[release-0.12] Adds dependency on github.com/grafana/jsonnet-libs mixins-util (#2478 )

* Add lockfile * chore: ignore mdox errors for https://www.weave.works
[bot] [release-0.12] Automated version update (#2315 )
2024-08-07 17:10:32 +01:00 · 2024-01-03 17:32:30 +00:00 · 2023-11-27 12:07:35 +00:00 · 2023-08-16 16:55:15 +01:00 · 2023-07-28 03:24:28 -07:00 · 2023-07-27 03:20:15 -07:00
18 changed files with 493 additions and 698 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -99,23 +99,9 @@ jobs:
        image: ${{ matrix.kind-image }}
        wait: 10s # Without default CNI, control-plane doesn't get ready until Cilium is installed
        config: .github/workflows/kind/config.yml
-    - name: Setup Helm
-      uses: azure/setup-helm@v3.5
-    - name: Install Cilium
+    - name: Install kube-router for NetworkPolicy support
      run: |
-        helm repo add cilium https://helm.cilium.io/
-        helm install cilium cilium/cilium --version 1.9.13 \
-        --namespace kube-system \
-        --set nodeinit.enabled=true \
-        --set kubeProxyReplacement=partial \
-        --set hostServices.enabled=false \
-        --set externalIPs.enabled=true \
-        --set nodePort.enabled=true \
-        --set hostPort.enabled=true \
-        --set bpf.masquerade=false \
-        --set image.pullPolicy=IfNotPresent \
-        --set ipam.mode=kubernetes \
-        --set operator.replicas=1
+        kubectl apply -f .github/workflows/kind/kube-router.yaml
    - name: Wait for cluster to finish bootstraping
      run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s
    - name: Create kube-prometheus stack
--- a/.github/workflows/kind/config.yml
+++ b/.github/workflows/kind/config.yml
@@ -1,6 +1,15 @@
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 networking:
-  disableDefaultCNI: true
  podSubnet: "10.10.0.0/16"
  serviceSubnet: "10.11.0.0/16"
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /home/runner/work/kube-prometheus/kube-prometheus/.github/workflows/kind/patches
+        containerPath: /patches
+kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    patches:
+      directory: /patches
--- a/.github/workflows/kind/kube-router.yaml
+++ b/.github/workflows/kind/kube-router.yaml
@@ -0,0 +1,186 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kube-router-cfg
+  namespace: kube-system
+  labels:
+    tier: node
+    k8s-app: kube-router
+data:
+  cni-conf.json: |
+    {
+      "cniVersion":"0.3.0",
+      "name":"mynet",
+      "plugins":[
+        {
+          "name":"kubernetes",
+          "type":"bridge",
+          "bridge":"kube-bridge",
+          "isDefaultGateway":true,
+          "ipam":{
+            "type":"host-local"
+          }
+        }
+      ]
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: kube-router
+    tier: node
+  name: kube-router
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-router
+      tier: node
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-router
+        tier: node
+    spec:
+      priorityClassName: system-node-critical
+      serviceAccountName: kube-router
+      containers:
+        - name: kube-router
+          image: docker.io/cloudnativelabs/kube-router
+          imagePullPolicy: Always
+          args:
+            - --run-router=true
+            - --run-firewall=true
+            - --run-service-proxy=false
+            - --bgp-graceful-restart=true
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: KUBE_ROUTER_CNI_CONF_FILE
+              value: /etc/cni/net.d/10-kuberouter.conflist
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 20244
+            initialDelaySeconds: 10
+            periodSeconds: 3
+          resources:
+            requests:
+              memory: 250Mi
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: lib-modules
+              mountPath: /lib/modules
+              readOnly: true
+            - name: cni-conf-dir
+              mountPath: /etc/cni/net.d
+            - name: kubeconfig
+              mountPath: /var/lib/kube-router/kubeconfig
+              readOnly: true
+            - name: xtables-lock
+              mountPath: /run/xtables.lock
+              readOnly: false
+      initContainers:
+        - name: install-cni
+          image: docker.io/cloudnativelabs/kube-router
+          imagePullPolicy: Always
+          command:
+            - /bin/sh
+            - -c
+            - set -e -x;
+              if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then
+              if [ -f /etc/cni/net.d/*.conf ]; then
+              rm -f /etc/cni/net.d/*.conf;
+              fi;
+              TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
+              cp /etc/kube-router/cni-conf.json ${TMP};
+              mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
+              fi
+          volumeMounts:
+            - mountPath: /etc/cni/net.d
+              name: cni-conf-dir
+            - mountPath: /etc/kube-router
+              name: kube-router-cfg
+      hostNetwork: true
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+      volumes:
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
+        - name: cni-conf-dir
+          hostPath:
+            path: /etc/cni/net.d
+        - name: kube-router-cfg
+          configMap:
+            name: kube-router-cfg
+        - name: kubeconfig
+          hostPath:
+            path: /var/lib/kube-router/kubeconfig
+        - name: xtables-lock
+          hostPath:
+            path: /run/xtables.lock
+            type: FileOrCreate
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-router
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-router
+  namespace: kube-system
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - nodes
+      - endpoints
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - "networking.k8s.io"
+    resources:
+      - networkpolicies
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kube-router
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-router
+subjects:
+  - kind: ServiceAccount
+    name: kube-router
+    namespace: kube-system
--- a/.github/workflows/kind/patches/kube-controller-manager.yaml
+++ b/.github/workflows/kind/patches/kube-controller-manager.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kube-controller-manager
+  namespace: kube-system
+spec:
+  containers:
+    - name: kube-controller-manager
+      resources:
+        requests:
+          cpu: 1m
--- a/.mdox.validate.yaml
+++ b/.mdox.validate.yaml
@@ -6,4 +6,8 @@ validators:
    type: "ignore"
