cut release 0.12 (#1919)

Signed-off-by: Haoyu Sun <hasun@redhat.com>

Signed-off-by: Haoyu Sun <hasun@redhat.com>

.github/ISSUE_TEMPLATE/support.md

@@ -4,48 +4,14 @@ about: If you have questions about kube-prometheus
 labels: kind/support
 ---
 
-<!--
+This repository now has the new GitHub Discussions enabled: 
+https://github.com/prometheus-operator/kube-prometheus/discussions
 
-Feel free to ask questions in #prometheus-operator on Kubernetes Slack!
+Please create a new discussion to ask for any kind of support, which is not a Bug or Feature Request.
 
--->
+Thank you for being part of this community!
 
-**What did you do?**
+---
 
-**Did you expect to see some different?**
+We are still happy to chat with you in the #prometheus-operator channel on Kubernetes Slack!
 
-**Environment**
-
-* Prometheus Operator version:
-
-    `Insert image tag or Git SHA here`
-    <!-- Try kubectl -n monitoring describe deployment prometheus-operator -->
-
-* Kubernetes version information:
-
-    `kubectl version`
-    <!-- Replace the command with its output above -->
-
-* Kubernetes cluster kind:
-
-    insert how you created your cluster: kops, bootkube, tectonic-installer, etc.
-
-* Manifests:
-
-```
-insert manifests relevant to the issue
-```
-
-* Prometheus Operator Logs:
-
-```
-Insert Prometheus Operator logs relevant to the issue here
-```
-
-* Prometheus Logs:
-
-```
-Insert Prometheus logs relevant to the issue here
-```
-
-**Anything else we need to know?**:

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,37 @@
+<!--
+WARNING: Not using this template will result in a longer review process and your change won't be visible in CHANGELOG.
+-->
+
+## Description
+
+_Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
+If it fixes a bug or resolves a feature request, be sure to link to that issue._
+
+
+
+## Type of change
+
+_What type of changes does your code introduce to the kube-prometheus? Put an `x` in the box that apply._
+
+- [ ] `CHANGE` (fix or feature that would cause existing functionality to not work as expected)
+- [ ] `FEATURE` (non-breaking change which adds functionality)
+- [ ] `BUGFIX` (non-breaking change which fixes an issue)
+- [ ] `ENHANCEMENT` (non-breaking change which improves existing functionality)
+- [ ] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)
+
+## Changelog entry
+
+_Please put a one-line changelog entry below. Later this will be copied to the changelog file._
+
+<!-- 
+Your release note should be written in clear and straightforward sentences. Most often, users aren't familiar with
+the technical details of your PR, so consider what they need to know when you write your release note.
+
+Some brief examples of release notes:
+- Add metadataConfig field to the Prometheus CRD for configuring how remote-write sends metadata information.
+- Generate correct scraping configuration for Probes with empty or unset module parameter.
+-->
+
+```release-note
+
+```

.github/dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+
+  - package-ecosystem: gomod
+    directory: /scripts/
+    schedule:
+      interval: daily
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/ci.yaml

@@ -0,0 +1,144 @@
+name: ci
+on:
+  - push
+  - pull_request
+env:
+  golang-version: '1.18'
+  kind-version: 'v0.16.0'
+jobs:
+  generate:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - macos-latest
+          - ubuntu-latest
+    name: Generate
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - run: make --always-make generate validate && git diff --exit-code
+  check-docs:
+    runs-on: ubuntu-latest
+    name: Check Documentation formatting and links
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - run: make check-docs
+  lint:
+    runs-on: ubuntu-latest
+    name: Jsonnet linter
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - run: make --always-make lint
+  fmt:
+    runs-on: ubuntu-latest
+    name: Jsonnet formatter
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - run: make --always-make fmt && git diff --exit-code
+  unit-tests:
+    runs-on: ubuntu-latest
+    name: Unit tests
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - run: make --always-make test
+  security-audit:
+    runs-on: ubuntu-latest
+    name: Run security analysis on manifests
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - run: make --always-make kubescape
+  e2e-tests:
+    name: E2E tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        kind-image:
+          - 'kindest/node:v1.25.2'
+          - 'kindest/node:v1.24.6'
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - name: Start KinD
+      uses: engineerd/setup-kind@v0.5.0
+      with:
+        version: ${{ env.kind-version }}
+        image: ${{ matrix.kind-image }}
+        wait: 10s # Without default CNI, control-plane doesn't get ready until Cilium is installed
+        config: .github/workflows/kind/config.yml
+    - name: Setup Helm
+      uses: azure/setup-helm@v3.5
+    - name: Install Cilium
+      run: |
+        helm repo add cilium https://helm.cilium.io/
+        helm install cilium cilium/cilium --version 1.9.13 \
+        --namespace kube-system \
+        --set nodeinit.enabled=true \
+        --set kubeProxyReplacement=partial \
+        --set hostServices.enabled=false \
+        --set externalIPs.enabled=true \
+        --set nodePort.enabled=true \
+        --set hostPort.enabled=true \
+        --set bpf.masquerade=false \
+        --set image.pullPolicy=IfNotPresent \
+        --set ipam.mode=kubernetes \
+        --set operator.replicas=1
+    - name: Wait for cluster to finish bootstraping
+      run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s
+    - name: Create kube-prometheus stack
+      run: |
+        kubectl create -f manifests/setup
+        until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done
+        kubectl create -f manifests/
+    - name: Run tests
+      run: |
+        export KUBECONFIG="${HOME}/.kube/config"
+        make test-e2e
+
+  # Added to summarize the matrix and allow easy branch protection rules setup
+  e2e-tests-result:
+    name: End-to-End Test Results
+    if: always()
+    needs:
+      - e2e-tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Mark the job as a success
+        if: needs.e2e-tests.result == 'success'
+        run: exit 0
+      - name: Mark the job as a failure
+        if: needs.e2e-tests.result != 'success'
+        run: exit 1

.github/workflows/kind/config.yml

@@ -0,0 +1,6 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+networking:
+  disableDefaultCNI: true
+  podSubnet: "10.10.0.0/16"
+  serviceSubnet: "10.11.0.0/16"

.github/workflows/stale.yaml

@@ -0,0 +1,21 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '30 3 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v7
+        with:
+          stale-issue-message: 'This issue has been automatically marked as stale because it has not had any activity in the last 60 days. Thank you for your contributions.'
+          close-issue-message: 'This issue was closed because it has not had any activity in the last 120 days. Please reopen if you feel this is still valid.'
+          days-before-stale: 60
+          days-before-issue-close: 120
+          days-before-pr-close: -1  # Prevent closing PRs
+          exempt-issue-labels: 'kind/feature,help wanted,kind/bug'
+          stale-issue-label: 'stale'
+          stale-pr-label: 'stale'
+          exempt-draft-pr: true
+          operations-per-run: 500

.github/workflows/versions.yaml

@@ -0,0 +1,81 @@
+name: Upgrade to latest versions
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '37 7 * * 1'
+env:
+  golang-version: '1.18'
+jobs:
+  versions:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        branch:
+          - 'release-0.8'
+          - 'release-0.9'
+          - 'release-0.10'
+          - 'release-0.11'
+          - 'main'
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ matrix.branch }}
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ${{ env.golang-version }}
+    - name: Upgrade versions
+      id: versions
+      run: |
+        export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+        # Write to temporary file to make update atomic
+        scripts/generate-versions.sh > /tmp/versions.json
+        mv /tmp/versions.json jsonnet/kube-prometheus/versions.json
+        # Get the links to the changelogs of the updated versions and make them
+        # available to the reviewers
+        echo ::set-output name=new_changelogs::$(scripts/get-new-changelogs.sh)
+      if: matrix.branch == 'main'
+    - name: Update jsonnet dependencies
+      run: |
+        make update
+        make generate
+
+        # Reset jsonnetfile.lock.json if no dependencies were updated
+        changedFiles=$(git diff --name-only | grep -v 'jsonnetfile.lock.json' | wc -l)
+        if [[ "$changedFiles" -eq 0 ]]; then
+          git checkout -- jsonnetfile.lock.json;
+        fi
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v4
+      with:
+        commit-message: "[bot] [${{ matrix.branch }}] Automated version update"
+        title: "[bot] [${{ matrix.branch }}] Automated version update"
+        body: |
+          ## Description
+
+          This is an automated version and jsonnet dependencies update performed from CI.
+
+          Please review the following changelogs to make sure that we don't miss any important
+          changes before merging this PR.
+
+          ${{ steps.versions.outputs.new_changelogs }}
+
+          Configuration of the workflow is located in `.github/workflows/versions.yaml`.
+
+          ## Type of change
+
+          - [x] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)
+
+          ## Changelog entry
+
+          ```release-note
+
+          ```
+        team-reviewers: kube-prometheus-reviewers
+        committer: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>
+        author: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>
+        branch: automated-updates-${{ matrix.branch }}
+        delete-branch: true
+        # GITHUB_TOKEN cannot be used as it won't trigger CI in a created PR
+        # More in https://github.com/peter-evans/create-pull-request/issues/155
+        token: ${{ secrets.PROM_OP_BOT_PAT }}

.gitignore

@@ -3,3 +3,8 @@ minikube-manifests/
 vendor/
 ./auth
 .swp
+crdschemas/
+.mdoxcache
+
+developer-workspace/gitpod/_output
+developer-workspace/codespaces/kind 

.gitpod.yml

@@ -0,0 +1,47 @@
+image: gitpod/workspace-full
+checkoutLocation: gitpod-k3s
+tasks: 
+  - init: |
+      make --always-make
+      export PATH="$(pwd)/tmp/bin:${PATH}"
+      cat > ${PWD}/.git/hooks/pre-commit <<EOF
+      #!/bin/bash
+      
+      echo "Checking jsonnet fmt"
+      make fmt > /dev/null 2>&1
+      echo "Checking if manifests are correct"
+      make generate > /dev/null 2>&1
+      
+      git diff --exit-code
+      if [[ \$? == 1 ]]; then
+        echo "
+      
+      This commit is being rejected because the YAML manifests are incorrect or jsonnet needs to be formatted."
+        echo "Please commit your changes again!"
+        exit 1
+      fi
+      EOF
+      chmod +x ${PWD}/.git/hooks/pre-commit
+  - name: run kube-prometheus
+    command: |
+      developer-workspace/gitpod/prepare-k3s.sh
+      developer-workspace/common/deploy-kube-prometheus.sh
+  - name: kernel dev environment
+    init: |
+      sudo apt update -y
+      sudo apt install qemu qemu-system-x86 linux-image-$(uname -r) libguestfs-tools sshpass netcat -y
+      sudo curl -o /usr/bin/kubectl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+      sudo chmod +x /usr/bin/kubectl
+      developer-workspace/gitpod/prepare-rootfs.sh
+    command: |
+      developer-workspace/gitpod/qemu.sh
+ports:
+  - port: 3000
+    onOpen: open-browser
+  - port: 9090
+    onOpen: open-browser
+  - port: 9093
+    onOpen: open-browser
+vscode:
+  extensions:
+    - heptio.jsonnet

.mdox.validate.yaml

@@ -0,0 +1,9 @@
+version: 1
+
+validators:
+  # Ignore localhost links.
+  - regex: 'localhost'
+    type: "ignore"
+  # Ignore release links.
+  - regex: 'https:\/\/github\.com\/prometheus-operator\/kube-prometheus\/releases'
+    type: "ignore"

.travis.yml

@@ -1,21 +0,0 @@
-sudo: required
-dist: xenial
-language: go
-
-go:
-- "1.13.x"
-go_import_path: github.com/coreos/kube-prometheus
-
-cache:
-  directories:
-  - $GOCACHE
-  - $GOPATH/pkg/mod
-
-jobs:
-  include:
-  - name: Check generated files
-    script: make --always-make generate && git diff --exit-code
-  - name: Run tests
-    script: make --always-make test
-  - name: Run e2e tests
-    script: ./tests/e2e/travis-e2e.sh

