Merge pull request #221 from LiliC/bump-node-mixin

Bump node-mixin

.gitignore

@@ -2,3 +2,4 @@ tmp/
 minikube-manifests/
 vendor/
 ./auth
+.swp

Makefile

@@ -3,6 +3,7 @@ JSONNET_FMT := jsonnet fmt -n 2 --max-blank-lines 2 --string-style s --comment-s
 JB_BINARY:=$(GOPATH)/bin/jb
 EMBEDMD_BINARY:=$(GOPATH)/bin/embedmd
 CONTAINER_CMD:=docker run --rm \
+		-e http_proxy -e https_proxy -e no_proxy \
 		-u="$(shell id -u):$(shell id -g)" \
 		-v "$(shell go env GOCACHE):/.cache/go-build" \
 		-v "$(PWD):/go/src/github.com/coreos/kube-prometheus:Z" \
@@ -14,7 +15,12 @@ all: generate fmt test
 .PHONY: generate-in-docker
 generate-in-docker:
 	@echo ">> Compiling assets and generating Kubernetes manifests"
-	$(CONTAINER_CMD) $(MAKE) $(MFLAGS) generate
+	$(CONTAINER_CMD) make $(MFLAGS) generate
+
+.PHONY: clean
+clean:
+	# Remove all files and directories ignored by git.
+	git clean -Xfd .
 
 generate: manifests **.md
 
@@ -42,7 +48,7 @@ test-e2e:
 
 test-in-docker:
 	@echo ">> Compiling assets and generating Kubernetes manifests"
-	$(CONTAINER_CMD) $(MAKE) $(MFLAGS) test
+	$(CONTAINER_CMD) make $(MFLAGS) test
 
 $(JB_BINARY):
 	go get -u github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb

README.md

@@ -20,30 +20,42 @@ This stack is meant for cluster monitoring, so it is pre-configured to collect m
 
 ## Table of contents
 
-* [Prerequisites](#prerequisites)
-    * [minikube](#minikube)
-* [Quickstart](#quickstart)
-* [Customizing Kube-Prometheus](#customizing-kube-prometheus)
-    * [Installing](#installing)
-    * [Compiling](#compiling)
-    * [Containerized Installing and Compiling](#containerized-installing-and-compiling)
-* [Configuration](#configuration)
-* [Customization Examples](#customization-examples)
-    * [Cluster Creation Tools](#cluster-creation-tools)
-    * [Internal Registries](#internal-registries)
-    * [NodePorts](#nodeports)
-    * [Prometheus Object Name](#prometheus-object-name)
-    * [node-exporter DaemonSet namespace](#node-exporter-daemonset-namespace)
-    * [Alertmanager configuration](#alertmanager-configuration)
-    * [Static etcd configuration](#static-etcd-configuration)
-    * [Pod Anti-Affinity](#pod-anti-affinity)
-    * [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards)
-    * [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress)
-* [Minikube Example](#minikube-example)
-* [Troubleshooting](#troubleshooting)
-    * [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics)
-    * [kube-state-metrics resource usage](#kube-state-metrics-resource-usage)
-* [Contributing](#contributing)
+- [kube-prometheus](#kube-prometheus)
+  - [Table of contents](#table-of-contents)
+  - [Prerequisites](#prerequisites)
+    - [minikube](#minikube)
+  - [Quickstart](#quickstart)
+    - [Access the dashboards](#access-the-dashboards)
+  - [Customizing Kube-Prometheus](#customizing-kube-prometheus)
+    - [Installing](#installing)
+    - [Compiling](#compiling)
+    - [Apply the kube-prometheus stack](#apply-the-kube-prometheus-stack)
+    - [Containerized Installing and Compiling](#containerized-installing-and-compiling)
+  - [Update from upstream project](#update-from-upstream-project)
+    - [Update jb](#update-jb)
+    - [Update kube-prometheus](#update-kube-prometheus)
+    - [Compile the manifests and apply](#compile-the-manifests-and-apply)
+  - [Configuration](#configuration)
+  - [Customization Examples](#customization-examples)
+    - [Cluster Creation Tools](#cluster-creation-tools)
+    - [Internal Registry](#internal-registry)
+    - [NodePorts](#nodeports)
+    - [Prometheus Object Name](#prometheus-object-name)
+    - [node-exporter DaemonSet namespace](#node-exporter-daemonset-namespace)
+    - [Alertmanager configuration](#alertmanager-configuration)
+    - [Adding additional namespaces to monitor](#adding-additional-namespaces-to-monitor)
+      - [Defining the ServiceMonitor for each addional Namespace](#defining-the-servicemonitor-for-each-addional-namespace)
+    - [Static etcd configuration](#static-etcd-configuration)
+    - [Pod Anti-Affinity](#pod-anti-affinity)
+    - [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards)
+    - [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress)
+  - [Minikube Example](#minikube-example)
+  - [Troubleshooting](#troubleshooting)
+    - [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics)
+      - [Authentication problem](#authentication-problem)
+      - [Authorization problem](#authorization-problem)
+    - [kube-state-metrics resource usage](#kube-state-metrics-resource-usage)
+  - [Contributing](#contributing)
 
 ## Prerequisites
 
@@ -62,7 +74,7 @@ This adapter is an Extension API Server and Kubernetes needs to be have this fea
 In order to just try out this stack, start [minikube](https://github.com/kubernetes/minikube) with the following command:
 
 ```shell
-$ minikube delete && minikube start --kubernetes-version=v1.13.5 --memory=4096 --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.address=0.0.0.0 --extra-config=controller-manager.address=0.0.0.0
+$ minikube delete && minikube start --kubernetes-version=v1.14.4 --memory=4096 --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.address=0.0.0.0 --extra-config=controller-manager.address=0.0.0.0
 ```
 
 The kube-prometheus stack includes a resource metrics API server, like the metrics-server does. So ensure the metrics-server plugin is disabled on minikube:
@@ -160,7 +172,14 @@ Here's [example.jsonnet](example.jsonnet):
 [embedmd]:# (example.jsonnet)
 ```jsonnet
 local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') + {
+  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  // Uncomment the following imports to enable its patches
+  // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
+  {
     _config+:: {
       namespace: 'monitoring',
     },
@@ -214,15 +233,10 @@ Check the monitoring namespace (or the namespace you have specific in `namespace
 
 ### Containerized Installing and Compiling
 
-If you don't care to have `jb` nor `jsonnet` nor `gojsontoyaml` installed, then build the `po-jsonnet` Docker image (this is something you'll need a copy of this repository for). Do the following from this `kube-prometheus` directory:
+If you don't care to have `jb` nor `jsonnet` nor `gojsontoyaml` installed, then use `quay.io/coreos/jsonnet-ci` container image. Do the following from this `kube-prometheus` directory:
 ```shell
-$ make hack/jsonnet-docker-image
-```
-
-Then you can do commands such as the following:
-```shell
-$ docker run --rm -v $(pwd):$(pwd) --workdir $(pwd) po-jsonnet jb update
-$ docker run --rm -v $(pwd):$(pwd) --workdir $(pwd) po-jsonnet ./build.sh example.jsonnet
+$ docker run --rm -v $(pwd):$(pwd) --workdir $(pwd) quay.io/coreos/jsonnet-ci jb update
+$ docker run --rm -v $(pwd):$(pwd) --workdir $(pwd) quay.io/coreos/jsonnet-ci ./build.sh example.jsonnet
 ```
 
 ## Update from upstream project
@@ -256,13 +270,13 @@ These are the available fields with their respective default values:
     namespace: "default",
 
     versions+:: {
-        alertmanager: "v0.16.2",
-        nodeExporter: "v0.17.0",
+        alertmanager: "v0.17.0",
+        nodeExporter: "v0.18.1",
         kubeStateMetrics: "v1.5.0",
         kubeRbacProxy: "v0.4.1",
         addonResizer: "1.8.4",
-        prometheusOperator: "v0.29.0",
-        prometheus: "v2.7.2",
+        prometheusOperator: "v0.30.0",
+        prometheus: "v2.10.0",
     },
 
     imageRepos+:: {
@@ -541,6 +555,60 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
 { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
 ```
 
+#### Defining the ServiceMonitor for each addional Namespace
+
+In order to Prometheus be able to discovery and scrape services inside the additional namespaces specified in previous step you need to define a ServiceMonitor resource.
+
+> Typically it is up to the users of a namespace to provision the ServiceMonitor resource, but in case you want to generate it with the same tooling as the rest of the cluster monitoring infrastructure, this is a guide on how to achieve this. 
+
+You can define ServiceMonitor resources in your `jsonnet` spec. See the snippet bellow:
+
+[embedmd]:# (examples/additional-namespaces-servicemonitor.jsonnet)
+```jsonnet
+local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
+  _config+:: {
+      namespace: 'monitoring',
+      prometheus+:: {
+        namespaces+: ['my-namespace', 'my-second-namespace'],
+      }
+    },
+    prometheus+:: {
+      serviceMonitorMyNamespace: {
+          apiVersion: 'monitoring.coreos.com/v1',
+          kind: 'ServiceMonitor',
+          metadata: {
+              name: 'my-servicemonitor',
+              namespace: 'my-namespace',
+          },
+          spec: {
+              jobLabel: 'app',
+              endpoints: [
+              {
+                  port: 'http-metrics',
+              },
+              ],
+              selector: {
+                  matchLabels: {
+                      'app': 'myapp',
+                  },
+              },
+          },
+        },
+      },      
+
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+> NOTE: make sure your service resources has the right labels (eg. `'app': 'myapp'`) applied. Prometheus use kubernetes labels to discovery resources inside the namespaces.
+
 ### Static etcd configuration
 
 In order to configure a static etcd cluster to scrape there is a simple [kube-prometheus-static-etcd.libsonnet](jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet) mixin prepared - see [etcd.jsonnet](examples/etcd.jsonnet) for an example of how to use that mixin, and [Monitoring external etcd](docs/monitoring-external-etcd.md) for more information.

docs/developing-prometheus-rules-and-grafana-dashboards.md

@@ -11,7 +11,14 @@ As a basis, all examples in this guide are based on the base example of the kube
 [embedmd]:# (../example.jsonnet)
 ```jsonnet
 local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') + {
+  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  // Uncomment the following imports to enable its patches
+  // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
+  {
     _config+:: {
       namespace: 'monitoring',
     },

docs/exposing-prometheus-alertmanager-grafana-ingress.md

@@ -81,7 +81,7 @@ k.core.v1.list.new([
 ])
 ```
 
-In order to expose Alertmanager and Grafana, simply create additional fields containing an ingress object, but simply pointing at the `alertmanager` or `grafana` instead of the `prometheus-k8s` Service. Make sure to also use the correct port respectively, for Alertmanager it is also `web`, for Grafana it is `http`. Be sure to also specify the appropriate external URL. 
+In order to expose Alertmanager and Grafana, simply create additional fields containing an ingress object, but simply pointing at the `alertmanager` or `grafana` instead of the `prometheus-k8s` Service. Make sure to also use the correct port respectively, for Alertmanager it is also `web`, for Grafana it is `http`. Be sure to also specify the appropriate external URL. Note that the external URL for grafana is set in a different way than the external URL for Prometheus or Alertmanager. See [ingress.jsonnet](../examples/ingress.jsonnet) for how to set the Grafana external URL.
 
