - local extensionsRule = rulesType.new() + - rulesType.withApiGroups(['extensions']) + - rulesType.withResources([ - 'daemonsets', - 'deployments', - 'replicasets', - 'ingresses', - ]) + - rulesType.withVerbs(['list', 'watch']); + rulesType.new() + + rulesType.withApiGroups(['extensions']) + + rulesType.withResources([ + 'daemonsets', + 'deployments', + 'replicasets', + 'ingresses', + ]) + + rulesType.withVerbs(['list', 'watch']), - local appsRule = rulesType.new() + - rulesType.withApiGroups(['apps']) + - rulesType.withResources([ - 'statefulsets', - 'daemonsets', - 'deployments', - 'replicasets', - ]) + - rulesType.withVerbs(['list', 'watch']); + rulesType.new() + + rulesType.withApiGroups(['apps']) + + rulesType.withResources([ + 'statefulsets', + 'daemonsets', + 'deployments', + 'replicasets', + ]) + + rulesType.withVerbs(['list', 'watch']), - local batchRule = rulesType.new() + - rulesType.withApiGroups(['batch']) + - rulesType.withResources([ - 'cronjobs', - 'jobs', - ]) + - rulesType.withVerbs(['list', 'watch']); + rulesType.new() + + rulesType.withApiGroups(['batch']) + + rulesType.withResources([ + 'cronjobs', + 'jobs', + ]) + + rulesType.withVerbs(['list', 'watch']), - local autoscalingRule = rulesType.new() + - rulesType.withApiGroups(['autoscaling']) + - rulesType.withResources([ - 'horizontalpodautoscalers', - ]) + - rulesType.withVerbs(['list', 'watch']); + rulesType.new() + + rulesType.withApiGroups(['autoscaling']) + + rulesType.withResources([ + 'horizontalpodautoscalers', + ]) + + rulesType.withVerbs(['list', 'watch']), - local authenticationRole = rulesType.new() + - rulesType.withApiGroups(['authentication.k8s.io']) + - rulesType.withResources([ - 'tokenreviews', - ]) + - rulesType.withVerbs(['create']); + rulesType.new() + + rulesType.withApiGroups(['authentication.k8s.io']) + + rulesType.withResources([ + 'tokenreviews', + ]) + + rulesType.withVerbs(['create']), - local authorizationRole = rulesType.new() + - rulesType.withApiGroups(['authorization.k8s.io']) + - rulesType.withResources([ - 'subjectaccessreviews', - ]) + - rulesType.withVerbs(['create']); + rulesType.new() + + rulesType.withApiGroups(['authorization.k8s.io']) + + rulesType.withResources([ + 'subjectaccessreviews', + ]) + + rulesType.withVerbs(['create']), - local policyRule = rulesType.new() + - rulesType.withApiGroups(['policy']) + - rulesType.withResources([ - 'poddisruptionbudgets', - ]) + - rulesType.withVerbs(['list', 'watch']); - - local certificateRule = rulesType.new() + - rulesType.withApiGroups(['certificates.k8s.io']) + - rulesType.withResources([ - 'certificatesigningrequests', - ]) + - rulesType.withVerbs(['list', 'watch']); + rulesType.new() + + rulesType.withApiGroups(['policy']) + + rulesType.withResources([ + 'poddisruptionbudgets', + ]) + + rulesType.withVerbs(['list', 'watch']), - local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole, policyRule, certificateRule]; + rulesType.new() + + rulesType.withApiGroups(['certificates.k8s.io']) + + rulesType.withResources([ + 'certificatesigningrequests', + ]) + + rulesType.withVerbs(['list', 'watch']), + + ]; clusterRole.new() + clusterRole.mixin.metadata.withName('kube-state-metrics') + From 6faecd63b7681117433c3a4351eccedd9b958460 Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Fri, 12 Jul 2019 13:37:21 +0200 Subject: [PATCH 2/8] Bump kube-state-metrics to 1.7.0-rc.1 and add storageclass rules --- .../kube-state-metrics/kube-state-metrics.libsonnet | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index c3621663..1f68e43a 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -16,7 +16,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; }, versions+:: { - kubeStateMetrics: 'v1.6.0', + kubeStateMetrics: 'v1.7.0-rc.1', kubeRbacProxy: 'v0.4.1', addonResizer: '1.8.4', }, @@ -125,6 +125,12 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; ]) + rulesType.withVerbs(['list', 'watch']), + rulesType.new() + + rulesType.withApiGroups(['storage.k8s.io']) + + rulesType.withResources([ + 'storageclass', + ]) + + rulesType.withVerbs(['list', 'watch']), ]; clusterRole.new() + From 3c652101f1bd0b2691df71f6e4a9b3f6c8e831bc Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Fri, 