CHANGELOG.md

@@ -0,0 +1,120 @@
+## release-0.12 / 2023-01-19
+
+* [CHANGE] Updates Prometheus Adapater version to 0.10.0 [#1865](https://github.com/prometheus-operator/kube-prometheus/pull/1865)
+* [FEATURE] Added a AKS platform [#1869](https://github.com/prometheus-operator/kube-prometheus/pull/1869)
+* [BUGFIX] Update Pyrra to 0.4.2 [#1800](https://github.com/prometheus-operator/kube-prometheus/pull/1800)
+* [BUGFIX] Jsonnet: enable automountServiceAccountToken for prometheus service account [#1808](https://github.com/prometheus-operator/kube-prometheus/pull/1808)
+* [BUGFIX] Fix diskDeviceSelector regex for aks and eks [#1810](https://github.com/prometheus-operator/kube-prometheus/pull/1810)
+* [BUGFIX] Set path.udev.data Argument of Node Exporter [#1913](https://github.com/prometheus-operator/kube-prometheus/pull/1913)
+* [BUGFIX] Include RAID device md.* in disk seletor [#1945](https://github.com/prometheus-operator/kube-prometheus/pull/1945)
+* [ENHANCEMENT] Prometheus-adapter: add prefix option to config for container metrics [#1844](https://github.com/prometheus-operator/kube-prometheus/pull/1844)
+* [ENHANCEMENT] Switch kube-state-metrics registry to registry.k8s.io [#1914](https://github.com/prometheus-operator/kube-prometheus/pull/1914)
+* [ENHANCEMENT] Node Exporter: add parameter for ignored network devices [#1887](https://github.com/prometheus-operator/kube-prometheus/pull/1887)
+
+## release-0.11 / 2022-06-15
+
+* [CHANGE] Disable injecting unnecessary variables allowing access to k8s API [#1591](https://github.com/prometheus-operator/kube-prometheus/pull/1591)
+* [FEATURE] Add grafana-mixin [#1458](https://github.com/prometheus-operator/kube-prometheus/pull/1458)
+* [FEATURE] Add example usage of prometheus-agent [#1472](https://github.com/prometheus-operator/kube-prometheus/pull/1472)
+* [FEATURE] Add Pyrra as (optional) component [#1667](https://github.com/prometheus-operator/kube-prometheus/pull/1667)
+* [ENHANCEMENT] Adds NetworkPolicies to all components of Kube-prometheus [#1650](https://github.com/prometheus-operator/kube-prometheus/pull/1650)
+* [ENHANCEMENT] Scan generated manifests with kubescape in CI [#1584](https://github.com/prometheus-operator/kube-prometheus/pull/1584)
+* [ENHANCEMENT] Explicitly declare allowPrivilegeEscalation to false in all components [#1593](https://github.com/prometheus-operator/kube-prometheus/pull/1593)
+* [ENHANCEMENT] Forbid write access to root filesystem [#1600](https://github.com/prometheus-operator/kube-prometheus/pull/1600)
+* [ENHANCEMENT] Drop Linux capabilities, , just keeping CAP_SYS_TIME for node-exporter [#1610](https://github.com/prometheus-operator/kube-prometheus/pull/1610)
+* [ENHANCEMENT] Remove hostPort from node-export daemonset [#1612](https://github.com/prometheus-operator/kube-prometheus/pull/1612)
+* [ENHANCEMENT] Add priorityClassName as system-cluster-critical for node_exporter [#1649](https://github.com/prometheus-operator/kube-prometheus/pull/1649)
+* [ENHANCEMENT] Added custom overrides for kube-rbac-proxy-self [#1637](https://github.com/prometheus-operator/kube-prometheus/pull/1637)
+* [ENHANCEMENT] Adds readinessProbe and livenessProbe to prometheus-adapter jsonnet [#1696](https://github.com/prometheus-operator/kube-prometheus/pull/1696)
+* [BUGFIX] Update kubeadm integration of kube-prometheus [#1569](https://github.com/prometheus-operator/kube-prometheus/pull/1569)
+* [BUGFIX] Add projected volumes permission to addon/podsecuritypolicie [#1572](https://github.com/prometheus-operator/kube-prometheus/pull/1572)
+* [BUGFIX] Hide namespace for prometheus clusterRole and clusterRolebinding [#1566](https://github.com/prometheus-operator/kube-prometheus/pull/1566)
+* [BUGFIX] Fix accidentally broken thanosSelector after #1543 [#1556](https://github.com/prometheus-operator/kube-prometheus/pull/1556)
+* [BUGFIX] Jsonnet: filter out kube-proxy alerts when kube-proxy is disabled [#1609](https://github.com/prometheus-operator/kube-prometheus/pull/1609)
+* [BUGFIX] Sanitize regex denylist in ksm-lite addon [#1613](https://github.com/prometheus-operator/kube-prometheus/pull/1613)
+* [BUGFIX] Sanitize all regex denylist in ksm-lite addon [#1614](https://github.com/prometheus-operator/kube-prometheus/pull/1614)
+* [BUGFIX] Add extra-volume mount for plugins downloads [#1624](https://github.com/prometheus-operator/kube-prometheus/pull/1624)
+* [BUGFIX] Added allowedCapabilities to node-exporter psp [#1642](https://github.com/prometheus-operator/kube-prometheus/pull/1642)
+* [BUGFIX] Fix cluster:node_cpu:ratio query [#1628](https://github.com/prometheus-operator/kube-prometheus/pull/1628)
+* [BUGFIX] Removed CAP_ from node-exporter daemonset [#1647](https://github.com/prometheus-operator/kube-prometheus/pull/1647)
+* [BUGFIX] Update PodMonitor for kube-proxy [#1630](https://github.com/prometheus-operator/kube-prometheus/pull/1630)
+* [BUGFIX] Adds port name to prometheus-adapter [#1701](https://github.com/prometheus-operator/kube-prometheus/pull/1701)
+* [BUGFIX] Fix grafana network access [#1721](https://github.com/prometheus-operator/kube-prometheus/pull/1721)
+* [BUGFIX] Fix networkpolicies-disabled addon [#1724](https://github.com/prometheus-operator/kube-prometheus/pull/1724)
+* [BUGFIX] Adjust NodeFilesystemSpaceFillingUp thresholds according default kubelet GC behavior [#1729](https://github.com/prometheus-operator/kube-prometheus/pull/1729)
+* [BUGFIX] Fix problems when enabling eks platform patch [#1675](https://github.com/prometheus-operator/kube-prometheus/pull/1675)
+* [BUGFIX] Access requests to sidecar from thanos-query [#1730](https://github.com/prometheus-operator/kube-prometheus/pull/1730)
+* [BUGFIX] Fix prometheus namespace connection for addons/pyrra [#1734](https://github.com/prometheus-operator/kube-prometheus/pull/1734)
+
+## release-0.10 / 2021-12-17
+
+* [CHANGE] Adjust node filesystem space filling up warning threshold to 20% [#1357](https://github.com/prometheus-operator/kube-prometheus/pull/1357)
+* [CHANGE] Always generate grafana-config secret [#1373](https://github.com/prometheus-operator/kube-prometheus/pull/1373)
+* [CHANGE] Make filesystem ignored mount points configurable for node-exporter [#1376](https://github.com/prometheus-operator/kube-prometheus/pull/1376)
+* [CHANGE] Drop some high cardinality cAdvisor metrics [#1406](https://github.com/prometheus-operator/kube-prometheus/pull/1406), [#1396](https://github.com/prometheus-operator/kube-prometheus/pull/1396)
+* [CHANGE] Use `--collector.filesystem.mount-points-exclude` instead of deprecated `--collector.filesystem.ignored-mount-points` argument for `node-exporter` [#1407](https://github.com/prometheus-operator/kube-prometheus/pull/1407)
+* [CHANGE] Drop some of prometheus-adapter metrics that are inherited from the apiserver code but aren't useful in the context of prometheus-adapter [#1409](https://github.com/prometheus-operator/kube-prometheus/pull/1409)
+* [CHANGE] Remove "app" label selector deprecated by Prometheus-operator [#1420](https://github.com/prometheus-operator/kube-prometheus/pull/1420)
+* [CHANGE] Use recommended instance label for Prometheus/Alertmanager resources [#1520](https://github.com/prometheus-operator/kube-prometheus/pull/1520)
+* [CHANGE] Drop deprecated apiserver_longrunning_gauge and apiserver_registered_watchers metrics [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
+* [CHANGE] Drop deprecated coredns_cache_misses_total [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
+* [ENHANCEMENT] Add support for LDAP authentication in Grafana [#1455](https://github.com/prometheus-operator/kube-prometheus/pull/1445)
+* [ENHANCEMENT] Include rewritten kubernetes-grafana for easier usage of new library features [#1450](https://github.com/prometheus-operator/kube-prometheus/pull/1450)
+* [ENHANCEMENT] Specify default container in node-exporter pod [#1462](https://github.com/prometheus-operator/kube-prometheus/pull/1462)
+* [ENHANCEMENT] Make metadata consistent across objects in the same component [#1471](https://github.com/prometheus-operator/kube-prometheus/pull/1471)
+* [ENHANCEMENT] Establish convention for default field types [#1475](https://github.com/prometheus-operator/kube-prometheus/pull/1475)
+* [ENHANCEMENT] Exclude k3s containerd mountpoints [#1497](https://github.com/prometheus-operator/kube-prometheus/pull/1497)
+* [ENHANCEMENT] Alertmanager now uses the new `matcher` syntax in the routing tree and inhibition rules [#1508](https://github.com/prometheus-operator/kube-prometheus/pull/1508)
+* [ENHANCEMENT] Deprecate `thanosSelector` and expose `mixin._config.thanos` config variable for thanos sidecar [#1543](https://github.com/prometheus-operator/kube-prometheus/pull/1543)
+* [ENHANCEMENT] Added configurable default values for sidecar container kube-rbac-proxy-self in deployment kube-statate-metrics. [#1637](https://github.com/prometheus-operator/kube-prometheus/pull/1637)
+* [FEATURE] Support scraping config-reloader sidecar for Prometheus and AlertManager StatefulSets [#1344](https://github.com/prometheus-operator/kube-prometheus/pull/1344)
+* [FEATURE] Expose prometheus alerting configuration in $.values.prometheus configuration [#1476](https://github.com/prometheus-operator/kube-prometheus/pull/1476)
+* [BUGFIX] Remove deprecated policy/v1beta1 Kubernetes API [#1433](https://github.com/prometheus-operator/kube-prometheus/pull/1433)
+* [BUGFIX] Fix prometheus URL in prometheus-adapter [#1463](https://github.com/prometheus-operator/kube-prometheus/pull/1463)
+* [BUGFIX] Always use proper values scope for namespace in addons [#1518](https://github.com/prometheus-operator/kube-prometheus/pull/1518)
+* [BUGFIX] Fix default empty groups for k8s PrometheusRule [#1534](https://github.com/prometheus-operator/kube-prometheus/pull/1534)
+
+## release-0.9 / 2021-08-19
+
+* [CHANGE] Test against Kubernetes 1.21 and 1,22. #1161 #1337
+* [CHANGE] Drop cAdvisor metrics without (pod, namespace) label pairs. #1250
+* [CHANGE] Excluded deprecated `etcd_object_counts` metric. #1337
+* [FEATURE] Add PodDisruptionBudget to prometheus-adapter. #1136
+* [FEATURE] Add support for feature flags in Prometheus. #1129
+* [FEATURE] Add env parameter for grafana component. #1171
+* [FEATURE] Add gitpod deployment of kube-prometheus on k3s. #1211
+* [FEATURE] Add resource requests and limits to prometheus-adapter container. #1282
+* [FEATURE] Add PodMonitor for kube-proxy. #1230
+* [FEATURE] Turn AWS VPC CNI into a control plane add-on. #1307
+* [ENHANCEMENT] Export anti-affinity addon. #1114
+* [ENHANCEMENT] Allow changing configmap-reloader, grafana, and kube-rbac-proxy images in $.values.common.images. #1123 #1124 #1125
+* [ENHANCEMENT] Add automated version upgrader. #1166
+* [ENHANCEMENT] Improve all-namespace addon. #1131
+* [ENHANCEMENT] Add example of running without grafana deployment. #1201
+* [ENHANCEMENT] Import managed-cluster addon for the EKS platform. #1205
+* [ENHANCEMENT] Automatically update jsonnet dependencies. #1220
+* [ENHANCEMENT] Adapt kube-prometheus to changes to ovn veth interfaces names. #1224
+* [ENHANCEMENT] Add example release-0.3 to release-0.8 migration to docs. #1235
+* [ENHANCEMENT] Consolidate intervals used in prometheus-adapter CPU queries. #1231
+* [ENHANCEMENT] Create dashboardDefinitions if rawDashboards or folderDashboards are specified. #1255
+* [ENHANCEMENT] Relabel instance with node name for CNI DaemonSet on EKS. #1259
+* [ENHANCEMENT] Update doc on Prometheus rule updates since release 0.8. #1253
+* [ENHANCEMENT] Point runbooks to https://runbooks.prometheus-operator.dev. #1267
+* [ENHANCEMENT] Allow setting of kubeRbacProxyMainResources in kube-state-metrics. #1257
+* [ENHANCEMENT] Automate release branch updates. #1293 #1303
+* [ENHANCEMENT] Create Thanos Sidecar rules separately from Prometheus ones. #1308
+* [ENHANCEMENT] Allow using newer jsonnet-bundler dependency resolution when using windows addon. #1310
+* [ENHANCEMENT] Prometheus ruleSelector defaults to all rules.
+* [BUGFIX] Fix kube-state-metrics metric denylist regex pattern. #1146
+* [BUGFIX] Fix missing resource config in blackbox exporter. #1148
+* [BUGFIX] Fix adding private repository. #1169
+* [BUGFIX] Fix kops selectors for scheduler, controllerManager and kube-dns. #1164
+* [BUGFIX] Fix scheduler and controller selectors for Kubespray. #1142
+* [BUGFIX] Fix label selector for coredns ServiceMonitor. #1200
+* [BUGFIX] Fix name for blackbox-exporter PodSecurityPolicy. #1213
+* [BUGFIX] Fix ingress path rules for networking.k8s.io/v1. #1212
+* [BUGFIX] Disable insecure cypher suites for prometheus-adapter. #1216
+* [BUGFIX] Fix CNI metrics relabelings on EKS. #1277
+* [BUGFIX] Fix node-exporter ignore list for OVN. #1283
+* [BUGFIX] Revert back to awscni_total_ip_addresses-based alert on EKS. #1292
+* [BUGFIX] Allow passing `thanos: {}` to prometheus configuration. #1325