 In order to render the ingress objects similar to the other objects use as demonstrated in the [main readme](../README.md#usage):
 

example.jsonnet

@@ -1,5 +1,12 @@
 local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') + {
+  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  // Uncomment the following imports to enable its patches
+  // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
+  // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
+  {
     _config+:: {
       namespace: 'monitoring',
     },

examples/additional-namespaces-servicemonitor.jsonnet

@@ -0,0 +1,40 @@
+local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
+  _config+:: {
+      namespace: 'monitoring',
+      prometheus+:: {
+        namespaces+: ['my-namespace', 'my-second-namespace'],
+      }
+    },
+    prometheus+:: {
+      serviceMonitorMyNamespace: {
+          apiVersion: 'monitoring.coreos.com/v1',
+          kind: 'ServiceMonitor',
+          metadata: {
+              name: 'my-servicemonitor',
+              namespace: 'my-namespace',
+          },
+          spec: {
+              jobLabel: 'app',
+              endpoints: [
+              {
+                  port: 'http-metrics',
+              },
+              ],
+              selector: {
+                  matchLabels: {
+                      'app': 'myapp',
+                  },
+              },
+          },
+        },
+      },      
+
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }

examples/tolerations.libsonnet

@@ -0,0 +1,38 @@
+local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local statefulSet = k.apps.v1beta2.statefulSet;
+local toleration = statefulSet.mixin.spec.template.spec.tolerationsType;
+
+{
+  _config+:: {
+    tolerations+:: [
+      {
+        key: 'key1',
+        operator: 'Equal',
+        value: 'value1',
+        effect: 'NoSchedule',
+      },
+      {
+        key: 'key2',
+        operator: 'Exists',
+      },
+    ]
+  },
+
+  local withTolerations() = {
+    tolerations: [
+      toleration.new() + (
+      if std.objectHas(t, 'key') then toleration.withKey(t.key) else toleration) + (
+      if std.objectHas(t, 'operator') then toleration.withOperator(t.operator) else toleration) + (
+      if std.objectHas(t, 'value') then toleration.withValue(t.value) else toleration) + (
+      if std.objectHas(t, 'effect') then toleration.withEffect(t.effect) else toleration),
+      for t in $._config.tolerations
+    ],
+  },
+
+  prometheus+: {
+    prometheus+: {
+      spec+:
+        withTolerations(),
+    },
+  },
+}

jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet

@@ -1,11 +1,11 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 
 {
   _config+:: {
     namespace: 'default',
 
     versions+:: {
-      alertmanager: 'v0.17.0',
+      alertmanager: 'v0.18.0',
     },
 
     imageRepos+:: {
@@ -112,7 +112,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
           replicas: $._config.alertmanager.replicas,
           version: $._config.versions.alertmanager,
           baseImage: $._config.imageRepos.alertmanager,
-          nodeSelector: { 'beta.kubernetes.io/os': 'linux' },
+          nodeSelector: { 'kubernetes.io/os': 'linux' },
           serviceAccountName: 'alertmanager-' + $._config.alertmanager.name,
           securityContext: {
             runAsUser: 1000,

jsonnet/kube-prometheus/alerts/alertmanager.libsonnet

@@ -10,7 +10,7 @@
               message: 'The configuration of the instances of the Alertmanager cluster `{{$labels.service}}` are out of sync.',
             },
             expr: |||
-              count_values("config_hash", alertmanager_config_hash{%(alertmanagerSelector)s}) BY (service) / ON(service) GROUP_LEFT() label_replace(prometheus_operator_spec_replicas{%(prometheusOperatorSelector)s,controller="alertmanager"}, "service", "alertmanager-$1", "name", "(.*)") != 1
+              count_values("config_hash", alertmanager_config_hash{%(alertmanagerSelector)s}) BY (service) / ON(service) GROUP_LEFT() label_replace(max(prometheus_operator_spec_replicas{%(prometheusOperatorSelector)s,controller="alertmanager"}) by (name, job, namespace, controller), "service", "alertmanager-$1", "name", "(.*)") != 1
             ||| % $._config,
             'for': '5m',
             labels: {
@@ -31,8 +31,8 @@
             },
           },
           {
-            alert:'AlertmanagerMembersInconsistent',
-            annotations:{
+            alert: 'AlertmanagerMembersInconsistent',
+            annotations: {
               message: 'Alertmanager has not found all other members of the cluster.',
             },
             expr: |||

jsonnet/kube-prometheus/alerts/alerts.libsonnet

@@ -1,5 +1,4 @@
 (import 'alertmanager.libsonnet') +
 (import 'general.libsonnet') +
 (import 'node.libsonnet') +
-(import 'prometheus.libsonnet') +
 (import 'prometheus-operator.libsonnet')

jsonnet/kube-prometheus/alerts/general.libsonnet

@@ -9,7 +9,7 @@
             annotations: {
               message: '{{ $value }}% of the {{ $labels.job }} targets are down.',
             },
-            expr: '100 * (count(up == 0) BY (job) / count(up) BY (job)) > 10',
+            expr: '100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10',
             'for': '10m',
             labels: {
               severity: 'warning',

jsonnet/kube-prometheus/alerts/node.libsonnet

@@ -1,37 +1,6 @@
 {
   prometheusAlerts+:: {
     groups+: [
-      {
-        name: 'kube-prometheus-node-alerting.rules',
-        rules: [
-          {
-            alert: 'NodeDiskRunningFull',
-            annotations: {
-              message: 'Device {{ $labels.device }} of node-exporter {{ $labels.namespace }}/{{ $labels.pod }} will be full within the next 24 hours.',
-            },
-            expr: |||
-              (node:node_filesystem_usage: > 0.85) and (predict_linear(node:node_filesystem_avail:[6h], 3600 * 24) < 0)
-            ||| % $._config,
-            'for': '30m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'NodeDiskRunningFull',
-            annotations: {
-              message: 'Device {{ $labels.device }} of node-exporter {{ $labels.namespace }}/{{ $labels.pod }} will be full within the next 2 hours.',
-            },
-            expr: |||
-              (node:node_filesystem_usage: > 0.85) and (predict_linear(node:node_filesystem_avail:[30m], 3600 * 2) < 0)
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'critical',
-            },
-          },
-        ],
-      },
       {
         name: 'node-time',
         rules: [
@@ -41,7 +10,7 @@
               message: 'Clock skew detected on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}. Ensure NTP is configured correctly on this host.',
             },
             expr: |||
-              abs(node_timex_offset_seconds{%(nodeExporterSelector)s}) > 0.03
+              abs(node_timex_offset_seconds{%(nodeExporterSelector)s}) > 0.05
             ||| % $._config,
             'for': '2m',
             labels: {
@@ -53,32 +22,6 @@
       {
         name: 'node-network',
         rules: [
-          {
-            alert: 'NetworkReceiveErrors',
-            annotations: {
-              message: 'Network interface "{{ $labels.device }}" showing receive errors on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}"',
-            },
-            expr: |||
-              rate(node_network_receive_errs_total{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 0
-            ||| % $._config,
-            'for': '2m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'NetworkTransmitErrors',
-            annotations: {
-              message: 'Network interface "{{ $labels.device }}" showing transmit errors on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}"',
-            },
-            expr: |||
-              rate(node_network_transmit_errs_total{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 0
-            ||| % $._config,
-            'for': '2m',
-            labels: {
-              severity: 'warning',
-            },
-          },
           {
             alert: 'NodeNetworkInterfaceFlapping',
             annotations: {

jsonnet/kube-prometheus/alerts/prometheus.libsonnet

@@ -1,151 +0,0 @@
-{
-  prometheusAlerts+:: {
-    groups+: [
-      {
-        name: 'prometheus.rules',
-        rules: [
-          {
-            alert: 'PrometheusConfigReloadFailed',
-            annotations: {
-              description: "Reloading Prometheus' configuration has failed for {{$labels.namespace}}/{{$labels.pod}}",
-              summary: "Reloading Prometheus' configuration failed",
-            },
-            expr: |||
-              prometheus_config_last_reload_successful{%(prometheusSelector)s} == 0
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusNotificationQueueRunningFull',
-            annotations: {
-              description: "Prometheus' alert notification queue is running full for {{$labels.namespace}}/{{ $labels.pod}}",
-              summary: "Prometheus' alert notification queue is running full",
-            },
-            expr: |||
-              predict_linear(prometheus_notifications_queue_length{%(prometheusSelector)s}[5m], 60 * 30) > prometheus_notifications_queue_capacity{%(prometheusSelector)s}
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusErrorSendingAlerts',
-            annotations: {
-              description: 'Errors while sending alerts from Prometheus {{$labels.namespace}}/{{ $labels.pod}} to Alertmanager {{$labels.Alertmanager}}',
-              summary: 'Errors while sending alert from Prometheus',
-            },
-            expr: |||
-              rate(prometheus_notifications_errors_total{%(prometheusSelector)s}[5m]) / rate(prometheus_notifications_sent_total{%(prometheusSelector)s}[5m]) > 0.01
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusErrorSendingAlerts',
-            annotations: {
-              description: 'Errors while sending alerts from Prometheus {{$labels.namespace}}/{{ $labels.pod}} to Alertmanager {{$labels.Alertmanager}}',
-              summary: 'Errors while sending alerts from Prometheus',
-            },
-            expr: |||
-              rate(prometheus_notifications_errors_total{%(prometheusSelector)s}[5m]) / rate(prometheus_notifications_sent_total{%(prometheusSelector)s}[5m]) > 0.03
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'critical',
-            },
-          },
-          {
-            alert: 'PrometheusNotConnectedToAlertmanagers',
-            annotations: {
-              description: 'Prometheus {{ $labels.namespace }}/{{ $labels.pod}} is not connected to any Alertmanagers',
-              summary: 'Prometheus is not connected to any Alertmanagers',
-            },
-            expr: |||
-              prometheus_notifications_alertmanagers_discovered{%(prometheusSelector)s} < 1
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusTSDBReloadsFailing',
-            annotations: {
-              description: '{{$labels.job}} at {{$labels.instance}} had {{$value | humanize}} reload failures over the last four hours.',
-              summary: 'Prometheus has issues reloading data blocks from disk',
-            },
-            expr: |||
-              increase(prometheus_tsdb_reloads_failures_total{%(prometheusSelector)s}[2h]) > 0
-            ||| % $._config,
-            'for': '12h',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusTSDBCompactionsFailing',
-            annotations: {
-              description: '{{$labels.job}} at {{$labels.instance}} had {{$value | humanize}} compaction failures over the last four hours.',
-              summary: 'Prometheus has issues compacting sample blocks',
-            },
-            expr: |||
-              increase(prometheus_tsdb_compactions_failed_total{%(prometheusSelector)s}[2h]) > 0
-            ||| % $._config,
-            'for': '12h',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusTSDBWALCorruptions',
-            annotations: {
-              description: '{{$labels.job}} at {{$labels.instance}} has a corrupted write-ahead log (WAL).',
-              summary: 'Prometheus write-ahead log is corrupted',
-            },
-            expr: |||
-              prometheus_tsdb_wal_corruptions_total{%(prometheusSelector)s} > 0
-            ||| % $._config,
-            'for': '4h',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusNotIngestingSamples',
-            annotations: {
-              description: "Prometheus {{ $labels.namespace }}/{{ $labels.pod}} isn't ingesting samples.",
-              summary: "Prometheus isn't ingesting samples",
-            },
-            expr: |||
-              rate(prometheus_tsdb_head_samples_appended_total{%(prometheusSelector)s}[5m]) <= 0
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-          {
-            alert: 'PrometheusTargetScrapesDuplicate',
-            annotations: {
-              description: '{{$labels.namespace}}/{{$labels.pod}} has many samples rejected due to duplicate timestamps but different values',
-              summary: 'Prometheus has many samples rejected',
-            },
-            expr: |||
-              increase(prometheus_target_scrapes_sample_duplicate_timestamp_total{%(prometheusSelector)s}[5m]) > 0
-            ||| % $._config,
-            'for': '10m',
-            labels: {
-              severity: 'warning',
-            },
-          },
-        ],
-      },
-    ],
-  },
-}