  # Ignore release links.
  - regex: 'https:\/\/github\.com\/prometheus-operator\/kube-prometheus\/releases'
-    type: "ignore"
+    type: "ignore"
+  # the www.weave.works domain returns 404 for many pages.
+  # Ignoring for now but we need remove the related content if it persists.
+  - regex: 'https:\/\/www.weave.works.*'
+    type: "ignore"
--- a/jsonnet/kube-prometheus/versions.json
+++ b/jsonnet/kube-prometheus/versions.json
@@ -1,7 +1,7 @@
 {
  "alertmanager": "0.25.0",
  "blackboxExporter": "0.23.0",
-  "grafana": "9.3.2",
+  "grafana": "9.3.16",
  "kubeStateMetrics": "2.7.0",
  "nodeExporter": "1.5.0",
  "prometheus": "2.41.0",
--- a/jsonnetfile.json
+++ b/jsonnetfile.json
@@ -1,6 +1,15 @@
 {
  "version": 1,
  "dependencies": [
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/grafana/jsonnet-libs.git",
+          "subdir": "mixin-utils"
+        }
+      },
+      "version": "master"
+    },
    {
      "source": {
        "local": {
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -18,7 +18,7 @@
          "subdir": "contrib/mixin"
        }
      },
-      "version": "638c6f1bb16f2562d1fac840559112bf40f8a851",
+      "version": "ae3b43a924c688f06560ada76a047d14b3935829",
      "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
    },
    {
@@ -38,7 +38,7 @@
          "subdir": "grafonnet"
        }
      },
-      "version": "30280196507e0fe6fa978a3e0eaca3a62844f817",
+      "version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
      "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
    },
    {
@@ -48,7 +48,7 @@
          "subdir": "grafonnet-7.0"
        }
      },
-      "version": "30280196507e0fe6fa978a3e0eaca3a62844f817",
+      "version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
      "sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
    },
    {
@@ -58,8 +58,18 @@
          "subdir": "grafana-builder"
        }
      },
-      "version": "a924ab1b5fd4e6eacd7235a20978d050a27bdb65",
-      "sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
+      "version": "02db06f540086fa3f67d487bd01e1b314853fb8f",
+      "sum": "B49EzIY2WZsFxNMJcgRxE/gcZ9ltnS8pkOOV6Q5qioc="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/grafana/jsonnet-libs.git",
+          "subdir": "mixin-utils"
+        }
+      },
+      "version": "d9ba581fb27aa6689e911f288d4df06948eb8aad",
+      "sum": "LoYq5QxJmUXEtqkEG8CFUBLBhhzDDaNANHc7Gz36ZdM="
    },
    {
      "source": {
@@ -119,7 +129,7 @@
          "subdir": "doc/alertmanager-mixin"
        }
      },
-      "version": "258fab7cdd551f2cf251ed0348f0ad7289aee789",
+      "version": "a4e8574be7165d3c21162456f160e0faf3d05de3",
      "sum": "PsK+V7oETCPKu2gLoPfqY0wwPKH9TzhNj6o2xezjjXc=",
      "name": "alertmanager"
    },
@@ -151,7 +161,7 @@
          "subdir": "config/crd/bases"
        }
      },
-      "version": "61eb388891c72da78ec3252f769d9dda4acabf1b",
+      "version": "490bebc3ac2a93497301e76019adcb22eed6c543",
      "sum": "d1550yhsX4VxdVN7b0gWT0cido/W90P6OGLzLqPwZcs="
    },
    {
@@ -161,7 +171,7 @@
          "subdir": "mixin"
        }
      },
-      "version": "27e4714174e2b7d4542ce9a723716134afba1579",
+      "version": "fe3f5d24192570038e9576307e1b31794920a1f3",
      "sum": "Io++1+lp1oQVoQiVRSCXUiGdTIRPV7aL6Ewgs3bShEs=",
      "name": "thanos-mixin"
    },
--- a/manifests/grafana-config.yaml
+++ b/manifests/grafana-config.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana-config
  namespace: monitoring
 stringData:
--- a/manifests/grafana-dashboardDatasources.yaml
+++ b/manifests/grafana-dashboardDatasources.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana-datasources