CONTRIBUTING.md

@@ -0,0 +1,95 @@
+# Contributing
+
+This project is licensed under the [Apache 2.0 license](LICENSE) and accept
+contributions via GitHub pull requests. This document outlines some of the
+conventions on development workflow, commit message formatting, contact points
+and other resources to make it easier to get your contribution accepted.
+
+To maintain a safe and welcoming community, all participants must adhere to the
+project's [Code of Conduct](code-of-conduct.md).
+
+## Community
+
+The project is developed in the open. Here are some of the channels we use to communicate and contribute:
+
+[**Kubernetes Slack**](https://slack.k8s.io/): [#prometheus-operator](https://kubernetes.slack.com/archives/CFFDS2Z7F) -
+General discussions channel
+
+[**Kubernetes Slack**](https://slack.k8s.io/): [#prometheus-operator-dev](https://kubernetes.slack.com/archives/C01B03QCSMN) -
+Channel used for project developers discussions
+
+**Discussion forum**: [GitHub discussions](https://github.com/prometheus-operator/kube-prometheus/discussions)
+
+**Twitter**: [@PromOperator](https://twitter.com/promoperator)
+
+**GitHub**: To file bugs and feature requests. For questions and discussions use the GitHub discussions. Generally,
+the other community channels listed here are best suited to get support or discuss overarching topics.
+
+Please avoid emailing maintainers directly.
+
+We host publicy bi-weekly meetings focused on project development and contributions. It’s meant for developers
+and maintainers to meet and get unblocked, pair review, and discuss development aspects of this project and related
+projects (e.g kubernetes-mixin). The document linked below contains all the details, including how to register.
+
+**Office Hours**: [Prometheus Operator & Kube-prometheus Contributor Office Hours](https://docs.google.com/document/d/1-fjJmzrwRpKmSPHtXN5u6VZnn39M28KqyQGBEJsqUOk)
+
+## Getting Started
+
+- Fork the repository on GitHub
+- Read the [README](README.md) for build and test instructions
+- Play with the project, submit bug fixes, submit patches!
+
+## Contribution Flow
+
+This is a rough outline of what a contributor's workflow looks like:
+
+- Create a topic branch from where you want to base your work (usually `main`).
+- Make commits of logical units.
+- Make sure your commit messages are in the proper format (see below).
+- Push your changes to a topic branch in your fork of the repository.
+- Make sure the tests pass, and add any new tests as appropriate.
+- Submit a pull request to the original repository.
+
+Thanks for your contributions!
+
+### Generated Files
+
+All `.yaml` files in the `/manifests` folder are generated via
+[Jsonnet](https://jsonnet.org/). Contributing changes will most likely include
+the following process:
+
+1. Make your changes in the respective `*.jsonnet` or `*.libsonnet` file.
+2. Commit your changes (This is currently necessary due to our vendoring
+   process. This is likely to change in the future).
+3. Generate dependent `*.yaml` files: `make generate`
+4. Commit the generated changes.
+
+### Format of the Commit Message
+
+We follow a rough convention for commit messages that is designed to answer two
+questions: what changed and why. The subject line should feature the what and
+the body of the commit should describe the why.
+
+```
+scripts: add the test-cluster command
+
+this uses tmux to setup a test cluster that you can easily kill and
+start for debugging.
+
+Fixes #38
+```
+
+The format can be described more formally as follows:
+
+```
+<subsystem>: <what changed>
+<BLANK LINE>
+<why this change was made>
+<BLANK LINE>
+<footer>
+```
+
+The first line is the subject and should be no longer than 70 characters, the
+second line is always blank, and other lines should be wrapped at 80 characters.
+This allows the message to be easier to read on GitHub as well as in various
+git tools.

DCO

@@ -1,36 +0,0 @@
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-660 York Street, Suite 102,
-San Francisco, CA 94110 USA
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.

Makefile

@@ -1,47 +1,89 @@
 SHELL=/bin/bash -o pipefail
 
-export GO111MODULE=on
-
 BIN_DIR?=$(shell pwd)/tmp/bin
 
-EMBEDMD_BIN=$(BIN_DIR)/embedmd
+MDOX_BIN=$(BIN_DIR)/mdox
 JB_BIN=$(BIN_DIR)/jb
 GOJSONTOYAML_BIN=$(BIN_DIR)/gojsontoyaml
 JSONNET_BIN=$(BIN_DIR)/jsonnet
+JSONNETLINT_BIN=$(BIN_DIR)/jsonnet-lint
 JSONNETFMT_BIN=$(BIN_DIR)/jsonnetfmt
-TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETFMT_BIN)
+KUBECONFORM_BIN=$(BIN_DIR)/kubeconform
+KUBESCAPE_BIN=$(BIN_DIR)/kubescape
+TOOLING=$(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLINT_BIN) $(JSONNETFMT_BIN) $(KUBECONFORM_BIN) $(MDOX_BIN) $(KUBESCAPE_BIN)
 
 JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s
 
-all: generate fmt test
+MDOX_VALIDATE_CONFIG?=.mdox.validate.yaml
+MD_FILES_TO_FORMAT=$(shell find docs developer-workspace examples experimental jsonnet manifests -name "*.md") $(shell ls *.md)
+
+KUBESCAPE_THRESHOLD=1
+
+all: generate fmt test docs
 
 .PHONY: clean
 clean:
 	# Remove all files and directories ignored by git.
 	git clean -Xfd .
 
+.PHONY: docs
+docs: $(MDOX_BIN) $(shell find examples) build.sh example.jsonnet
+	@echo ">> formatting and local/remote links"
+	$(MDOX_BIN) fmt --soft-wraps -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT)
+
+.PHONY: check-docs
+check-docs: $(MDOX_BIN) $(shell find examples) build.sh example.jsonnet
+	@echo ">> checking formatting and local/remote links"
+	$(MDOX_BIN) fmt --soft-wraps --check -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT)
+
 .PHONY: generate
-generate: manifests **.md
+generate: manifests
 
-**.md: $(EMBEDMD_BIN) $(shell find examples) build.sh example.jsonnet
-	$(EMBEDMD_BIN) -w `find . -name "*.md" | grep -v vendor`
-
-manifests: examples/kustomize.jsonnet $(GOJSONTOYAML_BIN) vendor build.sh
+manifests: examples/kustomize.jsonnet $(GOJSONTOYAML_BIN) vendor
 	./build.sh $<
 
 vendor: $(JB_BIN) jsonnetfile.json jsonnetfile.lock.json
 	rm -rf vendor
 	$(JB_BIN) install
 
+crdschemas: vendor
+	./scripts/generate-schemas.sh
+
+.PHONY: update
+update: $(JB_BIN)
+	$(JB_BIN) update
+
+.PHONY: validate
+validate: validate-1.23 validate-1.24
+
+validate-1.23:
+	KUBE_VERSION=1.23.6 $(MAKE) kubeconform
+
+validate-1.24:
+	KUBE_VERSION=1.24.1 $(MAKE) kubeconform
+
+.PHONY: kubeconform
+kubeconform: crdschemas manifests $(KUBECONFORM_BIN)
+	$(KUBECONFORM_BIN) -kubernetes-version $(KUBE_VERSION) -schema-location 'default' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/
+
+.PHONY: kubescape
+kubescape: $(KUBESCAPE_BIN) ## Runs a security analysis on generated manifests - failing if risk score is above threshold percentage 't'
+	$(KUBESCAPE_BIN) scan -s framework -t $(KUBESCAPE_THRESHOLD) nsa manifests/*.yaml --exceptions 'kubescape-exceptions.json'
+
 .PHONY: fmt
 fmt: $(JSONNETFMT_BIN)
-	find . -name 'vendor' -prune -o -name '*.libsonnet' -o -name '*.jsonnet' -print | \
+	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
 		xargs -n 1 -- $(JSONNETFMT_BIN) $(JSONNETFMT_ARGS) -i
 
+.PHONY: lint
+lint: $(JSONNETLINT_BIN) vendor
+	find jsonnet/ -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
+		xargs -n 1 -- $(JSONNETLINT_BIN) -J vendor
+
 .PHONY: test
 test: $(JB_BIN)
 	$(JB_BIN) install
-	./test.sh
+	./scripts/test.sh
 
 .PHONY: test-e2e
 test-e2e:
@@ -52,4 +94,9 @@ $(BIN_DIR):
 
 $(TOOLING): $(BIN_DIR)
 	@echo Installing tools from scripts/tools.go
-	@cat scripts/tools.go | grep _ | awk -F'"' '{print $$2}' | GOBIN=$(BIN_DIR) xargs -tI % go install %
+	@cd scripts && cat tools.go | grep _ | awk -F'"' '{print $$2}' | xargs -tI % go build -modfile=go.mod -o $(BIN_DIR) %
+
+.PHONY: deploy
+deploy:
+	./developer-workspace/codespaces/prepare-kind.sh
+	./developer-workspace/common/deploy-kube-prometheus.sh

NOTICE

@@ -1,5 +0,0 @@
-CoreOS Project
-Copyright 2018 CoreOS, Inc
-
-This product includes software developed at CoreOS, Inc.
-(http://www.coreos.com/).

OWNERS

@@ -1,14 +0,0 @@
-reviewers:
-  - brancz
-  - metalmatze
-  - mxinden
-  - s-urbaniak
-  - squat
-  - paulfantom
-approvers:
-  - brancz
-  - metalmatze
-  - mxinden
-  - s-urbaniak
-  - squat
-  - paulfantom

README.md

@@ -1,5 +1,9 @@
 # kube-prometheus
 
+[![Build Status](https://github.com/prometheus-operator/kube-prometheus/workflows/ci/badge.svg)](https://github.com/prometheus-operator/kube-prometheus/actions)
+[![Slack](https://img.shields.io/badge/join%20slack-%23prometheus--operator-brightgreen.svg)](http://slack.k8s.io/)
+[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/prometheus-operator/kube-prometheus)
+
 > Note that everything is experimental and may change significantly at any time.
 
 This repository collects Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the Prometheus Operator.
@@ -8,75 +12,80 @@ The content of this project is written in [jsonnet](http://jsonnet.org/). This p
 
 Components included in this package:
 
-* The [Prometheus Operator](https://github.com/coreos/prometheus-operator)
+* The [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
 * Highly available [Prometheus](https://prometheus.io/)
 * Highly available [Alertmanager](https://github.com/prometheus/alertmanager)
 * [Prometheus node-exporter](https://github.com/prometheus/node_exporter)
-* [Prometheus Adapter for Kubernetes Metrics APIs](https://github.com/DirectXMan12/k8s-prometheus-adapter)
+* [Prometheus Adapter for Kubernetes Metrics APIs](https://github.com/kubernetes-sigs/prometheus-adapter)
 * [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)
 * [Grafana](https://grafana.com/)
 
 This stack is meant for cluster monitoring, so it is pre-configured to collect metrics from all Kubernetes components. In addition to that it delivers a default set of dashboards and alerting rules. Many of the useful dashboards and alerts come from the [kubernetes-mixin project](https://github.com/kubernetes-monitoring/kubernetes-mixin), similar to this project it provides composable jsonnet as a library for users to customize to their needs.
 