jsonnet/kube-prometheus/jsonnetfile.json

@@ -18,7 +18,7 @@
                     "subdir": ""
                 }
             },
-            "version": "release-0.1"
+            "version": "master"
         },
         {
             "name": "grafana",
@@ -38,7 +38,7 @@
                     "subdir": "jsonnet/prometheus-operator"
                 }
             },
-            "version": "v0.30.0"
+            "version": "release-0.33"
         },
         {
             "name": "etcd-mixin",
@@ -49,6 +49,26 @@
                 }
             },
             "version": "master"
+        },
+        {
+            "name": "prometheus",
+            "source": {
+                "git": {
+                    "remote": "https://github.com/prometheus/prometheus",
+                    "subdir": "documentation/prometheus-mixin"
+                }
+            },
+            "version": "master"
+        },
+        {
+            "name": "node-mixin",
+            "source": {
+                "git": {
+                    "remote": "https://github.com/prometheus/node_exporter",
+                    "subdir": "docs/node-mixin"
+                }
+            },
+            "version": "master"
         }
     ]
 }

jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet

@@ -1,5 +1,5 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
-local statefulSet = k.apps.v1beta2.statefulSet;
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
+local statefulSet = k.apps.v1.statefulSet;
 local affinity = statefulSet.mixin.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecutionType;
 local matchExpression = affinity.mixin.podAffinityTerm.labelSelector.matchExpressionsType;
 

jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 

jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 

jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 

jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 

jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 

jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet

@@ -1,15 +1,9 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 
 {
 
-  _config+:: {
-    jobs+: {
-      CoreDNS: 'job="coredns"',
-    },
-  },
-
   prometheus+: {
     kubeControllerManagerPrometheusDiscoveryService:
       service.new('kube-controller-manager-prometheus-discovery', { 'component': 'kube-controller-manager' }, servicePort.newNamed('http-metrics', 10252, 10252)) +
@@ -22,16 +16,6 @@ local servicePort = k.core.v1.service.mixin.spec.portsType;
       service.mixin.metadata.withLabels({ 'k8s-app': 'kube-scheduler' }) +
       service.mixin.spec.withClusterIp('None'),
 
-    serviceMonitorCoreDNS+: {
-      spec+: {
-        selector: {
-          matchLabels: {
-            'k8s-app': 'coredns',
-          },
-        },
-      },
-    },
-
     serviceMonitorKubeScheduler+: {
       spec+: {
         selector+: {

jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local service = k.core.v1.service;
 local servicePort = k.core.v1.service.mixin.spec.portsType;
 

jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 
 (import 'etcd-mixin/mixin.libsonnet') + {
   _config+:: {

jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet

@@ -0,0 +1,32 @@
+// Strips spec.containers[].limits for certain containers
+// https://github.com/coreos/kube-prometheus/issues/72
+{
+  _config+:: {
+    resources+:: {
+      'addon-resizer'+: {
+        limits: {},
+      },
+      'kube-rbac-proxy'+: {
+        limits: {},
+      },
+      'node-exporter'+: {
+        limits: {},
+      },
+    },
+  },
+  prometheusOperator+: {
+    deployment+: {
+      spec+: {
+        template+: {
+          spec+: {
+            local addArgs(c) =
+                if c.name == 'prometheus-operator'
+                then c + {args+: ['--config-reloader-cpu=0']}
+                else c,
+            containers: std.map(addArgs, super.containers),
+          },
+        },
+      },
+    },
+  },
+}

jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet

@@ -0,0 +1,39 @@
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
+local service = k.core.v1.service;
+local servicePort = k.core.v1.service.mixin.spec.portsType;
+
+{
+  _config+:: {
+    versions+:: {
+      thanos: 'v0.7.0',
+    },
+    imageRepos+:: {
+      thanos: 'quay.io/thanos/thanos',
+    },
+    thanos+:: {
+      objectStorageConfig: {
+        key: 'thanos.yaml',  // How the file inside the secret is called
+        name: 'thanos-objectstorage',  // This is the name of your Kubernetes secret with the config
+      },
+    },
+  },
+  prometheus+:: {
+    // Add the grpc port to the Prometheus service to be able to query it with the Thanos Querier
+    service+: {
+      spec+: {
+        ports+: [
+          servicePort.newNamed('grpc', 10901, 10901),
+        ],
+      },
+    },
+    prometheus+: {
+      spec+: {
+        thanos+: {
+          version: $._config.versions.thanos,
+          baseImage: $._config.imageRepos.thanos,
+          objectStorageConfig: $._config.thanos.objectStorageConfig,
+        },
+      },
+    },
+  },
+}