  namespace: monitoring
 stringData:
--- a/manifests/grafana-dashboardDefinitions.yaml
+++ b/manifests/grafana-dashboardDefinitions.yaml
--- a/manifests/grafana-dashboardSources.yaml
+++ b/manifests/grafana-dashboardSources.yaml
@@ -22,6 +22,6 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana-dashboards
  namespace: monitoring
--- a/manifests/grafana-deployment.yaml
+++ b/manifests/grafana-deployment.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana
  namespace: monitoring
 spec:
@@ -18,19 +18,19 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/grafana-config: adbde4cde1aa3ca57c408943af53e6f7
-        checksum/grafana-dashboardproviders: d8fb24844314114bed088b83042b1bdb
-        checksum/grafana-datasources: 0800bab7ea1e2d8ad5c09586d089e033
+        checksum/grafana-config: 8f789e9282d2c489627b7cc14331eeb5
+        checksum/grafana-dashboardproviders: c7085e546c9aa6fdaf5f4fdabcf41b7c
+        checksum/grafana-datasources: 73ffe398adc193d9836e41703c06f169
      labels:
        app.kubernetes.io/component: grafana
        app.kubernetes.io/name: grafana
        app.kubernetes.io/part-of: kube-prometheus
-        app.kubernetes.io/version: 9.3.2
+        app.kubernetes.io/version: 9.3.16
    spec:
      automountServiceAccountToken: false
      containers:
      - env: []
-        image: grafana/grafana:9.3.2
+        image: grafana/grafana:9.3.16
        name: grafana
        ports:
        - containerPort: 3000
--- a/manifests/grafana-networkPolicy.yaml
+++ b/manifests/grafana-networkPolicy.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana
  namespace: monitoring
 spec:
--- a/manifests/grafana-prometheusRule.yaml
+++ b/manifests/grafana-prometheusRule.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
    prometheus: k8s
    role: alert-rules
  name: grafana-rules
--- a/manifests/grafana-service.yaml
+++ b/manifests/grafana-service.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana
  namespace: monitoring
 spec:
--- a/manifests/grafana-serviceAccount.yaml
+++ b/manifests/grafana-serviceAccount.yaml
@@ -6,6 +6,6 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana
  namespace: monitoring
--- a/manifests/grafana-serviceMonitor.yaml
+++ b/manifests/grafana-serviceMonitor.yaml
@@ -5,7 +5,7 @@ metadata:
    app.kubernetes.io/component: grafana
    app.kubernetes.io/name: grafana
    app.kubernetes.io/part-of: kube-prometheus
-    app.kubernetes.io/version: 9.3.2
+    app.kubernetes.io/version: 9.3.16
  name: grafana
  namespace: monitoring
 spec:
Author	SHA1	Message	Date
Philip Gough	e6c581378e	[release-0.12] Adds dependency on github.com/grafana/jsonnet-libs mixins-util (#2478 ) * Add lockfile * chore: ignore mdox errors for https://www.weave.works	2024-08-07 17:10:32 +01:00
PromOperatorBot	799f6fb5d0	[bot] [release-0.12] Automated version update (#2315 ) Co-authored-by: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>	2024-01-03 17:32:30 +00:00
PromOperatorBot	6662842873	[bot] [release-0.12] Automated version update (#2289 ) Co-authored-by: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>	2023-11-27 12:07:35 +00:00
PromOperatorBot	6901a5e88d	[bot] [release-0.12] Automated version update (#2188 ) Co-authored-by: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>	2023-08-16 16:55:15 +01:00
Paul Larsen	50952c43c4	Update grafana version to 9.3.16 (#2162 ) * Update grafana version to 9.3.16 Address CVE-2023-3128 https://github.com/prometheus-operator/kube-prometheus/issues/2147 * regenerate YAML	2023-07-28 03:24:28 -07:00
Philip Gough	2343d68619	ci: Fixes CPU scheduling issues for 1.26 and 1.27 (#2172 )	2023-07-27 03:20:15 -07:00