-## Table of contents
-
-- [kube-prometheus](#kube-prometheus)
-  - [Table of contents](#table-of-contents)
-  - [Prerequisites](#prerequisites)
-    - [minikube](#minikube)
-  - [Compatibility](#compatibility)
-    - [Kubernetes compatibility matrix](#kubernetes-compatibility-matrix)
-  - [Quickstart](#quickstart)
-    - [Access the dashboards](#access-the-dashboards)
-  - [Customizing Kube-Prometheus](#customizing-kube-prometheus)
-    - [Installing](#installing)
-    - [Compiling](#compiling)
-    - [Apply the kube-prometheus stack](#apply-the-kube-prometheus-stack)
-    - [Containerized Installing and Compiling](#containerized-installing-and-compiling)
-  - [Update from upstream project](#update-from-upstream-project)
-    - [Update jb](#update-jb)
-    - [Update kube-prometheus](#update-kube-prometheus)
-    - [Compile the manifests and apply](#compile-the-manifests-and-apply)
-  - [Configuration](#configuration)
-  - [Customization Examples](#customization-examples)
-    - [Cluster Creation Tools](#cluster-creation-tools)
-    - [Internal Registry](#internal-registry)
-    - [NodePorts](#nodeports)
-    - [Prometheus Object Name](#prometheus-object-name)
-    - [node-exporter DaemonSet namespace](#node-exporter-daemonset-namespace)
-    - [Alertmanager configuration](#alertmanager-configuration)
-    - [Adding additional namespaces to monitor](#adding-additional-namespaces-to-monitor)
-      - [Defining the ServiceMonitor for each addional Namespace](#defining-the-servicemonitor-for-each-addional-namespace)
-    - [Static etcd configuration](#static-etcd-configuration)
-    - [Pod Anti-Affinity](#pod-anti-affinity)
-    - [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards)
-    - [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress)
-  - [Minikube Example](#minikube-example)
-  - [Troubleshooting](#troubleshooting)
-    - [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics)
-      - [Authentication problem](#authentication-problem)
-      - [Authorization problem](#authorization-problem)
-    - [kube-state-metrics resource usage](#kube-state-metrics-resource-usage)
-  - [Contributing](#contributing)
-
 ## Prerequisites
 
 You will need a Kubernetes cluster, that's it! By default it is assumed, that the kubelet uses token authentication and authorization, as otherwise Prometheus needs a client certificate, which gives it full access to the kubelet, rather than just the metrics. Token authentication and authorization allows more fine grained and easier access control.
 
 This means the kubelet configuration must contain these flags:
 
-* `--authentication-token-webhook=true` This flag enables, that a `ServiceAccount` token can be used to authenticate against the kubelet(s).
-* `--authorization-mode=Webhook` This flag enables, that the kubelet will perform an RBAC request with the API to determine, whether the requesting entity (Prometheus in this case) is allow to access a resource, in specific for this project the `/metrics` endpoint.
+* `--authentication-token-webhook=true` This flag enables, that a `ServiceAccount` token can be used to authenticate against the kubelet(s). This can also be enabled by setting the kubelet configuration value `authentication.webhook.enabled` to `true`.
+* `--authorization-mode=Webhook` This flag enables, that the kubelet will perform an RBAC request with the API to determine, whether the requesting entity (Prometheus in this case) is allowed to access a resource, in specific for this project the `/metrics` endpoint. This can also be enabled by setting the kubelet configuration value `authorization.mode` to `Webhook`.
 
-This stack provides [resource metrics](https://github.com/kubernetes/metrics#resource-metrics-api) by deploying the [Prometheus Adapter](https://github.com/DirectXMan12/k8s-prometheus-adapter/).
-This adapter is an Extension API Server and Kubernetes needs to be have this feature enabled, otherwise the adapter has no effect, but is still deployed.
+This stack provides [resource metrics](https://github.com/kubernetes/metrics#resource-metrics-api) by deploying
+the [Prometheus Adapter](https://github.com/kubernetes-sigs/prometheus-adapter).
+This adapter is an Extension API Server and Kubernetes needs to be have this feature enabled, otherwise the adapter has
+no effect, but is still deployed.
+
+## Compatibility
+
+The following Kubernetes versions are supported and work as we test against these versions in their respective branches. But note that other versions might work!
+
+| kube-prometheus stack                                                                      | Kubernetes 1.21 | Kubernetes 1.22 | Kubernetes 1.23 | Kubernetes 1.24 | Kubernetes 1.25 |
+|--------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|
+| [`release-0.9`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.9)   | ✔               | ✔               | ✗               | ✗               | ✗               |
+| [`release-0.10`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.10) | ✗               | ✔               | ✔               | ✗               | ✗               |
+| [`release-0.11`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.11) | ✗               | ✗               | ✔               | ✔               | ✗               |
+| [`release-0.12`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.12) | ✗               | ✗               | ✗               | ✔               | ✔               |
+| [`main`](https://github.com/prometheus-operator/kube-prometheus/tree/main)                 | ✗               | ✗               | ✗               | ✗               | ✔               |
+
+## Quickstart
+
+> Note: For versions before Kubernetes v1.21.z refer to the [Kubernetes compatibility matrix](#compatibility) in order to choose a compatible branch.
+
+This project is intended to be used as a library (i.e. the intent is not for you to create your own modified copy of this repository).
+
+Though for a quickstart a compiled version of the Kubernetes [manifests](manifests) generated with this library (specifically with `example.jsonnet`) is checked into this repository in order to try the content out quickly. To try out the stack un-customized run:
+* Create the monitoring stack using the config in the `manifests` directory:
+
+```shell
+# Create the namespace and CRDs, and then wait for them to be available before creating the remaining resources
+# Note that due to some CRD size we are using kubectl server-side apply feature which is generally available since kubernetes 1.22.
+# If you are using previous kubernetes versions this feature may not be available and you would need to use kubectl create instead.
+kubectl apply --server-side -f manifests/setup
+kubectl wait \
+	--for condition=Established \
+	--all CustomResourceDefinition \
+	--namespace=monitoring
+kubectl apply -f manifests/
+```
+
+We create the namespace and CustomResourceDefinitions first to avoid race conditions when deploying the monitoring components.
+Alternatively, the resources in both folders can be applied with a single command
+`kubectl apply --server-side -f manifests/setup -f manifests`, but it may be necessary to run the command multiple times for all components to
+be created successfully.
+
+* And to teardown the stack:
+
+```shell
+kubectl delete --ignore-not-found=true -f manifests/ -f manifests/setup
+```
 
 ### minikube
 
 To try out this stack, start [minikube](https://github.com/kubernetes/minikube) with the following command:
 
 ```shell
-$ minikube delete && minikube start --kubernetes-version=v1.17.3 --memory=6g --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.address=0.0.0.0 --extra-config=controller-manager.address=0.0.0.0
+$ minikube delete && minikube start --kubernetes-version=v1.23.0 --memory=6g --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.bind-address=0.0.0.0 --extra-config=controller-manager.bind-address=0.0.0.0
 ```
 