jsonnet/kube-prometheus/kube-prometheus-thanos.libsonnet

@@ -1,219 +0,0 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
-local service = k.core.v1.service;
-local servicePort = k.core.v1.service.mixin.spec.portsType;
-
-{
-  _config+:: {
-    versions+:: {
-      thanos: 'v0.3.2',
-    },
-    imageRepos+:: {
-      thanos: 'improbable/thanos',
-    },
-    thanos+:: {
-      objectStorageConfig: {
-        key: 'thanos.yaml',  // How the file inside the secret is called
-        name: 'thanos-objstore-config',  // This is the name of your Kubernetes secret with the config
-      },
-    },
-  },
-  prometheus+:: {
-    prometheus+: {
-      spec+: {
-        podMetadata+: {
-          labels+: { 'thanos-peers': 'true' },
-        },
-        thanos+: {
-          peers: 'thanos-peers.' + $._config.namespace + '.svc:10900',
-          version: $._config.versions.thanos,
-          baseImage: $._config.imageRepos.thanos,
-          objectStorageConfig: $._config.thanos.objectStorageConfig,
-        },
-      },
-    },
-    thanosPeerService:
-      service.new('thanos-peers', { 'thanos-peers': 'true' }, [
-        servicePort.newNamed('cluster', 10900, 'cluster'),
-        servicePort.newNamed('http', 10902, 'http'),
-      ]) +
-      service.mixin.metadata.withNamespace($._config.namespace) +
-      service.mixin.metadata.withLabels({ 'thanos-peers': 'true' }) +
-      service.mixin.spec.withType('ClusterIP') +
-      service.mixin.spec.withClusterIp('None'),
-
-    serviceMonitorThanosPeer:
-      {
-        apiVersion: 'monitoring.coreos.com/v1',
-        kind: 'ServiceMonitor',
-        metadata: {
-          name: 'thanos-peers',
-          namespace: $._config.namespace,
-          labels: {
-            'k8s-app': 'thanos-peers',
-          },
-        },
-        spec: {
-          jobLabel: 'k8s-app',
-          endpoints: [
-            {
-              port: 'http',
-              interval: '30s',
-            },
-          ],
-          selector: {
-            matchLabels: {
-              'thanos-peers': 'true',
-            },
-          },
-        },
-      },
-    thanosQueryDeployment:
-      local deployment = k.apps.v1beta2.deployment;
-      local container = k.apps.v1beta2.deployment.mixin.spec.template.spec.containersType;
-      local containerPort = container.portsType;
-
-      local thanosQueryContainer =
-        container.new('thanos-query', $._config.imageRepos.thanos + ':' + $._config.versions.thanos) +
-        container.withPorts([
-          containerPort.newNamed('http', 10902),
-          containerPort.newNamed('grpc', 10901),
-          containerPort.newNamed('cluster', 10900),
-        ]) +
-        container.withArgs([
-          'query',
-          '--log.level=debug',
-          '--query.replica-label=prometheus_replica',
-          '--query.auto-downsampling',
-          '--cluster.peers=thanos-peers.' + $._config.namespace + '.svc:10900',
-        ]);
-      local podLabels = { app: 'thanos-query', 'thanos-peers': 'true' };
-      deployment.new('thanos-query', 1, thanosQueryContainer, podLabels) +
-      deployment.mixin.metadata.withNamespace($._config.namespace) +
-      deployment.mixin.metadata.withLabels(podLabels) +
-      deployment.mixin.spec.selector.withMatchLabels(podLabels) +
-      deployment.mixin.spec.template.spec.withServiceAccountName('prometheus-' + $._config.prometheus.name),
-    thanosQueryService:
-      local thanosQueryPort = servicePort.newNamed('http-query', 9090, 'http');
-      service.new('thanos-query', { app: 'thanos-query' }, thanosQueryPort) +
-      service.mixin.metadata.withNamespace($._config.namespace) +
-      service.mixin.metadata.withLabels({ app: 'thanos-query' }),
-
-    thanosStoreStatefulset:
-      local statefulSet = k.apps.v1beta2.statefulSet;
-      local volume = statefulSet.mixin.spec.template.spec.volumesType;
-      local container = statefulSet.mixin.spec.template.spec.containersType;
-      local containerEnv = container.envType;
-      local containerVolumeMount = container.volumeMountsType;
-
-      local labels = { app: 'thanos', 'thanos-peers': 'true' };
-
-      local c =
-        container.new('thanos-store', $._config.imageRepos.thanos + ':' + $._config.versions.thanos) +
-        container.withArgs([
-          'store',
-          '--log.level=debug',
-          '--data-dir=/var/thanos/store',
-          '--cluster.peers=thanos-peers.' + $._config.namespace + '.svc:10900',
-          '--objstore.config=$(OBJSTORE_CONFIG)',
-        ]) +
-        container.withEnv([
-          containerEnv.fromSecretRef(
-            'OBJSTORE_CONFIG',
-            $._config.thanos.objectStorageConfig.name,
-            $._config.thanos.objectStorageConfig.key,
-          ),
-        ]) +
-        container.withPorts([
-          { name: 'cluster', containerPort: 10900 },
-          { name: 'grpc', containerPort: 10901 },
-          { name: 'http', containerPort: 10902 },
-        ]) +
-        container.withVolumeMounts([
-          containerVolumeMount.new('data', '/var/thanos/store', false),
-        ]);
-
-      statefulSet.new('thanos-store', 1, c, [], labels) +
-      statefulSet.mixin.metadata.withNamespace($._config.namespace) +
-      statefulSet.mixin.spec.selector.withMatchLabels(labels) +
-      statefulSet.mixin.spec.withServiceName('thanos-store') +
-      statefulSet.mixin.spec.template.spec.withVolumes([
-        volume.fromEmptyDir('data'),
-      ]),
-
-    serviceMonitorThanosCompactor:
-      {
-        apiVersion: 'monitoring.coreos.com/v1',
-        kind: 'ServiceMonitor',
-        metadata: {
-          name: 'thanos-compactor',
-          namespace: $._config.namespace,
-          labels: {
-            'k8s-app': 'thanos-compactor',
-          },
-        },
-        spec: {
-          jobLabel: 'k8s-app',
-          endpoints: [
-            {
-              port: 'http',
-              interval: '30s',
-            },
-          ],
-          selector: {
-            matchLabels: {
-              app: 'thanos-compactor',
-            },
-          },
-        },
-      },
-
-    thanosCompactorService:
-      service.new(
-        'thanos-compactor',
-        { app: 'thanos-compactor' },
-        servicePort.newNamed('http', 9090, 'http'),
-      ) +
-      service.mixin.metadata.withNamespace($._config.namespace) +
-      service.mixin.metadata.withLabels({ app: 'thanos-compactor' }),
-
-    thanosCompactorStatefulset:
-      local statefulSet = k.apps.v1beta2.statefulSet;
-      local volume = statefulSet.mixin.spec.template.spec.volumesType;
-      local container = statefulSet.mixin.spec.template.spec.containersType;
-      local containerEnv = container.envType;
-      local containerVolumeMount = container.volumeMountsType;
-
-      local labels = { app: 'thanos-compactor' };
-
-      local c =
-        container.new('thanos-compactor', $._config.imageRepos.thanos + ':' + $._config.versions.thanos) +
-        container.withArgs([
-          'compact',
-          '--log.level=debug',
-          '--data-dir=/var/thanos/store',
-          '--objstore.config=$(OBJSTORE_CONFIG)',
-          '--wait',
-        ]) +
-        container.withEnv([
-          containerEnv.fromSecretRef(
-            'OBJSTORE_CONFIG',
-            $._config.thanos.objectStorageConfig.name,
-            $._config.thanos.objectStorageConfig.key,
-          ),
-        ]) +
-        container.withPorts([
-          { name: 'http', containerPort: 10902 },
-        ]) +
-        container.withVolumeMounts([
-          containerVolumeMount.new('data', '/var/thanos/store', false),
-        ]);
-
-      statefulSet.new('thanos-compactor', 1, c, [], labels) +
-      statefulSet.mixin.metadata.withNamespace($._config.namespace) +
-      statefulSet.mixin.spec.selector.withMatchLabels(labels) +
-      statefulSet.mixin.spec.withServiceName('thanos-compactor') +
-      statefulSet.mixin.spec.template.spec.withVolumes([
-        volume.fromEmptyDir('data'),
-      ]),
-  },
-}

jsonnet/kube-prometheus/kube-prometheus.libsonnet

@@ -1,14 +1,17 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
-local configMapList = k.core.v1.configMapList;
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
+local k3 = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local configMapList = k3.core.v1.configMapList;
 
 (import 'grafana/grafana.libsonnet') +
 (import 'kube-state-metrics/kube-state-metrics.libsonnet') +
 (import 'node-exporter/node-exporter.libsonnet') +
+(import 'node-mixin/mixin.libsonnet') +
 (import 'alertmanager/alertmanager.libsonnet') +
 (import 'prometheus-operator/prometheus-operator.libsonnet') +
 (import 'prometheus/prometheus.libsonnet') +
 (import 'prometheus-adapter/prometheus-adapter.libsonnet') +
 (import 'kubernetes-mixin/mixin.libsonnet') +
+(import 'prometheus/mixin.libsonnet') +
 (import 'alerts/alerts.libsonnet') +
 (import 'rules/rules.libsonnet') + {
   kubePrometheus+:: {
@@ -43,7 +46,7 @@ local configMapList = k.core.v1.configMapList;
     namespace: 'default',
 
     versions+:: {
-      grafana: '6.0.1',
+      grafana: '6.2.2',
     },
 
     tlsCipherSuites: [
@@ -86,8 +89,9 @@ local configMapList = k.core.v1.configMapList;
     coreDNSSelector: 'job="kube-dns"',
     podLabel: 'pod',
 
-    alertmanagerSelector: 'job="alertmanager-main",namespace="' + $._config.namespace + '"',
+    alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanager.name + '",namespace="' + $._config.namespace + '"',
     prometheusSelector: 'job="prometheus-' + $._config.prometheus.name + '",namespace="' + $._config.namespace + '"',
+    prometheusName: '{{$labels.namespace}}/{{$labels.pod}}',
     prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + $._config.namespace + '"',
 
     jobs: {
@@ -103,6 +107,20 @@ local configMapList = k.core.v1.configMapList;
       CoreDNS: $._config.coreDNSSelector,
     },
 
+    resources+:: {
+      'addon-resizer': {
+        requests: { cpu: '10m', memory: '30Mi' },
+        limits: { cpu: '50m', memory: '30Mi' },
+      },
+      'kube-rbac-proxy': {
+        requests: { cpu: '10m', memory: '20Mi' },
+        limits: { cpu: '20m', memory: '40Mi' },
+      },
+      'node-exporter': {
+        requests: { cpu: '102m', memory: '180Mi' },
+        limits: { cpu: '250m', memory: '180Mi' },
+      },
+    },
     prometheus+:: {
       rules: $.prometheusRules + $.prometheusAlerts,
     },
@@ -110,5 +128,6 @@ local configMapList = k.core.v1.configMapList;
     grafana+:: {
       dashboards: $.grafanaDashboards,
     },
+
   },
 }

jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 
 {
   _config+:: {
@@ -16,7 +16,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
     },
 
     versions+:: {
-      kubeStateMetrics: 'v1.5.0',
+      kubeStateMetrics: 'v1.7.2',
       kubeRbacProxy: 'v0.4.1',
       addonResizer: '1.8.4',
     },
@@ -43,88 +43,103 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       local clusterRole = k.rbac.v1.clusterRole;
       local rulesType = clusterRole.rulesType;
 
-      local coreRule = rulesType.new() +
-                       rulesType.withApiGroups(['']) +
-                       rulesType.withResources([
-                         'configmaps',
-                         'secrets',
-                         'nodes',
-                         'pods',
-                         'services',
-                         'resourcequotas',
-                         'replicationcontrollers',
-                         'limitranges',
-                         'persistentvolumeclaims',
-                         'persistentvolumes',
-                         'namespaces',
-                         'endpoints',
-                       ]) +
-                       rulesType.withVerbs(['list', 'watch']);
+      local rules = [
+        rulesType.new() +
+        rulesType.withApiGroups(['']) +
+        rulesType.withResources([
+          'configmaps',
+          'secrets',
+          'nodes',
+          'pods',
+          'services',
+          'resourcequotas',
+          'replicationcontrollers',
+          'limitranges',
+          'persistentvolumeclaims',
+          'persistentvolumes',
+          'namespaces',
+          'endpoints',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
 
-      local extensionsRule = rulesType.new() +
-                             rulesType.withApiGroups(['extensions']) +
-                             rulesType.withResources([
-                               'daemonsets',
-                               'deployments',
-                               'replicasets',
-                             ]) +
-                             rulesType.withVerbs(['list', 'watch']);
+        rulesType.new() +
+        rulesType.withApiGroups(['extensions']) +
+        rulesType.withResources([
+          'daemonsets',
+          'deployments',
+          'replicasets',
+          'ingresses',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
 
-      local appsRule = rulesType.new() +
-                       rulesType.withApiGroups(['apps']) +
-                       rulesType.withResources([
-                         'statefulsets',
-                         'daemonsets',
-                         'deployments',
-                         'replicasets',
-                       ]) +
-                       rulesType.withVerbs(['list', 'watch']);
+        rulesType.new() +
+        rulesType.withApiGroups(['apps']) +
+        rulesType.withResources([
+          'statefulsets',
+          'daemonsets',
+          'deployments',
+          'replicasets',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
 
-      local batchRule = rulesType.new() +
-                        rulesType.withApiGroups(['batch']) +
-                        rulesType.withResources([
-                          'cronjobs',
-                          'jobs',
-                        ]) +
-                        rulesType.withVerbs(['list', 'watch']);
+        rulesType.new() +
+        rulesType.withApiGroups(['batch']) +
+        rulesType.withResources([
+          'cronjobs',
+          'jobs',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
 
-      local autoscalingRule = rulesType.new() +
-                              rulesType.withApiGroups(['autoscaling']) +
-                              rulesType.withResources([
-                                'horizontalpodautoscalers',
-                              ]) +
-                              rulesType.withVerbs(['list', 'watch']);
+        rulesType.new() +
+        rulesType.withApiGroups(['autoscaling']) +
+        rulesType.withResources([
+          'horizontalpodautoscalers',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
 
-      local authenticationRole = rulesType.new() +
-                                 rulesType.withApiGroups(['authentication.k8s.io']) +
-                                 rulesType.withResources([
-                                   'tokenreviews',
-                                 ]) +
-                                 rulesType.withVerbs(['create']);
+        rulesType.new() +
+        rulesType.withApiGroups(['authentication.k8s.io']) +
+        rulesType.withResources([
+          'tokenreviews',
+        ]) +
+        rulesType.withVerbs(['create']),
 
