From e3b989ccd36168c702ed7169e1ed54e60165d227 Mon Sep 17 00:00:00 2001 From: "Purandare, Aditya" Date: Wed, 16 Jan 2019 01:36:32 +0530 Subject: [PATCH 1/6] Add prometheus admin flag feature to helm, kube-prometheus and jsonnet files --- README.md | 3 +++ example.jsonnet | 4 ++++ jsonnet/kube-prometheus/kube-prometheus.libsonnet | 3 +++ jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 2 ++ ...ometheus-operator-0prometheusCustomResourceDefinition.yaml | 3 +++ manifests/prometheus-prometheus.yaml | 1 + 6 files changed, 16 insertions(+) diff --git a/README.md b/README.md index bbc0d0a7..83b1a635 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,8 @@ In order to update the kube-prometheus dependency, simply use the jsonnet-bundle e.g. of how to compile the manifests: `./build.sh example.jsonnet` +> before compiling, install `gojsontoyaml` tool with `go get github.com/brancz/gojsontoyaml` + Here's [example.jsonnet](example.jsonnet): [embedmd]:# (example.jsonnet) @@ -279,6 +281,7 @@ These are the available fields with their respective default values: names: 'k8s', replicas: 2, rules: {}, + enableAdminApi: 'true', }, alertmanager+:: { diff --git a/example.jsonnet b/example.jsonnet index 2a10509c..aa4c50f1 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -2,6 +2,10 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { _config+:: { namespace: 'monitoring', }, + prometheus+:: { + name: 'k8s', + enableAdminApi: 'true', + }, }; { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 7dae5f38..915d363f 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -82,6 +82,8 @@ local configMapList = k.core.v1.configMapList; prometheusSelector: 'job="prometheus-k8s"', prometheusOperatorSelector: 'job="prometheus-operator"', + enableAdminApi: 'true', + jobs: { Kubelet: $._config.kubeletSelector, KubeScheduler: $._config.kubeSchedulerSelector, @@ -97,6 +99,7 @@ local configMapList = k.core.v1.configMapList; prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts, + enableAdminApi: $._config.enableAdminApi, }, grafana+:: { diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 89d55bcc..047a6dd0 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -18,6 +18,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; prometheus+:: { name: 'k8s', + enableAdminApi: 'true', replicas: 2, rules: {}, renderedRules: {}, @@ -168,6 +169,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; replicas: $._config.prometheus.replicas, version: $._config.versions.prometheus, baseImage: $._config.imageRepos.prometheus, + enableAdminApi: $._config.prometheus.enableAdminApi, serviceAccountName: 'prometheus-' + $._config.prometheus.name, serviceMonitorSelector: {}, serviceMonitorNamespaceSelector: {}, diff --git a/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml index 627ce96d..a9b3cdfa 100644 --- a/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -1538,6 +1538,9 @@ spec: required: - name type: array + enableAdminApi: + description: Enable access to prometheus web admin API. More info: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + type: boolean evaluationInterval: description: Interval between consecutive evaluations. type: string diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index c16914b0..18bdcf74 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -12,6 +12,7 @@ spec: namespace: monitoring port: web baseImage: quay.io/prometheus/prometheus + enableAdminApi: true nodeSelector: beta.kubernetes.io/os: linux replicas: 2 From 95771caf8c5bb77b82329cdc67357ea208a3ed95 Mon Sep 17 00:00:00 2001 From: "Purandare, Aditya" Date: Wed, 16 Jan 2019 22:05:47 +0530 Subject: [PATCH 2/6] Remove updates to helm chart, fix typo in flag, add make generated files --- README.md | 2 +- example.jsonnet | 2 +- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 4 ++-- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 4 ++-- ...ometheus-operator-0prometheusCustomResourceDefinition.yaml | 2 +- manifests/prometheus-prometheus.yaml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 83b1a635..aa3b5674 100644 --- a/README.md +++ b/README.md @@ -281,7 +281,7 @@ These are the available fields with their respective default values: names: 'k8s', replicas: 2, rules: {}, - enableAdminApi: 'true', + enableAdminAPI: 'true', }, alertmanager+:: { diff --git a/example.jsonnet b/example.jsonnet index aa4c50f1..db480ea8 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -4,7 +4,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { }, prometheus+:: { name: 'k8s', - enableAdminApi: 'true', + enableAdminAPI: 'true', }, }; diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 915d363f..814cfe60 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -82,7 +82,7 @@ local configMapList = k.core.v1.configMapList; prometheusSelector: 'job="prometheus-k8s"', prometheusOperatorSelector: 'job="prometheus-operator"', - enableAdminApi: 'true', + enableAdminAPI: 'true', jobs: { Kubelet: $._config.kubeletSelector, @@ -99,7 +99,7 @@ local configMapList = k.core.v1.configMapList; prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts, - enableAdminApi: $._config.enableAdminApi, + enableAdminAPI: $._config.enableAdminAPI, }, grafana+:: { diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 047a6dd0..b6ce301a 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -18,7 +18,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; prometheus+:: { name: 'k8s', - enableAdminApi: 'true', + enableAdminAPI: 'true', replicas: 2, rules: {}, renderedRules: {}, @@ -169,7 +169,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; replicas: $._config.prometheus.replicas, version: $._config.versions.prometheus, baseImage: $._config.imageRepos.prometheus, - enableAdminApi: $._config.prometheus.enableAdminApi, + enableAdminAPI: $._config.prometheus.enableAdminAPI, serviceAccountName: 'prometheus-' + $._config.prometheus.name, serviceMonitorSelector: {}, serviceMonitorNamespaceSelector: {}, diff --git a/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml index a9b3cdfa..abbf266f 100644 --- a/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -1538,7 +1538,7 @@ spec: required: - name type: array - enableAdminApi: + enableAdminAPI: description: Enable access to prometheus web admin API. More info: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis type: boolean evaluationInterval: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 18bdcf74..5abe34b3 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -12,7 +12,7 @@ spec: namespace: monitoring port: web baseImage: quay.io/prometheus/prometheus - enableAdminApi: true + enableAdminAPI: true nodeSelector: beta.kubernetes.io/os: linux replicas: 2 From 5ce011173f0871b5d6f403e84686381625769d19 Mon Sep 17 00:00:00 2001 From: "Purandare, Aditya" Date: Thu, 17 Jan 2019 20:13:37 +0530 Subject: [PATCH 3/6] Add a clear warning, remove admin API from jsonnet example --- example.jsonnet | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/example.jsonnet b/example.jsonnet index db480ea8..83b439f1 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -1,11 +1,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { _config+:: { namespace: 'monitoring', - }, - prometheus+:: { - name: 'k8s', - enableAdminAPI: 'true', - }, + } }; { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + From 85c4c2b8dfacfebf7000114c1d5d43002ff2d8e0 Mon Sep 17 00:00:00 2001 From: "Purandare, Aditya" Date: Thu, 17 Jan 2019 20:21:05 +0530 Subject: [PATCH 4/6] Turn prometheus admin API off by default --- README.md | 2 +- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 2 +- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 2 +- manifests/prometheus-prometheus.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index aa3b5674..fd4836c3 100644 --- a/README.md +++ b/README.md @@ -281,7 +281,7 @@ These are the available fields with their respective default values: names: 'k8s', replicas: 2, rules: {}, - enableAdminAPI: 'true', + enableAdminAPI: 'false', }, alertmanager+:: { diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 814cfe60..3a25e52c 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -82,7 +82,7 @@ local configMapList = k.core.v1.configMapList; prometheusSelector: 'job="prometheus-k8s"', prometheusOperatorSelector: 'job="prometheus-operator"', - enableAdminAPI: 'true', + enableAdminAPI: 'false', jobs: { Kubelet: $._config.kubeletSelector, diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index b6ce301a..48bb6c0e 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -18,7 +18,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; prometheus+:: { name: 'k8s', - enableAdminAPI: 'true', + enableAdminAPI: 'false', replicas: 2, rules: {}, renderedRules: {}, diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 5abe34b3..2b830347 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -12,7 +12,7 @@ spec: namespace: monitoring port: web baseImage: quay.io/prometheus/prometheus - enableAdminAPI: true + enableAdminAPI: false nodeSelector: beta.kubernetes.io/os: linux replicas: 2 From fcda42b12315e4dd66c1cfa6dc4fa19547698dd4 Mon Sep 17 00:00:00 2001 From: "Purandare, Aditya" Date: Thu, 17 Jan 2019 21:28:30 +0530 Subject: [PATCH 5/6] Remove api flag from jsonnet files --- README.md | 1 - example.jsonnet | 2 +- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 3 --- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 1 - manifests/prometheus-prometheus.yaml | 1 - 5 files changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index fd4836c3..55c6c29a 100644 --- a/README.md +++ b/README.md @@ -281,7 +281,6 @@ These are the available fields with their respective default values: names: 'k8s', replicas: 2, rules: {}, - enableAdminAPI: 'false', }, alertmanager+:: { diff --git a/example.jsonnet b/example.jsonnet index 83b439f1..2a10509c 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -1,7 +1,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { _config+:: { namespace: 'monitoring', - } + }, }; { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 3a25e52c..7dae5f38 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -82,8 +82,6 @@ local configMapList = k.core.v1.configMapList; prometheusSelector: 'job="prometheus-k8s"', prometheusOperatorSelector: 'job="prometheus-operator"', - enableAdminAPI: 'false', - jobs: { Kubelet: $._config.kubeletSelector, KubeScheduler: $._config.kubeSchedulerSelector, @@ -99,7 +97,6 @@ local configMapList = k.core.v1.configMapList; prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts, - enableAdminAPI: $._config.enableAdminAPI, }, grafana+:: { diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 48bb6c0e..b9b3810c 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -18,7 +18,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; prometheus+:: { name: 'k8s', - enableAdminAPI: 'false', replicas: 2, rules: {}, renderedRules: {}, diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 2b830347..c16914b0 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -12,7 +12,6 @@ spec: namespace: monitoring port: web baseImage: quay.io/prometheus/prometheus - enableAdminAPI: false nodeSelector: beta.kubernetes.io/os: linux replicas: 2 From 969106668a3587fcffdebfa4890aaf1099773d47 Mon Sep 17 00:00:00 2001 From: "Purandare, Aditya" Date: Fri, 18 Jan 2019 22:00:43 +0530 Subject: [PATCH 6/6] Add the missing file generated by make command --- ...rometheus-operator-0prometheusCustomResourceDefinition.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml index abbf266f..627ce96d 100644 --- a/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -1538,9 +1538,6 @@ spec: required: - name type: array - enableAdminAPI: - description: Enable access to prometheus web admin API. More info: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis - type: boolean evaluationInterval: description: Interval between consecutive evaluations. type: string