 The kube-prometheus stack includes a resource metrics API server, so the metrics-server addon is not necessary. Ensure the metrics-server addon is disabled on minikube:
@@ -85,635 +94,29 @@ The kube-prometheus stack includes a resource metrics API server, so the metrics
 $ minikube addons disable metrics-server
 ```
 
-## Compatibility
+## Getting started
 
-### Kubernetes compatibility matrix
+Before deploying kube-prometheus in a production environment, read:
 
-| kube-prometheus stack | Kubernetes 1.14 | Kubernetes 1.15 | Kubernetes 1.16 | Kubernetes 1.17 |
-|-----------------------|-----------------|-----------------|-----------------|-----------------|
-| `release-0.3`         | ✔              | ✔              | ✔              | ✔              |
-| `release-0.4`         | ✗              | ✗              | ✔              | ✔              |
-| `HEAD`                | ✗              | ✗              | ✗              | ✔              |
+1. [Customizing kube-prometheus](docs/customizing.md)
+2. [Customization examples](docs/customizations)
+3. [Accessing Graphical User Interfaces](docs/access-ui.md)
+4. [Troubleshooting kube-prometheus](docs/troubleshooting.md)
 
-## Quickstart
+## Documentation
 
->Note: For versions before Kubernetes v1.17.0 refer to the [Kubernetes compatibility matrix](#kubernetes-compatibility-matrix) in order to choose a compatible branch.
-
-This project is intended to be used as a library (i.e. the intent is not for you to create your own modified copy of this repository).
-
-Though for a quickstart a compiled version of the Kubernetes [manifests](manifests) generated with this library (specifically with `example.jsonnet`) is checked into this repository in order to try the content out quickly. To try out the stack un-customized run:
- * Create the monitoring stack using the config in the `manifests` directory:
-
-```shell
-# Create the namespace and CRDs, and then wait for them to be availble before creating the remaining resources
-kubectl create -f manifests/setup
-until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done
-kubectl create -f manifests/
-```
-
-We create the namespace and CustomResourceDefinitions first to avoid race conditions when deploying the monitoring components.
-Alternatively, the resources in both folders can be applied with a single command
-`kubectl create -f manifests/setup -f manifests`, but it may be necessary to run the command multiple times for all components to
-be created successfullly.
-
- * And to teardown the stack:
-```shell
-kubectl delete --ignore-not-found=true -f manifests/ -f manifests/setup
-```
-
-### Access the dashboards
-
-Prometheus, Grafana, and Alertmanager dashboards can be accessed quickly using `kubectl port-forward` after running the quickstart via the commands below. Kubernetes 1.10 or later is required.
-
-> Note: There are instructions on how to route to these pods behind an ingress controller in the [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress) section.
-
-Prometheus
-
-```shell
-$ kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090
-```
-
-Then access via [http://localhost:9090](http://localhost:9090)
-
-Grafana
-
-```shell
-$ kubectl --namespace monitoring port-forward svc/grafana 3000
-```
-
-Then access via [http://localhost:3000](http://localhost:3000) and use the default grafana user:password of `admin:admin`.
-
-Alert Manager
-
-```shell
-$ kubectl --namespace monitoring port-forward svc/alertmanager-main 9093
-```
-
-Then access via [http://localhost:9093](http://localhost:9093)
-
-## Customizing Kube-Prometheus
-
-This section:
- * describes how to customize the kube-prometheus library via compiling the kube-prometheus manifests yourself (as an alternative to the [Quickstart section](#Quickstart)).
- * still doesn't require you to make a copy of this entire repository, but rather only a copy of a few select files.
-
-### Installing
-
-The content of this project consists of a set of [jsonnet](http://jsonnet.org/) files making up a library to be consumed.
-
-Install this library in your own project with [jsonnet-bundler](https://github.com/jsonnet-bundler/jsonnet-bundler#install) (the jsonnet package manager):
-```shell
-$ mkdir my-kube-prometheus; cd my-kube-prometheus
-$ jb init  # Creates the initial/empty `jsonnetfile.json`
-# Install the kube-prometheus dependency
-$ jb install github.com/coreos/kube-prometheus/jsonnet/kube-prometheus@release-0.4 # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json`
-```
-
-> `jb` can be installed with `go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb`
-
-> An e.g. of how to install a given version of this library: `jb install github.com/coreos/kube-prometheus/jsonnet/kube-prometheus@release-0.4`
-
-In order to update the kube-prometheus dependency, simply use the jsonnet-bundler update functionality:
-```shell
-$ jb update
-```
-
-### Compiling
-
-e.g. of how to compile the manifests: `./build.sh example.jsonnet`
-
-> before compiling, install `gojsontoyaml` tool with `go get github.com/brancz/gojsontoyaml`
-
-Here's [example.jsonnet](example.jsonnet):
-
-> Note: some of the following components must be configured beforehand. See [configuration](#configuration) and [customization-examples](#customization-examples).
-
-[embedmd]:# (example.jsonnet)
-```jsonnet
-local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') +
-  // Uncomment the following imports to enable its patches
-  // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
-  {
-    _config+:: {
-      namespace: 'monitoring',
-    },
-  };
-
-{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{
-  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
-  for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
-} +
-// serviceMonitor is separated so that it can be created after the CRDs are ready
-{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-And here's the [build.sh](build.sh) script (which uses `vendor/` to render all manifests in a json structure of `{filename: manifest-content}`):
-
-[embedmd]:# (build.sh)
-```sh
-#!/usr/bin/env bash
-
-# This script uses arg $1 (name of *.jsonnet file to use) to generate the manifests/*.yaml files.
-
-set -e
-set -x
-# only exit with zero if all commands of the pipeline exit successfully
-set -o pipefail
-
-# Make sure to use project tooling
-PATH="$(pwd)/tmp/bin:${PATH}"
-
-# Make sure to start with a clean 'manifests' dir
-rm -rf manifests
-mkdir -p manifests/setup
-
-                                               # optional, but we would like to generate yaml, not json
-jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml; rm -f {}' -- {}
-
-```
-
-> Note you need `jsonnet` (`go get github.com/google/go-jsonnet/cmd/jsonnet`) and `gojsontoyaml` (`go get github.com/brancz/gojsontoyaml`) installed to run `build.sh`. If you just want json output, not yaml, then you can skip the pipe and everything afterwards.
-
-This script runs the jsonnet code, then reads each key of the generated json and uses that as the file name, and writes the value of that key to that file, and converts each json manifest to yaml.
-
-### Apply the kube-prometheus stack
-The previous steps (compilation) has created a bunch of manifest files in the manifest/ folder.
-Now simply use `kubectl` to install Prometheus and Grafana as per your configuration:
-
-```shell
-# Update the namespace and CRDs, and then wait for them to be availble before creating the remaining resources
-$ kubectl apply -f manifests/setup
-$ kubectl apply -f manifests/
-```
-Alternatively, the resources in both folders can be applied with a single command
-`kubectl apply -Rf manifests`, but it may be necessary to run the command multiple times for all components to
-be created successfullly.
-
-Check the monitoring namespace (or the namespace you have specific in `namespace: `) and make sure the pods are running. Prometheus and Grafana should be up and running soon.
-
-### Containerized Installing and Compiling
-
-If you don't care to have `jb` nor `jsonnet` nor `gojsontoyaml` installed, then use `quay.io/coreos/jsonnet-ci` container image. Do the following from this `kube-prometheus` directory:
-```shell
-$ docker run --rm -v $(pwd):$(pwd) --workdir $(pwd) quay.io/coreos/jsonnet-ci jb update
-$ docker run --rm -v $(pwd):$(pwd) --workdir $(pwd) quay.io/coreos/jsonnet-ci ./build.sh example.jsonnet
-```
-
-## Update from upstream project
-You may wish to fetch changes made on this project so they are available to you.
-
-### Update jb
-`jb` may have been updated so it's a good idea to get the latest version of this binary:
-
-```shell
-$ go get -u github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb
-```
-
-### Update kube-prometheus
-The command below will sync with upstream project:
-```shell
-$ jb update
-```
-
-### Compile the manifests and apply
-Once updated, just follow the instructions under "Compiling" and "Apply the kube-prometheus stack" to apply the changes to your cluster.
-
-
-## Configuration
-
-Jsonnet has the concept of hidden fields. These are fields, that are not going to be rendered in a result. This is used to configure the kube-prometheus components in jsonnet. In the example jsonnet code of the above [Customizing Kube-Prometheus section](#customizing-kube-prometheus), you can see an example of this, where the `namespace` is being configured to be `monitoring`. In order to not override the whole object, use the `+::` construct of jsonnet, to merge objects, this way you can override individual settings, but retain all other settings and defaults.
-
-These are the available fields with their respective default values:
-```
-{
-	_config+:: {
-    namespace: "default",
-
-    versions+:: {
-        alertmanager: "v0.17.0",
-        nodeExporter: "v0.18.1",
-        kubeStateMetrics: "v1.5.0",
-        kubeRbacProxy: "v0.4.1",
-        prometheusOperator: "v0.30.0",
-        prometheus: "v2.10.0",
-    },
-
-    imageRepos+:: {
-        prometheus: "quay.io/prometheus/prometheus",
-        alertmanager: "quay.io/prometheus/alertmanager",
-        kubeStateMetrics: "quay.io/coreos/kube-state-metrics",
-        kubeRbacProxy: "quay.io/coreos/kube-rbac-proxy",
-        nodeExporter: "quay.io/prometheus/node-exporter",
-        prometheusOperator: "quay.io/coreos/prometheus-operator",
-    },
-
-    prometheus+:: {
-        names: 'k8s',
-        replicas: 2,
-        rules: {},
-    },
-
-    alertmanager+:: {
-      name: 'main',
-      config: |||
-        global:
-          resolve_timeout: 5m
-        route:
-          group_by: ['job']
-          group_wait: 30s
-          group_interval: 5m
-          repeat_interval: 12h
-          receiver: 'null'
-          routes:
-          - match:
-              alertname: Watchdog
-            receiver: 'null'
-        receivers:
-        - name: 'null'
-      |||,
-      replicas: 3,
-    },
-
-    kubeStateMetrics+:: {
-      collectors: '',  // empty string gets a default set
-      scrapeInterval: '30s',
-      scrapeTimeout: '30s',
-
-      baseCPU: '100m',
-      baseMemory: '150Mi',
-    },
-
-    nodeExporter+:: {
-      port: 9100,
-    },
-	},
-}
-```
-
-The grafana definition is located in a different project (https://github.com/brancz/kubernetes-grafana), but needed configuration can be customized from the same top level `_config` field. For example to allow anonymous access to grafana, add the following `_config` section:
-```
-      grafana+:: {
-        config: { // http://docs.grafana.org/installation/configuration/
-          sections: {
-            "auth.anonymous": {enabled: true},
-          },
-        },
-      },
-```
-
-## Customization Examples
-
-Jsonnet is a turing complete language, any logic can be reflected in it. It also has powerful merge functionalities, allowing sophisticated customizations of any kind simply by merging it into the object the library provides.
-
-### Cluster Creation Tools
-
-A common example is that not all Kubernetes clusters are created exactly the same way, meaning the configuration to monitor them may be slightly different. For [kubeadm](examples/jsonnet-snippets/kubeadm.jsonnet), [bootkube](examples/jsonnet-snippets/bootkube.jsonnet), [kops](examples/jsonnet-snippets/kops.jsonnet) and [kubespray](examples/jsonnet-snippets/kubespray.jsonnet) clusters there are mixins available to easily configure these:
-
-kubeadm:
-
-[embedmd]:# (examples/jsonnet-snippets/kubeadm.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet')
-```
-
-bootkube:
-
-[embedmd]:# (examples/jsonnet-snippets/bootkube.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-bootkube.libsonnet')
-```
-
-kops:
-
-[embedmd]:# (examples/jsonnet-snippets/kops.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-kops.libsonnet')
-```
-
-kops with CoreDNS:
-
-If your kops cluster is using CoreDNS, there is an additional mixin to import.
-
-[embedmd]:# (examples/jsonnet-snippets/kops-coredns.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-kops.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet')
-```
-
-kubespray:
-
-[embedmd]:# (examples/jsonnet-snippets/kubespray.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-kubespray.libsonnet')
-```
-
-kube-aws:
-
-[embedmd]:# (examples/jsonnet-snippets/kube-aws.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-kube-aws.libsonnet')
-```
-
-### Internal Registry
-
-Some Kubernetes installations source all their images from an internal registry. kube-prometheus supports this use case and helps the user synchronize every image it uses to the internal registry and generate manifests pointing at the internal registry.
-
-To produce the `docker pull/tag/push` commands that will synchronize upstream images to `internal-registry.com/organization` (after having run the `jb` command to populate the vendor directory):
-
-```shell
-$ jsonnet -J vendor -S --tla-str repository=internal-registry.com/organization sync-to-internal-registry.jsonnet
-$ docker pull k8s.gcr.io/addon-resizer:1.8.4
-$ docker tag k8s.gcr.io/addon-resizer:1.8.4 internal-registry.com/organization/addon-resizer:1.8.4
-$ docker push internal-registry.com/organization/addon-resizer:1.8.4
-$ docker pull quay.io/prometheus/alertmanager:v0.16.2
-$ docker tag quay.io/prometheus/alertmanager:v0.16.2 internal-registry.com/organization/alertmanager:v0.16.2
-$ docker push internal-registry.com/organization/alertmanager:v0.16.2
-...
-```
-
-The output of this command can be piped to a shell to be executed by appending `| sh`.
-
-Then to generate manifests with `internal-registry.com/organization`, use the `withImageRepository` mixin:
-
-[embedmd]:# (examples/internal-registry.jsonnet)
-```jsonnet
-local mixin = import 'kube-prometheus/kube-prometheus-config-mixins.libsonnet';
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-} + mixin.withImageRepository('internal-registry.com/organization');
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-### NodePorts
-
-Another mixin that may be useful for exploring the stack is to expose the UIs of Prometheus, Alertmanager and Grafana on NodePorts:
-
-[embedmd]:# (examples/jsonnet-snippets/node-ports.jsonnet)
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-node-ports.libsonnet')
-```
-
-### Prometheus Object Name
-
-To give another customization example, the name of the `Prometheus` object provided by this library can be overridden:
-
-[embedmd]:# (examples/prometheus-name-override.jsonnet)
-```jsonnet
-((import 'kube-prometheus/kube-prometheus.libsonnet') + {
-   prometheus+: {
-     prometheus+: {
-       metadata+: {
-         name: 'my-name',
-       },
-     },
-   },
- }).prometheus.prometheus
-```
-
-### node-exporter DaemonSet namespace
-
-Standard Kubernetes manifests are all written using [ksonnet-lib](https://github.com/ksonnet/ksonnet-lib/), so they can be modified with the mixins supplied by ksonnet-lib. For example to override the namespace of the node-exporter DaemonSet:
-
-[embedmd]:# (examples/ksonnet-example.jsonnet)
-```jsonnet
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
-local daemonset = k.apps.v1beta2.daemonSet;
-
-((import 'kube-prometheus/kube-prometheus.libsonnet') + {
-   nodeExporter+: {
-     daemonset+:
-       daemonset.mixin.metadata.withNamespace('my-custom-namespace'),
-   },
- }).nodeExporter.daemonset
-```
-
-### Alertmanager configuration
-
-The Alertmanager configuration is located in the `_config.alertmanager.config` configuration field. In order to set a custom Alertmanager configuration simply set this field.
-
-[embedmd]:# (examples/alertmanager-config.jsonnet)
-```jsonnet
-((import 'kube-prometheus/kube-prometheus.libsonnet') + {
-   _config+:: {
-     alertmanager+: {
-       config: |||
-         global:
-           resolve_timeout: 10m
-         route:
-           group_by: ['job']
-           group_wait: 30s
-           group_interval: 5m
-           repeat_interval: 12h
-           receiver: 'null'
-           routes:
-           - match:
-               alertname: Watchdog
-             receiver: 'null'
-         receivers:
-         - name: 'null'
-       |||,
-     },
-   },
- }).alertmanager.secret
-```
-
-In the above example the configuration has been inlined, but can just as well be an external file imported in jsonnet via the `importstr` function.
-
-[embedmd]:# (examples/alertmanager-config-external.jsonnet)
-```jsonnet
-((import 'kube-prometheus/kube-prometheus.libsonnet') + {
-   _config+:: {
-     alertmanager+: {
-       config: importstr 'alertmanager-config.yaml',
-     },
-   },
- }).alertmanager.secret
-```
-
-### Adding additional namespaces to monitor
-
-In order to monitor additional namespaces, the Prometheus server requires the appropriate `Role` and `RoleBinding` to be able to discover targets from that namespace. By default the Prometheus server is limited to the three namespaces it requires: default, kube-system and the namespace you configure the stack to run in via `$._config.namespace`. This is specified in `$._config.prometheus.namespaces`, to add new namespaces to monitor, simply append the additional namespaces:
-
-[embedmd]:# (examples/additional-namespaces.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-
-    prometheus+:: {
-      namespaces+: ['my-namespace', 'my-second-namespace'],
-    },
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-#### Defining the ServiceMonitor for each addional Namespace
-
-In order to Prometheus be able to discovery and scrape services inside the additional namespaces specified in previous step you need to define a ServiceMonitor resource.
-
-> Typically it is up to the users of a namespace to provision the ServiceMonitor resource, but in case you want to generate it with the same tooling as the rest of the cluster monitoring infrastructure, this is a guide on how to achieve this.
-
-You can define ServiceMonitor resources in your `jsonnet` spec. See the snippet bellow:
-
-[embedmd]:# (examples/additional-namespaces-servicemonitor.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-    prometheus+:: {
-      namespaces+: ['my-namespace', 'my-second-namespace'],
-    },
-  },
-  prometheus+:: {
-    serviceMonitorMyNamespace: {
-      apiVersion: 'monitoring.coreos.com/v1',
-      kind: 'ServiceMonitor',
-      metadata: {
-        name: 'my-servicemonitor',
-        namespace: 'my-namespace',
-      },
-      spec: {
-        jobLabel: 'app',
-        endpoints: [
-          {
-            port: 'http-metrics',
-          },
-        ],
-        selector: {
-          matchLabels: {
-            app: 'myapp',
-          },
-        },
-      },
-    },
-  },
-
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-> NOTE: make sure your service resources has the right labels (eg. `'app': 'myapp'`) applied. Prometheus use kubernetes labels to discovery resources inside the namespaces.
-
-### Static etcd configuration
-
-In order to configure a static etcd cluster to scrape there is a simple [kube-prometheus-static-etcd.libsonnet](jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet) mixin prepared - see [etcd.jsonnet](examples/etcd.jsonnet) for an example of how to use that mixin, and [Monitoring external etcd](docs/monitoring-external-etcd.md) for more information.
-
-> Note that monitoring etcd in minikube is currently not possible because of how etcd is setup. (minikube's etcd binds to 127.0.0.1:2379 only, and within host networking namespace.)
-
-### Pod Anti-Affinity
-
-To prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when
-possible, one can include the [kube-prometheus-anti-affinity.libsonnet](jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet) mixin:
-
-```jsonnet
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet')
-```
-
-### Customizing Prometheus alerting/recording rules and Grafana dashboards
-