-      local authorizationRole = rulesType.new() +
-                                rulesType.withApiGroups(['authorization.k8s.io']) +
-                                rulesType.withResources([
-                                  'subjectaccessreviews',
-                                ]) +
-                                rulesType.withVerbs(['create']);
+        rulesType.new() +
+        rulesType.withApiGroups(['authorization.k8s.io']) +
+        rulesType.withResources([
+          'subjectaccessreviews',
+        ]) +
+        rulesType.withVerbs(['create']),
 
-      local policyRule = rulesType.new() +
-                         rulesType.withApiGroups(['policy']) +
-                         rulesType.withResources([
-                           'poddisruptionbudgets',
-                         ]) +
-                         rulesType.withVerbs(['list', 'watch']);
+        rulesType.new() +
+        rulesType.withApiGroups(['policy']) +
+        rulesType.withResources([
+          'poddisruptionbudgets',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
 
-      local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole, policyRule];
+        rulesType.new() +
+        rulesType.withApiGroups(['certificates.k8s.io']) +
+        rulesType.withResources([
+          'certificatesigningrequests',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
+
+        rulesType.new() +
+        rulesType.withApiGroups(['storage.k8s.io']) +
+        rulesType.withResources([
+          'storageclasses',
+        ]) +
+        rulesType.withVerbs(['list', 'watch']),
+      ];
 
       clusterRole.new() +
       clusterRole.mixin.metadata.withName('kube-state-metrics') +
       clusterRole.withRules(rules),
     deployment:
-      local deployment = k.apps.v1beta2.deployment;
-      local container = k.apps.v1beta2.deployment.mixin.spec.template.spec.containersType;
-      local volume = k.apps.v1beta2.deployment.mixin.spec.template.spec.volumesType;
+      local deployment = k.apps.v1.deployment;
+      local container = deployment.mixin.spec.template.spec.containersType;
+      local volume = deployment.mixin.spec.template.spec.volumesType;
       local containerPort = container.portsType;
       local containerVolumeMount = container.volumeMountsType;
       local podSelector = deployment.mixin.spec.template.spec.selectorType;
@@ -139,9 +154,9 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
           '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
           '--upstream=http://127.0.0.1:8081/',
         ]) +
-        container.withPorts(containerPort.newNamed('https-main', 8443)) +
-        container.mixin.resources.withRequests({ cpu: '10m', memory: '20Mi' }) +
-        container.mixin.resources.withLimits({ cpu: '20m', memory: '40Mi' });
+        container.withPorts(containerPort.newNamed(8443, 'https-main',)) +
+        container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) +
+        container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits);
 
       local proxySelfMetrics =
         container.new('kube-rbac-proxy-self', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
@@ -151,9 +166,9 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
           '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
           '--upstream=http://127.0.0.1:8082/',
         ]) +
-        container.withPorts(containerPort.newNamed('https-self', 9443)) +
-        container.mixin.resources.withRequests({ cpu: '10m', memory: '20Mi' }) +
-        container.mixin.resources.withLimits({ cpu: '20m', memory: '40Mi' });
+        container.withPorts(containerPort.newNamed(9443, 'https-self',)) +
+        container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) +
+        container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits);
 
       local kubeStateMetrics =
         container.new('kube-state-metrics', $._config.imageRepos.kubeStateMetrics + ':' + $._config.versions.kubeStateMetrics) +
@@ -192,8 +207,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
             },
           },
         ]) +
-        container.mixin.resources.withRequests({ cpu: '10m', memory: '30Mi' }) +
-        container.mixin.resources.withLimits({ cpu: '50m', memory: '30Mi' });
+        container.mixin.resources.withRequests($._config.resources['addon-resizer'].requests) +
+        container.mixin.resources.withLimits($._config.resources['addon-resizer'].limits);
 
       local c = [proxyClusterMetrics, proxySelfMetrics, kubeStateMetrics, addonResizer];
 
@@ -201,7 +216,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       deployment.mixin.metadata.withNamespace($._config.namespace) +
       deployment.mixin.metadata.withLabels(podLabels) +
       deployment.mixin.spec.selector.withMatchLabels(podLabels) +
-      deployment.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/os': 'linux' }) +
+      deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
       deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
       deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
       deployment.mixin.spec.template.spec.withServiceAccountName('kube-state-metrics'),
@@ -259,7 +274,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
 
     service:
       local service = k.core.v1.service;
-      local servicePort = k.core.v1.service.mixin.spec.portsType;
+      local servicePort = service.mixin.spec.portsType;
 
       local ksmServicePortMain = servicePort.newNamed('https-main', 8443, 'https-main');
       local ksmServicePortSelf = servicePort.newNamed('https-self', 9443, 'https-self');

jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet

@@ -1,11 +1,11 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 
 {
   _config+:: {
     namespace: 'default',
 
     versions+:: {
-      nodeExporter: 'v0.17.0',
+      nodeExporter: 'v0.18.1',
       kubeRbacProxy: 'v0.4.1',
     },
 
@@ -55,7 +55,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       clusterRole.withRules(rules),
 
     daemonset:
-      local daemonset = k.apps.v1beta2.daemonSet;
+      local daemonset = k.apps.v1.daemonSet;
       local container = daemonset.mixin.spec.template.spec.containersType;
       local volume = daemonset.mixin.spec.template.spec.volumesType;
       local containerPort = container.portsType;
@@ -66,14 +66,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
 
       local podLabels = { app: 'node-exporter' };
 
-      local noExecuteToleration = toleration.new() +
-                                  toleration.withOperator('Exists') +
-                                  toleration.withEffect('NoExecute');
-
-      local noScheduleToleration = toleration.new() +
-                                   toleration.withOperator('Exists') +
-                                   toleration.withEffect('NoSchedule');
-
+      local existsToleration = toleration.new() +
+                               toleration.withOperator('Exists');
       local procVolumeName = 'proc';
       local procVolume = volume.fromHostPath(procVolumeName, '/proc');
       local procVolumeMount = containerVolumeMount.new(procVolumeName, '/host/proc');
@@ -103,8 +97,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
           '--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$',
         ]) +
         container.withVolumeMounts([procVolumeMount, sysVolumeMount, rootVolumeMount]) +
-        container.mixin.resources.withRequests({ cpu: '102m', memory: '180Mi' }) +
-        container.mixin.resources.withLimits({ cpu: '250m', memory: '180Mi' });
+        container.mixin.resources.withRequests($._config.resources['node-exporter'].requests) +
+        container.mixin.resources.withLimits($._config.resources['node-exporter'].limits);
 
       local ip = containerEnv.fromFieldPath('IP', 'status.podIP');
       local proxy =
@@ -125,7 +119,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
         // it so that the scheduler can decide if the pod is schedulable.
         container.withPorts(containerPort.new($._config.nodeExporter.port) + containerPort.withHostPort($._config.nodeExporter.port) + containerPort.withName('https')) +
         container.mixin.resources.withRequests({ cpu: '10m', memory: '20Mi' }) +
-        container.mixin.resources.withLimits({ cpu: '20m', memory: '40Mi' }) +
+        container.mixin.resources.withLimits({ cpu: '20m', memory: '60Mi' }) +
         container.withEnv([ip]);
 
       local c = [nodeExporter, proxy];
@@ -136,8 +130,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       daemonset.mixin.metadata.withLabels(podLabels) +
       daemonset.mixin.spec.selector.withMatchLabels(podLabels) +
       daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
-      daemonset.mixin.spec.template.spec.withTolerations([noExecuteToleration, noScheduleToleration]) +
-      daemonset.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/os': 'linux' }) +
+      daemonset.mixin.spec.template.spec.withTolerations([existsToleration]) +
+      daemonset.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
       daemonset.mixin.spec.template.spec.withContainers(c) +
       daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume, rootVolume]) +
       daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
@@ -176,6 +170,15 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
               scheme: 'https',
               interval: '30s',
               bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+              relabelings: [
+                {
+                  action: 'replace',
+                  regex: '(.*)',
+                  replacment: '$1',
+                  sourceLabels: ['__meta_kubernetes_pod_node_name'],
+                  targetLabel: 'instance',
+                },
+              ],
               tlsConfig: {
                 insecureSkipVerify: true,
               },

jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet

@@ -1,4 +1,4 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 
 {
   _config+:: {
@@ -32,10 +32,10 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
             containerLabel: container_name
           memory:
             containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container_name!="POD",container_name!="",pod_name!=""}) by (<<.GroupBy>>)
-            nodeQuery: sum(node:node_memory_bytes_total:sum{<<.LabelMatchers>>} - node:node_memory_bytes_available:sum{<<.LabelMatchers>>}) by (<<.GroupBy>>)
+            nodeQuery: sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)
             resources:
               overrides:
-                node:
+                instance:
                   resource: node
                 namespace:
                   resource: namespace
@@ -87,7 +87,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       service.mixin.metadata.withLabels($._config.prometheusAdapter.labels),
 
     deployment:
-      local deployment = k.apps.v1beta2.deployment;
+      local deployment = k.apps.v1.deployment;
       local volume = deployment.mixin.spec.template.spec.volumesType;
       local container = deployment.mixin.spec.template.spec.containersType;
       local containerVolumeMount = container.volumeMountsType;
@@ -113,7 +113,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       deployment.mixin.metadata.withNamespace($._config.namespace) +
       deployment.mixin.spec.selector.withMatchLabels($._config.prometheusAdapter.labels) +
       deployment.mixin.spec.template.spec.withServiceAccountName($.prometheusAdapter.serviceAccount.metadata.name) +
-      deployment.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/os': 'linux' }) +
+      deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
       deployment.mixin.spec.strategy.rollingUpdate.withMaxSurge(1) +
       deployment.mixin.spec.strategy.rollingUpdate.withMaxUnavailable(0) +
       deployment.mixin.spec.template.spec.withVolumes([

jsonnet/kube-prometheus/prometheus/prometheus.libsonnet

@@ -1,11 +1,12 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k3 = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 
 {
   _config+:: {
     namespace: 'default',
 
     versions+:: {
-      prometheus: 'v2.7.2',
+      prometheus: 'v2.11.0',
     },
 
     imageRepos+:: {
@@ -69,8 +70,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
         roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) +
         roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]);
 
-      local roleBindigList = k.rbac.v1.roleBindingList;
-      roleBindigList.new([newSpecificRoleBinding(x) for x in $._config.prometheus.namespaces]),
+      local roleBindingList = k3.rbac.v1.roleBindingList;
+      roleBindingList.new([newSpecificRoleBinding(x) for x in $._config.prometheus.namespaces]),
     clusterRole:
       local clusterRole = k.rbac.v1.clusterRole;
       local policyRule = clusterRole.rulesType;
@@ -141,10 +142,10 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
         role.mixin.metadata.withNamespace(namespace) +
         role.withRules(coreRule);
 