12 Jul 2019 13:47:24 +0200 Subject: [PATCH 3/8] Generate manifests with kube-state-metrics 1.7.0 --- manifests/kube-state-metrics-clusterRole.yaml | 7 +++++++ manifests/kube-state-metrics-deployment.yaml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index 9b96af3c..87a535ac 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -82,3 +82,10 @@ rules: verbs: - list - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclass + verbs: + - list + - watch diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 260cce68..4171cd0f 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -55,7 +55,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: quay.io/coreos/kube-state-metrics:v1.6.0 + image: quay.io/coreos/kube-state-metrics:v1.7.0-rc.1 name: kube-state-metrics resources: limits: From 62caa7adc905002249343a35a384b4a03b7ecfc9 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Wed, 31 Jul 2019 16:12:12 +0200 Subject: [PATCH 4/8] jsonnet/kube-prometheus/kube-state-metrics: Bump 1.7.1 --- .../kube-state-metrics/kube-state-metrics.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 1f68e43a..498a63d7 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -16,7 +16,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; }, versions+:: { - kubeStateMetrics: 'v1.7.0-rc.1', + kubeStateMetrics: 'v1.7.1', kubeRbacProxy: 'v0.4.1', addonResizer: '1.8.4', }, From ca6ca5f65d18d588f5c0692c35cb9c4250da268d Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Wed, 31 Jul 2019 16:23:21 +0200 Subject: [PATCH 5/8] Regenerate manifests --- manifests/kube-state-metrics-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 4171cd0f..96351166 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -55,7 +55,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: quay.io/coreos/kube-state-metrics:v1.7.0-rc.1 + image: quay.io/coreos/kube-state-metrics:v1.7.1 name: kube-state-metrics resources: limits: From 8b570f5fbb5071974e821657815a28ae4cc5bafb Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Wed, 31 Jul 2019 16:25:29 +0200 Subject: [PATCH 6/8] jsonnet/kube-state-metrics: Fix storageclass role The resource is called storageclasses not storageclass. --- .../kube-state-metrics/kube-state-metrics.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 498a63d7..4b09ed13 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -128,7 +128,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; rulesType.new() + rulesType.withApiGroups(['storage.k8s.io']) + rulesType.withResources([ - 'storageclass', + 'storageclasses', ]) + rulesType.withVerbs(['list', 'watch']), ]; From eb132e923ef07147131a62ed0e597cf0a90e984b Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Wed, 31 Jul 2019 16:39:06 +0200 Subject: [PATCH 7/8] Regenerate manifests --- manifests/kube-state-metrics-clusterRole.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index 87a535ac..a0722c70 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -85,7 +85,7 @@ rules: - apiGroups: - storage.k8s.io resources: - - storageclass + - storageclasses verbs: - list - watch From 8865f275dd93f0a871e68d239ae7137f20d942de Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Wed, 31 Jul 2019 17:01:41 +0200 Subject: [PATCH 8/8] Regenerate jsonnetfile.lock.json --- jsonnetfile.lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index c3d664a2..5e12508f 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,7 +8,7 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "aa7df507e98312f638c6a2aa7429906bc63949a6" + "version": "eb132e923ef07147131a62ed0e597cf0a90e984b" }, { "name": "ksonnet", @@ -48,7 +48,7 @@ "subdir": "grafana-builder" } }, - "version": "dbc94ab71afa538b2cf467f06751b1836920dce9" + "version": "8e77b50ee8aea319dac9964b2cc2183f3bc184d2" }, { "name": "grafana", @@ -78,7 +78,7 @@ "subdir": "Documentation/etcd-mixin" } }, - "version": "d137fa9d4ad7aa242f6fed04186a700ce082fdda" + "version": "149e5dc291a97eb41585fbd2b44ce00c4db684ad" }, { "name": "prometheus", @@ -88,7 +88,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "87a0fe0c75a42d66fcfc82a0ad89bd2549fcfadf" + "version": "0f007373087bfb2d581f77a4a9a47941e5eeee6b" } ] }