-See [developing Prometheus rules and Grafana dashboards](docs/developing-prometheus-rules-and-grafana-dashboards.md) guide.
-
-### Exposing Prometheus/Alermanager/Grafana via Ingress
-
-See [exposing Prometheus/Alertmanager/Grafana](docs/exposing-prometheus-alertmanager-grafana-ingress.md) guide.
-
-## Minikube Example
-
-To use an easy to reproduce example, see [minikube.jsonnet](examples/minikube.jsonnet), which uses the minikube setup as demonstrated in [Prerequisites](#prerequisites). Because we would like easy access to our Prometheus, Alertmanager and Grafana UIs, `minikube.jsonnet` exposes the services as NodePort type services.
-
-## Troubleshooting
-
-### Error retrieving kubelet metrics
-
-Should the Prometheus `/targets` page show kubelet targets, but not able to successfully scrape the metrics, then most likely it is a problem with the authentication and authorization setup of the kubelets.
-
-As described in the [Prerequisites](#prerequisites) section, in order to retrieve metrics from the kubelet token authentication and authorization must be enabled. Some Kubernetes setup tools do not enable this by default.
-
-- If you are using Google's GKE product, see [cAdvisor support](docs/GKE-cadvisor-support.md).
-- If you are using AWS EKS, see [AWS EKS CNI support](docs/EKS-cni-support.md).
-- If you are using Weave Net, see [Weave Net support](docs/weave-net-support.md).
-
-#### Authentication problem
-
-The Prometheus `/targets` page will show the kubelet job with the error `403 Unauthorized`, when token authentication is not enabled. Ensure, that the `--authentication-token-webhook=true` flag is enabled on all kubelet configurations.
-
-#### Authorization problem
-
-The Prometheus `/targets` page will show the kubelet job with the error `401 Unauthorized`, when token authorization is not enabled. Ensure that the `--authorization-mode=Webhook` flag is enabled on all kubelet configurations.
-
-### kube-state-metrics resource usage
-
-In some environments, kube-state-metrics may need additional
-resources. One driver for more resource needs, is a high number of
-namespaces. There may be others.
-
-kube-state-metrics resource allocation is managed by
-[addon-resizer](https://github.com/kubernetes/autoscaler/tree/master/addon-resizer/nanny)
-You can control it's parameters by setting variables in the
-config. They default to:
-
-``` jsonnet
-    kubeStateMetrics+:: {
-      baseCPU: '100m',
-      cpuPerNode: '2m',
-      baseMemory: '150Mi',
-      memoryPerNode: '30Mi',
-    }
-```
+1. [Continuous Delivery](examples/continuous-delivery)
+2. [Update to new version](docs/update.md)
+3. For more documentation on the project refer to `docs/` directory.
 
 ## Contributing
 
-All `.yaml` files in the `/manifests` folder are generated via
-[Jsonnet](https://jsonnet.org/). Contributing changes will most likely include
-the following process:
+To contribute to kube-prometheus, refer to [Contributing](CONTRIBUTING.md).
 
-1. Make your changes in the respective `*.jsonnet` file.
-2. Commit your changes (This is currently necessary due to our vendoring
-   process. This is likely to change in the future).
-3. Update the pinned kube-prometheus dependency in `jsonnetfile.lock.json`: `jb update`
-3. Generate dependent `*.yaml` files: `make generate`
-4. Commit the generated changes.
+## Join the discussion
+
+If you have any questions or feedback regarding kube-prometheus, join the [kube-prometheus discussion](https://github.com/prometheus-operator/kube-prometheus/discussions). Alternatively, consider joining [the kubernetes slack #prometheus-operator channel](http://slack.k8s.io/) or project's bi-weekly [Contributor Office Hours](https://docs.google.com/document/d/1-fjJmzrwRpKmSPHtXN5u6VZnn39M28KqyQGBEJsqUOk/edit#).
+
+## License
+
+Apache License 2.0, see [LICENSE](https://github.com/prometheus-operator/kube-prometheus/blob/main/LICENSE).

RELEASE.md

@@ -0,0 +1,120 @@
+# Release schedule
+
+Kube-prometheus has a somehow predictable release schedule, releases were
+historically cut in sync with OpenShift releases as per downstream needs. So
+far there hasn't been any problem with this schedule since it is also in sync
+with Kubernetes releases. So for every new Kubernetes release, there is a new
+release of kube-prometheus, although it tends to happen later.
+
+# How to cut a new release
+
+> This guide is strongly based on the [prometheus-operator release
+> instructions](https://github.com/prometheus-operator/prometheus-operator/blob/master/RELEASE.md).
+
+## Branch management and versioning strategy
+
+We use [Semantic Versioning](http://semver.org/).
+
+We maintain a separate branch for each minor release, named
+`release-<major>.<minor>`, e.g. `release-1.1`, `release-2.0`.
+
+The usual flow is to merge new features and changes into the master branch and
+to merge bug fixes into the latest release branch. Bug fixes are then merged
+into master from the latest release branch. The master branch should always
+contain all commits from the latest release branch.
+
+If a bug fix got accidentally merged into master, cherry-pick commits have to be
+created in the latest release branch, which then has to be merged back into
+master. Try to avoid that situation.
+
+Maintaining the release branches for older minor releases happens on a best
+effort basis.
+
+## Cut a release of kubernetes-mixins
+
+kube-prometheus and kubernetes-mixins releases are tied, so before cutting the
+release of kube-prometheus we should make sure that the same release of
+kubernetes-mixins exists.
+
+## Update components version
+
+Every release of kube-prometheus should include the latest versions of each
+component. Updating them is automated via a CI job that can be triggered
+manually from this
+[workflow](https://github.com/prometheus-operator/kube-prometheus/actions/workflows/versions.yaml).
+
+Once the workflow is completed, the prometheus-operator bot will create some
+PRs. You should merge the one prefixed by `[bot][main]` if created before
+proceeding. If the bot didn't create the PR, it is either because the workflow
+failed or because the main branch was already up-to-date.
+
+## Update Kubernetes supported versions
+
+The main branch of kube-prometheus should support the last 2 versions of
+Kubernetes. We need to make sure that the CI on the main branch is testing the
+kube-prometheus configuration against both of these versions by updating the [CI
+worklow](.github/workflows/ci.yaml) to include the latest kind version and the
+2 latest images versions that are attached to the kind release. Once that is
+done, the [compatibility matrix](README.md#compatibility) in
+the README should also be updated to reflect the CI changes.
+
+## Create pull request to cut the release
+
+### Pin Jsonnet dependencies
+
+Pin jsonnet dependencies in
+[jsonnetfile.json](jsonnet/kube-prometheus/jsonnetfile.json). Each dependency
+should be pinned to the latest release branch or if it doesn't have one, pinned
+to the latest commit.
+
+### Start with a fresh environment
+
+```bash
+make clean
+```
+
+### Update Jsonnet dependencies
+
+```bash
+make update
+```
+
+### Generate manifests
+
+```bash
+make generate
+```
+
+### Update the compatibility matrix
+
+Update the [compatibility matrix](README.md#compatibility) in
+the README, by adding the new release based on the `main` branch compatibility
+and removing the oldest release branch to only keep the latest 5 branches in the
+matrix.
+
+### Update changelog
+
+Iterate over the PRs that were merged between the latest release of kube-prometheus and the HEAD and add the changelog entries to the [CHANGELOG](CHANGELOG.md).
+
+## Create release branch
+
+Once the PR cutting the release is merged, pull the changes, create a new
+release branch named `release-x.y` based on the latest changes and push it to
+the upstream repository.
+
+## Create follow-up pull request
+
+### Unpin Jsonnet dependencies
+
+Revert previous changes made when pinning the jsonnet dependencies since we want
+the main branch to be in sync with the latest changes of its dependencies.
+
+### Update CI workflow
+
+Update the [versions workflow](.github/workflows/versions.yaml) to include the latest release branch and remove the oldest one to reflect the list of supported releases.
+
+### Update Kubernetes versions used by kubeconform
+
+Update the versions of Kubernetes used when validating manifests with
+kubeconform in the [Makefile](Makefile) to align with the compatibility
+matrix.

build.sh

@@ -14,6 +14,10 @@ PATH="$(pwd)/tmp/bin:${PATH}"
 rm -rf manifests
 mkdir -p manifests/setup
 
-                                               # optional, but we would like to generate yaml, not json
-jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml; rm -f {}' -- {}
+# Calling gojsontoyaml is optional, but we would like to generate yaml, not json
+jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml' -- {}
+
+# Make sure to remove json files
+find manifests -type f ! -name '*.yaml' -delete
+rm -f kustomization
 

code-of-conduct.md

@@ -1,4 +1,4 @@
-## CoreOS Community Code of Conduct
+## Community Code of Conduct
 
 ### Contributor Code of Conduct
 
@@ -33,29 +33,9 @@ This code of conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting a project maintainer, Brandon Philips
-<brandon.philips@coreos.com>, and/or Rithu John <rithu.john@coreos.com>.
+reported by contacting a project maintainer listed in
+https://github.com/prometheus-operator/prometheus-operator/blob/master/MAINTAINERS.md.
 
 This Code of Conduct is adapted from the Contributor Covenant
 (http://contributor-covenant.org), version 1.2.0, available at
 http://contributor-covenant.org/version/1/2/0/
-
-### CoreOS Events Code of Conduct
-
-CoreOS events are working conferences intended for professional networking and
-collaboration in the CoreOS community. Attendees are expected to behave
-according to professional standards and in accordance with their employer’s
-policies on appropriate workplace behavior.
-
-While at CoreOS events or related social networking opportunities, attendees
-should not engage in discriminatory or offensive speech or actions including
-but not limited to gender, sexuality, race, age, disability, or religion.
-Speakers should be especially aware of these concerns.
-
-CoreOS does not condone any statements by speakers contrary to these standards.
-CoreOS reserves the right to deny entrance and/or eject from an event (without
-refund) any individual found to be engaging in discriminatory or offensive
-speech or actions.
-
-Please bring any concerns to the immediate attention of designated on-site
-staff, Brandon Philips <brandon.philips@coreos.com>, and/or Rithu John <rithu.john@coreos.com>.

developer-workspace/README.md

@@ -0,0 +1,33 @@
+# Ephemeral developer workspaces
+
+Aiming to provide better developer experience when making contributions to kube-prometheus, whether by actively developing new features/bug fixes or by reviewing pull requests, we want to provide ephemeral developer workspaces with everything already configured (as far as tooling makes it possible).
+
+Those developer workspaces should provide a brand new kubernetes cluster, where kube-prometheus can be easily deployed and the contributor can easily see the impact that a pull request is proposing.
+
+Today there is 2 providers in the market:
+* [Github Codespaces](https://github.com/features/codespaces)
+* [Gitpod](https://www.gitpod.io/)
+
+## Codespaces
+
+Unfortunately, Codespaces is not available for everyone. If you are fortunate to have access to it, you can open a new workspace from a specific branch, or even from Pull Requests.
+
+![image](https://user-images.githubusercontent.com/24193764/135522435-44b177b4-00d4-4863-b45b-2db47c8c70d0.png)
+
+![image](https://user-images.githubusercontent.com/24193764/135522560-c64968ab-3b4e-4639-893a-c4d0a14421aa.png)
+
+After your workspace start, you can deploy a kube-prometheus inside a Kind cluster inside by running `make deploy`.
+
+If you are reviewing a PR, you'll have a fully-functional kubernetes cluster, generating real monitoring data that can be used to review if the proposed changes works as described.
+
+If you are working on new features/bug fixes, you can regenerate kube-prometheus's YAML manifests with `make generate` and deploy it again with `make deploy`.
+
+## Gitpod
+
+Gitpod is already available to everyone to use for free. It can also run commands that we speficy in the `.gitpod.yml` file located in the root directory of the git repository, so even the cluster creation can be fully automated.
+
+You can use the same workflow as mentioned in the [Codespaces](#codespaces) section, however Gitpod doesn't have native support for any kubernetes distribution. The workaround is to create a full QEMU Virtual Machine and deploy [k3s](https://github.com/k3s-io/k3s) inside this VM. Don't worry, this whole process is already fully automated, but due to the workaround the whole workspace may be very slow.
+
+To open up a workspace with Gitpod, you can install the [Google Chrome extension](https://www.gitpod.io/docs/browser-extension/) to add a new button to Github UI and use it on PRs or from the main page. Or by directly typing in the browser `http://gitpod.io/#https://github.com/prometheus-operator/kube-prometheus/pull/<Pull Request Number>` or just `http://gitpod.io/#https://github.com/prometheus-operator/kube-prometheus`
+
+![image](https://user-images.githubusercontent.com/24193764/135534546-4f6bf0e5-57cd-4e35-ad80-88bd47d64276.png)

developer-workspace/codespaces/prepare-kind.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+which kind
+if [[ $? != 0 ]]; then
+    echo 'kind not available in $PATH, installing latest kind'
+    # Install latest kind
+    curl -s https://api.github.com/repos/kubernetes-sigs/kind/releases/latest \
+    | grep "browser_download_url.*kind-linux-amd64" \
+    | cut -d : -f 2,3 \
+    | tr -d \" \
+    | wget -qi -
+    mv kind-linux-amd64 developer-workspace/codespaces/kind && chmod +x developer-workspace/codespaces/kind
+    export PATH=$PATH:$PWD/developer-workspace/codespaces
+fi
+
+cluster_created=$($PWD/developer-workspace/codespaces/kind get clusters 2>&1)
+if [[ "$cluster_created" == "No kind clusters found." ]]; then 
+    $PWD/developer-workspace/codespaces/kind create cluster --config $PWD/.github/workflows/kind/config.yml
+else
+    echo "Cluster '$cluster_created' already present" 
+fi
+
+helm repo add --force-update cilium https://helm.cilium.io/ 
+helm install cilium cilium/cilium --version 1.9.13 \
+  --namespace kube-system \
+  --set nodeinit.enabled=true \
+  --set kubeProxyReplacement=partial \
+  --set hostServices.enabled=false \
+  --set externalIPs.enabled=true \
+  --set nodePort.enabled=true \
+  --set hostPort.enabled=true \
+  --set bpf.masquerade=false \
+  --set image.pullPolicy=IfNotPresent \
+  --set ipam.mode=kubernetes \
+  --set operator.replicas=1

developer-workspace/common/deploy-kube-prometheus.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+kubectl apply --server-side -f manifests/setup
+
+# Safety wait for CRDs to be working
+sleep 30
+
+kubectl apply -f manifests/
+sleep 30
+# Safety wait for resources to be created
+
+kubectl rollout status -n monitoring daemonset node-exporter
+kubectl rollout status -n monitoring statefulset alertmanager-main
+kubectl rollout status -n monitoring statefulset prometheus-k8s
+kubectl rollout status -n monitoring deployment grafana
+kubectl rollout status -n monitoring deployment kube-state-metrics
+
+kubectl port-forward -n monitoring svc/grafana 3000 > /dev/null 2>&1 &
+kubectl port-forward -n monitoring svc/alertmanager-main 9093 > /dev/null 2>&1 &
+kubectl port-forward -n monitoring svc/prometheus-k8s 9090 > /dev/null 2>&1 &

developer-workspace/gitpod/prepare-k3s.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+rootfslock="${script_dirname}/_output/rootfs/rootfs-ready.lock"
+k3sreadylock="${script_dirname}/_output/rootfs/k3s-ready.lock"
+
+if test -f "${k3sreadylock}"; then
+    exit 0
+fi
+
+cd $script_dirname
+
+function waitssh() {
+  while ! nc -z 127.0.0.1 2222; do   
+    sleep 0.1
+  done
+  ./ssh.sh "whoami" &>/dev/null
+  if [ $? -ne 0 ]; then
+    sleep 1
+    waitssh
+  fi
+}
+
+function waitrootfs() {
+  while ! test -f "${rootfslock}"; do
+    sleep 0.1
+  done
+}
+
+echo "🔥 Installing everything, this will be done only one time per workspace."
+
+echo "Waiting for the rootfs to become available, it can take a while, open the terminal #2 for progress"
+waitrootfs
+echo "✅ rootfs available"
+
+echo "Waiting for the ssh server to become available, it can take a while, after this k3s is getting installed"
+waitssh
+echo "✅ ssh server available"
+
+./ssh.sh "curl -sfL https://get.k3s.io | sh -"
+
+mkdir -p ~/.kube
+./scp.sh root@127.0.0.1:/etc/rancher/k3s/k3s.yaml ~/.kube/config
+
+echo "✅ k3s server is ready"
+touch "${k3sreadylock}"
+
+# safety wait for cluster availability
+sleep 30s

developer-workspace/gitpod/prepare-rootfs.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -euo pipefail
+
+img_url="https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64.tar.gz"
+
+script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+outdir="${script_dirname}/_output/rootfs"
+
+rm -Rf $outdir
+mkdir -p $outdir
+
+curl -L -o "${outdir}/rootfs.tar.gz" $img_url
+
+cd $outdir
+
+tar -xvf rootfs.tar.gz
+
+qemu-img resize hirsute-server-cloudimg-amd64.img +20G
+
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'resize2fs /dev/sda'
+
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --root-password password:root
+
+netconf="
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    enp0s3:
+      dhcp4: yes
+"
+
+# networking setup
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "echo '${netconf}' > /etc/netplan/01-net.yaml"
+
+# copy kernel modules
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --copy-in /lib/modules/$(uname -r):/lib/modules
+
+# ssh
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'apt remove openssh-server -y && apt install openssh-server -y'
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config"
+sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config"
+
+# mark as ready
+touch rootfs-ready.lock
+
+echo "k3s development environment is ready"

developer-workspace/gitpod/qemu.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -xeuo pipefail
+
+script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+outdir="${script_dirname}/_output"
+
+sudo qemu-system-x86_64 -kernel "/boot/vmlinuz" \
+-boot c -m 3073M -hda "${outdir}/rootfs/hirsute-server-cloudimg-amd64.img" \
+-net user \
+-smp 8 \
+-append "root=/dev/sda rw console=ttyS0,115200 acpi=off nokaslr" \
+-nic user,hostfwd=tcp::2222-:22,hostfwd=tcp::6443-:6443 \
+-serial mon:stdio -display none

developer-workspace/gitpod/scp.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sshpass -p 'root' scp -o StrictHostKeychecking=no -P 2222 $@

developer-workspace/gitpod/ssh.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sshpass  -p 'root' ssh -o StrictHostKeychecking=no -p 2222 root@127.0.0.1 "$@"

docs/EKS-cni-support.md

@@ -4,26 +4,34 @@ AWS EKS uses [CNI](https://github.com/aws/amazon-vpc-cni-k8s) networking plugin
 
 One fatal issue that can occur is that you run out of IP addresses in your eks cluster. (Generally happens due to error configs where pods keep scheduling).
 
-You can monitor the `awscni` using kube-promethus with : 
-[embedmd]:# (../examples/eks-cni-example.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
-           (import 'kube-prometheus/kube-prometheus-eks.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+You can monitor the `awscni` using kube-promethus with :
+
+```jsonnet mdox-exec="cat examples/eks-cni-example.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+    kubePrometheus+: {
+      platform: 'eks',
+    },
   },
-  prometheusRules+:: {
-    groups+: [
-      {
-        name: 'example-group',
-        rules: [
+  kubernetesControlPlane+: {
+    prometheusRuleEksCNI+: {
+      spec+: {
+        groups+: [
           {
-            record: 'aws_eks_available_ip',
-            expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10',
+            name: 'example-group',
+            rules: [
+              {
+                record: 'aws_eks_available_ip',
+                expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10',
+              },
+            ],
           },
         ],
       },
-    ],
+    },
   },
 };
 

docs/GKE-cadvisor-support.md

@@ -5,6 +5,7 @@ authentication. Until it does, Prometheus must use HTTP (not HTTPS)
 for scraping.
 
 You can configure this behavior through kube-prometheus with:
+
 ```
 local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
     (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet') +