-      local roleList = k.rbac.v1.roleList;
+      local roleList = k3.rbac.v1.roleList;
       roleList.new([newSpecificRole(x) for x in $._config.prometheus.namespaces]),
     prometheus:
-      local statefulSet = k.apps.v1beta2.statefulSet;
+      local statefulSet = k.apps.v1.statefulSet;
       local container = statefulSet.mixin.spec.template.spec.containersType;
       local resourceRequirements = container.mixin.resourcesType;
       local selector = statefulSet.mixin.spec.selectorType;
@@ -169,8 +170,9 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
           baseImage: $._config.imageRepos.prometheus,
           serviceAccountName: 'prometheus-' + $._config.prometheus.name,
           serviceMonitorSelector: {},
+          podMonitorSelector: {},
           serviceMonitorNamespaceSelector: {},
-          nodeSelector: { 'beta.kubernetes.io/os': 'linux' },
+          nodeSelector: { 'kubernetes.io/os': 'linux' },
           ruleSelector: selector.withMatchLabels({
             role: 'alert-rules',
             prometheus: $._config.prometheus.name,

jsonnetfile.json

@@ -3,12 +3,11 @@
         {
             "name": "kube-prometheus",
             "source": {
-                "git": {
-                    "remote": ".",
-                    "subdir": "jsonnet/kube-prometheus"
+                "local": {
+                    "directory": "jsonnet/kube-prometheus"
                 }
             },
-            "version": "."
+            "version": ""
         }
     ]
 }

jsonnetfile.lock.json

@@ -3,12 +3,11 @@
         {
             "name": "kube-prometheus",
             "source": {
-                "git": {
-                    "remote": ".",
-                    "subdir": "jsonnet/kube-prometheus"
+                "local": {
+                    "directory": "jsonnet/kube-prometheus"
                 }
             },
-            "version": "81b9c9f9f6886ba1fbd61b05cdf0cc4f4d95eba8"
+            "version": ""
         },
         {
             "name": "ksonnet",
@@ -18,7 +17,7 @@
                     "subdir": ""
                 }
             },
-            "version": "d03da231d6c8bd74437b74a1e9e8b966f13dffa2"
+            "version": "0d2f82676817bbf9e4acf6495b2090205f323b9f"
         },
         {
             "name": "kubernetes-mixin",
@@ -28,7 +27,7 @@
                     "subdir": ""
                 }
             },
-            "version": "ae58a33e85b191a8760a8d1bd8d3cda2fd046d05"
+            "version": "e3d6d8ebb1789af0e17fb1f60171aaf64926a3a1"
         },
         {
             "name": "grafonnet",
@@ -38,7 +37,7 @@
                     "subdir": "grafonnet"
                 }
             },
-            "version": "a6896d19aedc46ecf80dd64967191b9fd6f75f45"
+            "version": "69bc267211790a1c3f4ea6e6211f3e8ffe22f987"
         },
         {
             "name": "grafana-builder",
@@ -48,7 +47,7 @@
                     "subdir": "grafana-builder"
                 }
             },
-            "version": "a73d6c3e7f5804fc7a16f592b42a62384605046c"
+            "version": "3c44dfa9bfe2b66985733d4b16e0afd29094b4a0"
         },
         {
             "name": "grafana",
@@ -58,7 +57,7 @@
                     "subdir": "grafana"
                 }
             },
-            "version": "b6db6bdbdc8d7f2f8834a8044897ea6322a0f6ad"
+            "version": "c27d2792764867cdaf6484f067cc875cb8aef2f6"
         },
         {
             "name": "prometheus-operator",
@@ -68,7 +67,7 @@
                     "subdir": "jsonnet/prometheus-operator"
                 }
             },
-            "version": "7a25bf6b6bb2347dacb235659b73bc210117acc7"
+            "version": "908ee0372a9ac2c6574d589fdc56a4f3cb5f12d1"
         },
         {
             "name": "etcd-mixin",
@@ -78,7 +77,37 @@
                     "subdir": "Documentation/etcd-mixin"
                 }
             },
-            "version": "919b93b742c76b12a83bdf8885fa75f11db6bcac"
+            "version": "7948f39790fbbc979729ca6f990740a20d4a2a76"
+        },
+        {
+            "name": "prometheus",
+            "source": {
+                "git": {
+                    "remote": "https://github.com/prometheus/prometheus",
+                    "subdir": "documentation/prometheus-mixin"
+                }
+            },
+            "version": "3638e4ab18ac320c3ed0b607f07aea309dadee45"
+        },
+        {
+            "name": "node-mixin",
+            "source": {
+                "git": {
+                    "remote": "https://github.com/prometheus/node_exporter",
+                    "subdir": "docs/node-mixin"
+                }
+            },
+            "version": "e7c2dbed4e0278731b59e9870eb9a9d046047aa8"
+        },
+        {
+            "name": "promgrafonnet",
+            "source": {
+                "git": {
+                    "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin",
+                    "subdir": "lib/promgrafonnet"
+                }
+            },
+            "version": "24ea0d6e33a415e07ec7b675d74dea3cf01fde73"
         }
     ]
 }

kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 resources:
 - ./manifests/00namespace-namespace.yaml
 - ./manifests/0prometheus-operator-0alertmanagerCustomResourceDefinition.yaml
+- ./manifests/0prometheus-operator-0podmonitorCustomResourceDefinition.yaml
 - ./manifests/0prometheus-operator-0prometheusCustomResourceDefinition.yaml
 - ./manifests/0prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
 - ./manifests/0prometheus-operator-0servicemonitorCustomResourceDefinition.yaml

manifests/0prometheus-operator-0podmonitorCustomResourceDefinition.yaml

@@ -0,0 +1,235 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  name: podmonitors.monitoring.coreos.com
+spec:
+  group: monitoring.coreos.com
+  names:
+    kind: PodMonitor
+    plural: podmonitors
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        spec:
+          description: PodMonitorSpec contains specification parameters for a PodMonitor.
+          properties:
+            jobLabel:
+              description: The label to use to retrieve the job name from.
+              type: string
+            namespaceSelector:
+              description: NamespaceSelector is a selector for selecting either all
+                namespaces or a list of namespaces.
+              properties:
+                any:
+                  description: Boolean describing whether all namespaces are selected
+                    in contrast to a list restricting them.
+                  type: boolean
+                matchNames:
+                  description: List of namespace names.
+                  items:
+                    type: string
+                  type: array
+              type: object
+            podMetricsEndpoints:
+              description: A list of endpoints allowed as part of this PodMonitor.
+              items:
+                description: PodMetricsEndpoint defines a scrapeable endpoint of a
+                  Kubernetes Pod serving Prometheus metrics.
+                properties:
+                  honorLabels:
+                    description: HonorLabels chooses the metric's labels on collisions
+                      with target labels.
+                    type: boolean
+                  interval:
+                    description: Interval at which metrics should be scraped
+                    type: string
+                  metricRelabelings:
+                    description: MetricRelabelConfigs to apply to samples before ingestion.
+                    items:
+                      description: 'RelabelConfig allows dynamic rewriting of the
+                        label set, being applied to samples before ingestion. It defines
+                        `<metric_relabel_configs>`-section of Prometheus configuration.
+                        More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+                      properties:
+                        action:
+                          description: Action to perform based on regex matching.
+                            Default is 'replace'
+                          type: string
+                        modulus:
+                          description: Modulus to take of the hash of the source label
+                            values.
+                          format: int64
+                          type: integer
+                        regex:
+                          description: Regular expression against which the extracted
+                            value is matched. defailt is '(.*)'
+                          type: string
+                        replacement:
+                          description: Replacement value against which a regex replace
+                            is performed if the regular expression matches. Regex
+                            capture groups are available. Default is '$1'
+                          type: string
+                        separator:
+                          description: Separator placed between concatenated source
+                            label values. default is ';'.
+                          type: string
+                        sourceLabels:
+                          description: The source labels select values from existing
+                            labels. Their content is concatenated using the configured
+                            separator and matched against the configured regular expression
+                            for the replace, keep, and drop actions.
+                          items:
+                            type: string
+                          type: array
+                        targetLabel:
+                          description: Label to which the resulting value is written
+                            in a replace action. It is mandatory for replace actions.
+                            Regex capture groups are available.
+                          type: string
+                      type: object
+                    type: array
+                  params:
+                    description: Optional HTTP URL parameters
+                    type: object
+                  path:
+                    description: HTTP path to scrape for metrics.
+                    type: string
+                  port:
+                    description: Name of the port this endpoint refers to. Mutually
+                      exclusive with targetPort.
+                    type: string
+                  proxyUrl:
+                    description: ProxyURL eg http://proxyserver:2195 Directs scrapes
+                      to proxy through this endpoint.
+                    type: string
+                  relabelings:
+                    description: 'RelabelConfigs to apply to samples before ingestion.
+                      More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
+                    items:
+                      description: 'RelabelConfig allows dynamic rewriting of the
+                        label set, being applied to samples before ingestion. It defines
+                        `<metric_relabel_configs>`-section of Prometheus configuration.
+                        More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
+                      properties:
+                        action:
+                          description: Action to perform based on regex matching.
+                            Default is 'replace'
+                          type: string
+                        modulus:
+                          description: Modulus to take of the hash of the source label
+                            values.
+                          format: int64
+                          type: integer
+                        regex:
+                          description: Regular expression against which the extracted
+                            value is matched. defailt is '(.*)'
+                          type: string
+                        replacement:
+                          description: Replacement value against which a regex replace
+                            is performed if the regular expression matches. Regex
+                            capture groups are available. Default is '$1'
+                          type: string
+                        separator:
+                          description: Separator placed between concatenated source
+                            label values. default is ';'.
+                          type: string
+                        sourceLabels:
+                          description: The source labels select values from existing
+                            labels. Their content is concatenated using the configured
+                            separator and matched against the configured regular expression
+                            for the replace, keep, and drop actions.
+                          items:
+                            type: string
+                          type: array
+                        targetLabel:
+                          description: Label to which the resulting value is written
+                            in a replace action. It is mandatory for replace actions.
+                            Regex capture groups are available.
+                          type: string
+                      type: object
+                    type: array
+                  scheme:
+                    description: HTTP scheme to use for scraping.
+                    type: string
+                  scrapeTimeout:
+                    description: Timeout after which the scrape is ended
+                    type: string
+                  targetPort:
+                    anyOf:
+                    - type: string
+                    - type: integer
+                type: object
+              type: array
+            podTargetLabels:
+              description: PodTargetLabels transfers labels on the Kubernetes Pod
+                onto the target.
+              items:
+                type: string
+              type: array
+            sampleLimit:
+              description: SampleLimit defines per-scrape limit on number of scraped
+                samples that will be accepted.
+              format: int64
+              type: integer
+            selector:
+              description: A label selector is a label query over a set of resources.
+                The result of matchLabels and matchExpressions are ANDed. An empty
+                label selector matches all objects. A null label selector matches
+                no objects.
+              properties:
+                matchExpressions:
+                  description: matchExpressions is a list of label selector requirements.
+                    The requirements are ANDed.
+                  items:
+                    description: A label selector requirement is a selector that contains
+                      values, a key, and an operator that relates the key and values.
+                    properties:
+                      key:
+                        description: key is the label key that the selector applies
+                          to.
+                        type: string
+                      operator:
+                        description: operator represents a key's relationship to a
+                          set of values. Valid operators are In, NotIn, Exists and
+                          DoesNotExist.
+                        type: string
+                      values:
+                        description: values is an array of string values. If the operator
+                          is In or NotIn, the values array must be non-empty. If the
+                          operator is Exists or DoesNotExist, the values array must
+                          be empty. This array is replaced during a strategic merge
+                          patch.
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - key
+                    - operator
+                    type: object
+                  type: array
+                matchLabels:
+                  description: matchLabels is a map of {key,value} pairs. A single
+                    {key,value} in the matchLabels map is equivalent to an element
+                    of matchExpressions, whose key field is "key", the operator is
+                    "In", and the values array contains only "value". The requirements
+                    are ANDed.
+                  type: object
+              type: object
+          required:
+          - podMetricsEndpoints
+          - selector
+          type: object
+      type: object
+  version: v1

manifests/0prometheus-operator-0prometheusruleCustomResourceDefinition.yaml

@@ -96,6 +96,7 @@ spec:
                         type: string
                     required:
                     - name
+                    type: object
                   type: array
                 result:
                   description: Status is a return value for calls that don't return
@@ -148,6 +149,7 @@ spec:
                                   cause of the error. If this value is empty there
                                   is no information available.
                                 type: string
+                            type: object
                           type: array
                         group:
                           description: The group attribute of the resource associated
@@ -175,6 +177,7 @@ spec:
                           description: 'UID of the resource. (when there is a single
                             resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
                           type: string
+                      type: object
                     kind:
                       description: 'Kind is a string value representing the REST resource
                         this object represents. Servers may infer this from the endpoint
@@ -203,6 +206,13 @@ spec:
                             value in the first response, unless you have received
                             this token from an error message.
                           type: string
+                        remainingItemCount:
+                          description: |-
+                            remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
+
+                            This field is alpha and can be changed or removed without notice.
+                          format: int64
+                          type: integer
                         resourceVersion:
                           description: 'String that identifies the server''s internal
                             version of this object that can be used by clients to
@@ -215,6 +225,7 @@ spec:
                           description: selfLink is a URL representing this object.
                             Populated by the system. Read-only.
                           type: string
+                      type: object
                     reason:
                       description: A machine-readable description of why this operation
                         is in the "Failure" status. If this value is empty there is
@@ -225,13 +236,52 @@ spec:
                       description: 'Status of the operation. One of: "Success" or
                         "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status'
                       type: string
+                  type: object
               required:
               - pending
+              type: object
             labels:
               description: 'Map of string keys and values that can be used to organize
                 and categorize (scope and select) objects. May match selectors of
                 replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
               type: object
+            managedFields:
+              description: |-
+                ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+
+                This field is alpha and can be changed or removed without notice.
+              items:
+                description: ManagedFieldsEntry is a workflow-id, a FieldSet and the
+                  group version of the resource that the fieldset applies to.
+                properties:
+                  apiVersion:
+                    description: APIVersion defines the version of this resource that
+                      this field set applies to. The format is "group/version" just
+                      like the top-level APIVersion field. It is necessary to track
+                      the version of a field set because it cannot be automatically
+                      converted.
+                    type: string
+                  fields:
+                    description: 'Fields stores a set of fields in a data structure
+                      like a Trie. To understand how this is used, see: https://github.com/kubernetes-sigs/structured-merge-diff'
+                    type: object
+                  manager:
+                    description: Manager is an identifier of the workflow managing
+                      these fields.
+                    type: string
+                  operation:
+                    description: Operation is the type of operation which lead to
+                      this ManagedFieldsEntry being created. The only valid values
+                      for this field are 'Apply' and 'Update'.
+                    type: string
+                  time:
+                    description: Time is a wrapper around time.Time which supports
+                      correct marshaling to YAML and JSON.  Wrappers are provided
+                      for many of the factory methods that the time package offers.
+                    format: date-time
+                    type: string
+                type: object
+              type: array
             name:
               description: 'Name must be unique within a namespace. Is required when
                 creating resources, although some resources may allow a client to
@@ -284,6 +334,7 @@ spec:
                 - kind
                 - name
                 - uid
+                type: object
               type: array
             resourceVersion:
               description: |-
@@ -301,6 +352,7 @@ spec:
 
                 Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
               type: string
+          type: object
         spec:
           description: PrometheusRuleSpec contains specification parameters for a
             Rule.
@@ -335,9 +387,13 @@ spec:
                           type: string
                       required:
                       - expr
+                      type: object
                     type: array
                 required:
                 - name
                 - rules
+                type: object
               type: array
+          type: object
+      type: object
   version: v1

manifests/0prometheus-operator-0servicemonitorCustomResourceDefinition.yaml

@@ -47,11 +47,12 @@ spec:
                             description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                             type: string
                           optional:
-                            description: Specify whether the Secret or it's key must
+                            description: Specify whether the Secret or its key must
                               be defined
                             type: boolean
                         required:
                         - key
+                        type: object
                       username:
                         description: SecretKeySelector selects a key of a Secret.
                         properties:
@@ -63,11 +64,13 @@ spec:
                             description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                             type: string
                           optional:
-                            description: Specify whether the Secret or it's key must
+                            description: Specify whether the Secret or its key must
                               be defined
                             type: boolean
                         required:
                         - key
+                        type: object
+                    type: object
                   bearerTokenFile:
                     description: File to read bearer token for scraping targets.
                     type: string
@@ -121,6 +124,7 @@ spec:
                             in a replace action. It is mandatory for replace actions.
                             Regex capture groups are available.
                           type: string
+                      type: object
                     type: array
                   params:
                     description: Optional HTTP URL parameters
@@ -137,7 +141,7 @@ spec:
                       to proxy through this endpoint.
                     type: string
                   relabelings:
-                    description: 'RelabelConfigs to apply to samples before ingestion.
+                    description: 'RelabelConfigs to apply to samples before scraping.
                       More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
                     items:
                       description: 'RelabelConfig allows dynamic rewriting of the
@@ -180,6 +184,7 @@ spec:
                             in a replace action. It is mandatory for replace actions.
                             Regex capture groups are available.
                           type: string
+                      type: object
                     type: array
                   scheme:
                     description: HTTP scheme to use for scraping.
@@ -209,6 +214,8 @@ spec:
                       serverName:
                         description: Used to verify the hostname for the targets.
                         type: string
+                    type: object
+                type: object
               type: array
             jobLabel:
               description: The label to use to retrieve the job name from.
@@ -226,6 +233,7 @@ spec:
                   items:
                     type: string
                   type: array
+              type: object
             podTargetLabels:
               description: PodTargetLabels transfers labels on the Kubernetes Pod
                 onto the target.
@@ -271,6 +279,7 @@ spec:
                     required:
                     - key
                     - operator
+                    type: object
                   type: array
                 matchLabels:
                   description: matchLabels is a map of {key,value} pairs. A single
@@ -279,6 +288,7 @@ spec:
                     "In", and the values array contains only "value". The requirements
                     are ANDed.
                   type: object
+              type: object
             targetLabels:
               description: TargetLabels transfers labels on the Kubernetes Service
                 onto the target.
@@ -288,4 +298,6 @@ spec:
           required:
           - endpoints
           - selector
+          type: object
+      type: object
   version: v1

manifests/0prometheus-operator-clusterRole.yaml

@@ -1,6 +1,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.33.0
   name: prometheus-operator
 rules:
 - apiGroups:
@@ -17,6 +21,7 @@ rules:
   - prometheuses/finalizers
   - alertmanagers/finalizers
   - servicemonitors
+  - podmonitors
   - prometheusrules
   verbs:
   - '*'

manifests/0prometheus-operator-clusterRoleBinding.yaml

@@ -1,6 +1,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.33.0
   name: prometheus-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io

manifests/0prometheus-operator-deployment.yaml

@@ -1,27 +1,32 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    k8s-app: prometheus-operator
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.33.0
   name: prometheus-operator
   namespace: monitoring
 spec:
   replicas: 1
   selector:
     matchLabels:
-      k8s-app: prometheus-operator
+      app.kubernetes.io/component: controller
+      app.kubernetes.io/name: prometheus-operator
   template:
     metadata:
       labels:
-        k8s-app: prometheus-operator
+        app.kubernetes.io/component: controller
+        app.kubernetes.io/name: prometheus-operator
+        app.kubernetes.io/version: v0.33.0
     spec:
       containers:
       - args:
         - --kubelet-service=kube-system/kubelet
         - --logtostderr=true
         - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1
-        - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.29.0
-        image: quay.io/coreos/prometheus-operator:v0.29.0
+        - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.33.0
+        image: quay.io/coreos/prometheus-operator:v0.33.0
         name: prometheus-operator
         ports:
         - containerPort: 8080
@@ -35,7 +40,6 @@ spec:
             memory: 100Mi
         securityContext:
           allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
       nodeSelector:
         beta.kubernetes.io/os: linux
       securityContext:

manifests/0prometheus-operator-service.yaml

@@ -2,7 +2,9 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    k8s-app: prometheus-operator
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.33.0
   name: prometheus-operator
   namespace: monitoring
 spec:
@@ -12,4 +14,5 @@ spec:
     port: 8080
     targetPort: http
   selector:
-    k8s-app: prometheus-operator
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator

manifests/0prometheus-operator-serviceAccount.yaml

@@ -1,5 +1,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.33.0
   name: prometheus-operator
   namespace: monitoring

manifests/0prometheus-operator-serviceMonitor.yaml

@@ -2,7 +2,9 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   labels:
-    k8s-app: prometheus-operator
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.33.0
   name: prometheus-operator
   namespace: monitoring
 spec:
@@ -11,4 +13,6 @@ spec:
     port: http
   selector:
     matchLabels:
-      k8s-app: prometheus-operator
+      app.kubernetes.io/component: controller
+      app.kubernetes.io/name: prometheus-operator
+      app.kubernetes.io/version: v0.33.0