docs/access-ui.md

@@ -0,0 +1,29 @@
+# Access UIs
+
+Prometheus, Grafana, and Alertmanager dashboards can be accessed quickly using `kubectl port-forward` after running the quickstart via the commands below. Kubernetes 1.10 or later is required.
+
+> Note: There are instructions on how to route to these pods behind an ingress controller in the [Exposing Prometheus/Alermanager/Grafana via Ingress](customizations/exposing-prometheus-alertmanager-grafana-ingress.md) section.
+
+## Prometheus
+
+```shell
+$ kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090
+```
+
+Then access via [http://localhost:9090](http://localhost:9090)
+
+## Grafana
+
+```shell
+$ kubectl --namespace monitoring port-forward svc/grafana 3000
+```
+
+Then access via [http://localhost:3000](http://localhost:3000) and use the default grafana user:password of `admin:admin`.
+
+## Alert Manager
+
+```shell
+$ kubectl --namespace monitoring port-forward svc/alertmanager-main 9093
+```
+
+Then access via [http://localhost:9093](http://localhost:9093)

docs/blackbox-exporter.md

@@ -0,0 +1,97 @@
+---
+weight: 304
+toc: true
+title: Blackbox Exporter
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you deploying the blackbox-exporter with the Probe custom resource definition.
+images: []
+draft: false
+description: This guide will help you deploying the blackbox-exporter with the Probe custom resource definition.
+date: "2021-03-08T08:49:31+00:00"
+---
+
+# Setting up a blackbox exporter
+
+The `prometheus-operator` defines a `Probe` resource type that can be used to describe blackbox checks. To execute these, a separate component called [`blackbox_exporter`](https://github.com/prometheus/blackbox_exporter) has to be deployed, which can be scraped to retrieve the results of these checks. You can use `kube-prometheus` to set up such a blackbox exporter within your Kubernetes cluster.
+
+## Adding blackbox exporter manifests to an existing `kube-prometheus` configuration
+
+1. Override blackbox-related configuration parameters as needed.
+2. Add the following to the list of renderers to render the blackbox exporter manifests:
+
+```
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) }
+```
+
+## Configuration parameters influencing the blackbox exporter
+
+* `_config.namespace`: the namespace where the various generated resources (`ConfigMap`, `Deployment`, `Service`, `ServiceAccount` and `ServiceMonitor`) will reside. This does not affect where you can place `Probe` objects; that is determined by the configuration of the `Prometheus` resource. This option is shared with other `kube-prometheus` components; defaults to `default`.
+* `_config.imageRepos.blackboxExporter`: the name of the blackbox exporter image to deploy. Defaults to `quay.io/prometheus/blackbox-exporter`.
+* `_config.versions.blackboxExporter`: the tag of the blackbox exporter image to deploy. Defaults to the version `kube-prometheus` was tested with.
+* `_config.imageRepos.configmapReloader`: the name of the ConfigMap reloader image to deploy. Defaults to `jimmidyson/configmap-reload`.
+* `_config.versions.configmapReloader`: the tag of the ConfigMap reloader image to deploy. Defaults to the version `kube-prometheus` was tested with.
+* `_config.resources.blackbox-exporter.requests`: the requested resources; this is used for each container. Defaults to `10m` CPU and `20Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.
+* `_config.resources.blackbox-exporter.limits`: the resource limits; this is used for each container. Defaults to `20m` CPU and `40Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.
+* `_config.blackboxExporter.port`: the exposed HTTPS port of the exporter. This is what Prometheus can scrape for metrics related to the blackbox exporter itself. Defaults to `9115`.
+* `_config.blackboxExporter.internalPort`: the internal plaintext port of the exporter. Prometheus scrapes configured via `Probe` objects cannot access the HTTPS port right now, so you have to specify this port in the `url` field. Defaults to `19115`.
+* `_config.blackboxExporter.replicas`: the number of exporter replicas to be deployed. Defaults to `1`.
+* `_config.blackboxExporter.matchLabels`: map of the labels to be used to select resources belonging to the instance deployed. Defaults to `{ 'app.kubernetes.io/name': 'blackbox-exporter' }`
+* `_config.blackboxExporter.assignLabels`: map of the labels applied to components of the instance deployed. Defaults to all the labels included in the `matchLabels` option, and additionally `app.kubernetes.io/version` is set to the version of the blackbox exporter.
+* `_config.blackboxExporter.modules`: the modules available in the blackbox exporter installation, i.e. the types of checks it can perform. The default value includes most of the modules defined in the default blackbox exporter configuration: `http_2xx`, `http_post_2xx`, `tcp_connect`, `pop3s_banner`, `ssh_banner`, and `irc_banner`. `icmp` is omitted so the exporter can be run with minimum privileges, but you can add it back if needed - see the example below. See https://github.com/prometheus/blackbox_exporter/blob/master/CONFIGURATION.md for the configuration format, except you have to use JSON instead of YAML here.
+* `_config.blackboxExporter.privileged`: whether the `blackbox-exporter` container should be running as non-root (`false`) or root with heavily-restricted capability set (`true`). Defaults to `true` if you have any ICMP modules defined (which need the extra permissions) and `false` otherwise.
+
+## Complete example
+
+```jsonnet
+local kp =
+  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  {
+    _config+:: {
+      namespace: 'monitoring',
+      blackboxExporter+:: {
+        modules+:: {
+          icmp: {
+            prober: 'icmp',
+          },
+        },
+      },
+    },
+  };
+
+{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor is separated so that it can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+After installing the generated manifests, you can create `Probe` resources, for example:
+
+```yaml
+kind: Probe
+apiVersion: monitoring.coreos.com/v1
+metadata:
+  name: example-com-website
+  namespace: monitoring
+spec:
+  interval: 60s
+  module: http_2xx
+  prober:
+    url: blackbox-exporter.monitoring.svc.cluster.local:19115
+  targets:
+    staticConfig:
+      static:
+      - http://example.com
+      - https://example.com
+```