manifests/alertmanager-alertmanager.yaml

@@ -8,11 +8,11 @@ metadata:
 spec:
   baseImage: quay.io/prometheus/alertmanager
   nodeSelector:
-    beta.kubernetes.io/os: linux
+    kubernetes.io/os: linux
   replicas: 3
   securityContext:
     fsGroup: 2000
     runAsNonRoot: true
     runAsUser: 1000
   serviceAccountName: alertmanager-main
-  version: v0.17.0
+  version: v0.18.0

manifests/alertmanager-secret.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  alertmanager.yaml: Imdsb2JhbCI6IAogICJyZXNvbHZlX3RpbWVvdXQiOiAiNW0iCiJyZWNlaXZlcnMiOiAKLSAibmFtZSI6ICJudWxsIgoicm91dGUiOiAKICAiZ3JvdXBfYnkiOiAKICAtICJqb2IiCiAgImdyb3VwX2ludGVydmFsIjogIjVtIgogICJncm91cF93YWl0IjogIjMwcyIKICAicmVjZWl2ZXIiOiAibnVsbCIKICAicmVwZWF0X2ludGVydmFsIjogIjEyaCIKICAicm91dGVzIjogCiAgLSAibWF0Y2giOiAKICAgICAgImFsZXJ0bmFtZSI6ICJXYXRjaGRvZyIKICAgICJyZWNlaXZlciI6ICJudWxsIg==
+  alertmanager.yaml: Imdsb2JhbCI6CiAgInJlc29sdmVfdGltZW91dCI6ICI1bSIKInJlY2VpdmVycyI6Ci0gIm5hbWUiOiAibnVsbCIKInJvdXRlIjoKICAiZ3JvdXBfYnkiOgogIC0gImpvYiIKICAiZ3JvdXBfaW50ZXJ2YWwiOiAiNW0iCiAgImdyb3VwX3dhaXQiOiAiMzBzIgogICJyZWNlaXZlciI6ICJudWxsIgogICJyZXBlYXRfaW50ZXJ2YWwiOiAiMTJoIgogICJyb3V0ZXMiOgogIC0gIm1hdGNoIjoKICAgICAgImFsZXJ0bmFtZSI6ICJXYXRjaGRvZyIKICAgICJyZWNlaXZlciI6ICJudWxsIg==
 kind: Secret
 metadata:
   name: alertmanager-main

manifests/grafana-deployment.yaml

@@ -16,7 +16,7 @@ spec:
         app: grafana
     spec:
       containers:
-      - image: grafana/grafana:6.0.1
+      - image: grafana/grafana:6.2.2
         name: grafana
         ports:
         - containerPort: 3000
@@ -42,11 +42,11 @@ spec:
         - mountPath: /etc/grafana/provisioning/dashboards
           name: grafana-dashboards
           readOnly: false
-        - mountPath: /grafana-dashboard-definitions/0/k8s-cluster-rsrc-use
-          name: grafana-dashboard-k8s-cluster-rsrc-use
+        - mountPath: /grafana-dashboard-definitions/0/apiserver
+          name: grafana-dashboard-apiserver
           readOnly: false
-        - mountPath: /grafana-dashboard-definitions/0/k8s-node-rsrc-use
-          name: grafana-dashboard-k8s-node-rsrc-use
+        - mountPath: /grafana-dashboard-definitions/0/controller-manager
+          name: grafana-dashboard-controller-manager
           readOnly: false
         - mountPath: /grafana-dashboard-definitions/0/k8s-resources-cluster
           name: grafana-dashboard-k8s-resources-cluster
@@ -63,6 +63,15 @@ spec:
         - mountPath: /grafana-dashboard-definitions/0/k8s-resources-workloads-namespace
           name: grafana-dashboard-k8s-resources-workloads-namespace
           readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/kubelet
+          name: grafana-dashboard-kubelet
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/node-cluster-rsrc-use
+          name: grafana-dashboard-node-cluster-rsrc-use
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/node-rsrc-use
+          name: grafana-dashboard-node-rsrc-use
+          readOnly: false
         - mountPath: /grafana-dashboard-definitions/0/nodes
           name: grafana-dashboard-nodes
           readOnly: false
@@ -72,6 +81,18 @@ spec:
         - mountPath: /grafana-dashboard-definitions/0/pods
           name: grafana-dashboard-pods
           readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/prometheus-remote-write
+          name: grafana-dashboard-prometheus-remote-write
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/prometheus
+          name: grafana-dashboard-prometheus
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/proxy
+          name: grafana-dashboard-proxy
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/scheduler
+          name: grafana-dashboard-scheduler
+          readOnly: false
         - mountPath: /grafana-dashboard-definitions/0/statefulset
           name: grafana-dashboard-statefulset
           readOnly: false
@@ -91,11 +112,11 @@ spec:
           name: grafana-dashboards
         name: grafana-dashboards
       - configMap:
-          name: grafana-dashboard-k8s-cluster-rsrc-use
-        name: grafana-dashboard-k8s-cluster-rsrc-use
+          name: grafana-dashboard-apiserver
+        name: grafana-dashboard-apiserver
       - configMap:
-          name: grafana-dashboard-k8s-node-rsrc-use
-        name: grafana-dashboard-k8s-node-rsrc-use
+          name: grafana-dashboard-controller-manager
+        name: grafana-dashboard-controller-manager
       - configMap:
           name: grafana-dashboard-k8s-resources-cluster
         name: grafana-dashboard-k8s-resources-cluster
@@ -111,6 +132,15 @@ spec:
       - configMap:
           name: grafana-dashboard-k8s-resources-workloads-namespace
         name: grafana-dashboard-k8s-resources-workloads-namespace
+      - configMap:
+          name: grafana-dashboard-kubelet
+        name: grafana-dashboard-kubelet
+      - configMap:
+          name: grafana-dashboard-node-cluster-rsrc-use
+        name: grafana-dashboard-node-cluster-rsrc-use
+      - configMap:
+          name: grafana-dashboard-node-rsrc-use
+        name: grafana-dashboard-node-rsrc-use
       - configMap:
           name: grafana-dashboard-nodes
         name: grafana-dashboard-nodes
@@ -120,6 +150,18 @@ spec:
       - configMap:
           name: grafana-dashboard-pods
         name: grafana-dashboard-pods
+      - configMap:
+          name: grafana-dashboard-prometheus-remote-write
+        name: grafana-dashboard-prometheus-remote-write
+      - configMap:
+          name: grafana-dashboard-prometheus
+        name: grafana-dashboard-prometheus
+      - configMap:
+          name: grafana-dashboard-proxy
+        name: grafana-dashboard-proxy
+      - configMap:
+          name: grafana-dashboard-scheduler
+        name: grafana-dashboard-scheduler
       - configMap:
           name: grafana-dashboard-statefulset
         name: grafana-dashboard-statefulset

manifests/kube-state-metrics-clusterRole.yaml

@@ -27,6 +27,7 @@ rules:
   - daemonsets
   - deployments
   - replicasets
+  - ingresses
   verbs:
   - list
   - watch
@@ -74,3 +75,17 @@ rules:
   verbs:
   - list
   - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - list
+  - watch

manifests/kube-state-metrics-deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
@@ -55,7 +55,7 @@ spec:
         - --port=8081
         - --telemetry-host=127.0.0.1
         - --telemetry-port=8082
-        image: quay.io/coreos/kube-state-metrics:v1.5.0
+        image: quay.io/coreos/kube-state-metrics:v1.7.2
         name: kube-state-metrics
         resources:
           limits:
@@ -94,7 +94,7 @@ spec:
             cpu: 10m
             memory: 30Mi
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
       securityContext:
         runAsNonRoot: true
         runAsUser: 65534

manifests/node-exporter-daemonset.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   labels:
@@ -22,7 +22,7 @@ spec:
         - --path.rootfs=/host/root
         - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)
         - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
-        image: quay.io/prometheus/node-exporter:v0.17.0
+        image: quay.io/prometheus/node-exporter:v0.18.1
         name: node-exporter
         resources:
           limits:
@@ -61,23 +61,20 @@ spec:
         resources:
           limits:
             cpu: 20m
-            memory: 40Mi
+            memory: 60Mi
           requests:
             cpu: 10m
             memory: 20Mi
       hostNetwork: true
       hostPID: true
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
       securityContext:
         runAsNonRoot: true
         runAsUser: 65534
       serviceAccountName: node-exporter
       tolerations:
-      - effect: NoExecute
-        operator: Exists
-      - effect: NoSchedule
-        operator: Exists
+      - operator: Exists
       volumes:
       - hostPath:
           path: /proc

manifests/node-exporter-serviceMonitor.yaml

@@ -10,6 +10,13 @@ spec:
   - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
     interval: 30s
     port: https
+    relabelings:
+    - action: replace
+      regex: (.*)
+      replacment: $1
+      sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: instance
     scheme: https
     tlsConfig:
       insecureSkipVerify: true

manifests/prometheus-adapter-configMap.yaml

@@ -16,10 +16,10 @@ data:
         containerLabel: container_name
       memory:
         containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container_name!="POD",container_name!="",pod_name!=""}) by (<<.GroupBy>>)
-        nodeQuery: sum(node:node_memory_bytes_total:sum{<<.LabelMatchers>>} - node:node_memory_bytes_available:sum{<<.LabelMatchers>>}) by (<<.GroupBy>>)
+        nodeQuery: sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)
         resources:
           overrides:
-            node:
+            instance:
               resource: node
             namespace:
               resource: namespace

manifests/prometheus-adapter-deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: prometheus-adapter
@@ -40,7 +40,7 @@ spec:
           name: config
           readOnly: false
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
       serviceAccountName: prometheus-adapter
       volumes:
       - emptyDir: {}

manifests/prometheus-prometheus.yaml

@@ -13,7 +13,8 @@ spec:
       port: web
   baseImage: quay.io/prometheus/prometheus
   nodeSelector:
-    beta.kubernetes.io/os: linux
+    kubernetes.io/os: linux
+  podMonitorSelector: {}
   replicas: 2
   resources:
     requests:
@@ -29,4 +30,4 @@ spec:
   serviceAccountName: prometheus-k8s
   serviceMonitorNamespaceSelector: {}
   serviceMonitorSelector: {}
-  version: v2.7.2
+  version: v2.11.0

tests/e2e/travis-e2e.sh

@@ -10,7 +10,7 @@ set -x
 
 curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 chmod +x kubectl
-curl -Lo kind https://github.com/kubernetes-sigs/kind/releases/download/0.2.1/kind-linux-amd64
+curl -Lo kind https://github.com/kubernetes-sigs/kind/releases/download/v0.4.0/kind-linux-amd64
 chmod +x kind
 
 ./kind create cluster