docs/community-support.md

@@ -0,0 +1,81 @@
+# Community support
+
+For bugs, you can use the GitHub [issue tracker](https://github.com/prometheus-operator/kube-prometheus/issues/new/choose).
+
+For questions, you can use the GitHub [discussions forum](https://github.com/prometheus-operator/kube-prometheus/discussions).
+
+Many of the `kube-prometheus` project's contributors and users can also be found on the #prometheus-operator channel of the [Kubernetes Slack](https://slack.k8s.io/).
+
+`kube-prometheus` is the aggregation of many projects that all have different
+channels to reach out for help and support. This community strives at
+supporting all users and you should never be afraid of asking us first. However
+if your request relates specifically to one of the projects listed below, it is
+often more efficient to reach out to the project directly. If you are unsure,
+please feel free to open an issue in this repository and we will redirect you
+if applicable.
+
+## prometheus-operator
+
+For documentation, check the project's [documentation directory](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation).
+
+For questions, use the #prometheus-operator channel on the [Kubernetes Slack](https://slack.k8s.io/).
+
+For bugs, use the GitHub [issue tracker](https://github.com/prometheus-operator/prometheus-operator/issues/new/choose).
+
+## Prometheus, Alertmanager, node_exporter
+
+For documentation, check the Prometheus [online docs](https://prometheus.io/docs/). There is a
+[section](https://prometheus.io/docs/introduction/media/) with links to blog
+posts, recorded talks and presentations. This [repository](https://github.com/roaldnefs/awesome-prometheus)
+(not affiliated to the Prometheus project) has also a list of curated resources
+related to the Prometheus ecosystem.
+
+For questions, see the Prometheus [community page](https://prometheus.io/community/) for the various channels.
+
+There is also a #prometheus channel on the [CNCF Slack](https://slack.cncf.io/).
+
+## kube-state-metrics
+
+For documentation, see the project's [docs directory](https://github.com/kubernetes/kube-state-metrics/tree/main/docs).
+
+For questions, use the #kube-state-metrics channel on the [Kubernetes Slack](https://slack.k8s.io/).
+
+For bugs, use the GitHub [issue tracker](https://github.com/kubernetes/kube-state-metrics/issues/new/choose).
+
+## Kubernetes
+
+For documentation, check the [Kubernetes docs](https://kubernetes.io/docs/home/).
+
+For questions, use the [community forums](https://discuss.kubernetes.io/) and the [Kubernetes Slack](https://slack.k8s.io/). Check also the [community page](https://kubernetes.io/community/#discuss).
+
+For bugs, use the GitHub [issue tracker](https://github.com/kubernetes/kubernetes/issues/new/choose).
+
+## Prometheus adapter
+
+For documentation, check the project's [README](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/README.md).
+
+For questions, use the #sig-instrumentation channel on the [Kubernetes Slack](https://slack.k8s.io/).
+
+For bugs, use the GitHub [issue tracker](https://github.com/DirectXMan12/k8s-prometheus-adapter/issues/new).
+
+## Grafana
+
+For documentation, check the [Grafana docs](https://grafana.com/docs/grafana/latest/).
+
+For questions, use the [community forums](https://community.grafana.com/).
+
+For bugs, use the GitHub [issue tracker](https://github.com/grafana/grafana/issues/new/choose).
+
+## kubernetes-mixin
+
+For documentation, check the project's [README](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/README.md).
+
+For questions, use #monitoring-mixins channel on the [Kubernetes Slack](https://slack.k8s.io/).
+
+For bugs, use the GitHub [issue tracker](https://github.com/kubernetes-monitoring/kubernetes-mixin/issues/new).
+
+## Jsonnet
+
+For documentation, check the [Jsonnet](https://jsonnet.org/) website.
+
+For questions, use the [mailing list](https://groups.google.com/forum/#!forum/jsonnet).

docs/customizations/alertmanager-configuration.md

@@ -0,0 +1,40 @@
+### Alertmanager configuration
+
+The Alertmanager configuration is located in the `values.alertmanager.config` configuration field. In order to set a custom Alertmanager configuration simply set this field.
+
+```jsonnet mdox-exec="cat examples/alertmanager-config.jsonnet"
+((import 'kube-prometheus/main.libsonnet') + {
+   values+:: {
+     alertmanager+: {
+       config: |||
+         global:
+           resolve_timeout: 10m
+         route:
+           group_by: ['job']
+           group_wait: 30s
+           group_interval: 5m
+           repeat_interval: 12h
+           receiver: 'null'
+           routes:
+           - match:
+               alertname: Watchdog
+             receiver: 'null'
+         receivers:
+         - name: 'null'
+       |||,
+     },
+   },
+ }).alertmanager.secret
+```
+
+In the above example the configuration has been inlined, but can just as well be an external file imported in jsonnet via the `importstr` function.
+
+```jsonnet mdox-exec="cat examples/alertmanager-config-external.jsonnet"
+((import 'kube-prometheus/main.libsonnet') + {
+   values+:: {
+     alertmanager+: {
+       config: importstr 'alertmanager-config.yaml',
+     },
+   },
+ }).alertmanager.secret
+```

docs/customizations/components-name-namespace-overrides.md

@@ -0,0 +1,56 @@
+### Components' name and namespace overrides
+
+It is possible to override the namespace where kube-prometheus is going to be deployed, like the example below:
+
+```jsonnet
+local kp = (import 'kube-prometheus/main.libsonnet') +
+{
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+};
+```
+
+If prefered, it can be changed individually by component. It is also possible to change the name of Prometheus and Alertmanager Custom Resources, like shown below:
+
+```jsonnet mdox-exec="cat examples/name-namespace-overrides.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           {
+             values+:: {
+               common+: {
+                 namespace: 'monitoring',
+               },
+
+               prometheus+: {
+                 namespace: 'foo',
+                 name: 'bar',
+               },
+
+               alertmanager+: {
+                 namespace: 'bar',
+                 name: 'foo',
+               },
+             },
+           };
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+// Add the restricted psp to setup
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+```

docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md

@@ -0,0 +1,590 @@
+---
+weight: 307
+toc: true
+title: Prometheus Rules and Grafana Dashboards
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you adding Prometheus Rules and Grafana Dashboards on top of kube-prometheus
+images: []
+draft: false
+description: This guide will help you adding Prometheus Rules and Grafana Dashboards on top of kube-prometheus
+---
+
+`kube-prometheus` ships with a set of default [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) and [Grafana](http://grafana.com/) dashboards. At some point one might like to extend them, the purpose of this document is to explain how to do this.
+
+All manifests of kube-prometheus are generated using [jsonnet](https://jsonnet.org/).
+Prometheus rules and Grafana dashboards in specific follow the
+[Prometheus Monitoring Mixins proposal](https://github.com/monitoring-mixins/docs/blob/master/design.pdf).
+
+For both the Prometheus rules and the Grafana dashboards Kubernetes `ConfigMap`s are generated within kube-prometheus. In order to add additional rules and dashboards simply merge them onto the existing json objects. This document illustrates examples for rules as well as dashboards.
+
+As a basis, all examples in this guide are based on the base example of the kube-prometheus [readme](https://github.com/prometheus-operator/kube-prometheus/blob/main/README.md):
+
+```jsonnet mdox-exec="cat example.jsonnet"
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  // Uncomment the following imports to enable its patches
+  // (import 'kube-prometheus/addons/anti-affinity.libsonnet') +
+  // (import 'kube-prometheus/addons/managed-cluster.libsonnet') +
+  // (import 'kube-prometheus/addons/node-ports.libsonnet') +
+  // (import 'kube-prometheus/addons/static-etcd.libsonnet') +
+  // (import 'kube-prometheus/addons/custom-metrics.libsonnet') +
+  // (import 'kube-prometheus/addons/external-metrics.libsonnet') +
+  // (import 'kube-prometheus/addons/pyrra.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+    },
+  };
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// { 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+// { ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+```
+
+## Prometheus rules
+
+### Alerting rules
+
+As per the [Prometheus Monitoring Mixins proposal](https://github.com/monitoring-mixins/docs/blob/master/design.pdf)
+Prometheus alerting rules are under the key `prometheusAlerts` in the top level object.
+Additional alerting rules can be added by merging into the existing object.
+
+The format is exactly the Prometheus format, so there should be no changes necessary should you have existing rules that you want to include.
+
+> Note that alerts can also be included into this file, using the jsonnet `import` function.
+> In this example it is just inlined in order to demonstrate their use in a single file.
+
+```jsonnet mdox-exec="cat examples/prometheus-additional-alert-rule-example.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+  exampleApplication: {
+    prometheusRuleExample: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'PrometheusRule',
+      metadata: {
+        name: 'my-prometheus-rule',
+        namespace: $.values.common.namespace,
+      },
+      spec: {
+        groups: [
+          {
+            name: 'example-group',
+            rules: [
+              {
+                alert: 'ExampleAlert',
+                expr: 'vector(1)',
+                labels: {
+                  severity: 'warning',
+                },
+                annotations: {
+                  description: 'This is an example alert.',
+                },
+              },
+            ],
+          },
+        ],
+      },
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
+```
+
+### Recording rules
+
+In order to add a recording rule, simply do the same with the `prometheusRules` field.
+
+> Note that rules can just as well be included into this file, using the jsonnet `import` function.
+> In this example it is just inlined in order to demonstrate their use in a single file.
+
+```jsonnet mdox-exec="cat examples/prometheus-additional-recording-rule-example.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+  exampleApplication: {
+    prometheusRuleExample: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'PrometheusRule',
+      metadata: {
+        name: 'my-prometheus-rule',
+        namespace: $.values.common.namespace,
+      },
+      spec: {
+        groups: [
+          {
+            name: 'example-group',
+            rules: [
+              {
+                record: 'some_recording_rule_name',
+                expr: 'vector(1)',
+              },
+            ],
+          },
+        ],
+      },
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
+```
+
+### Pre-rendered rules
+
+We acknowledge, that users may need to transition existing rules, and therefore allow an option to add additional pre-rendered rules. Luckily the yaml and json formats are very close so the yaml rules just need to be converted to json without any manual interaction needed. Just a tool to convert yaml to json is needed:
+
+```
+go get -u -v github.com/brancz/gojsontoyaml
+```
+
+And convert the existing rule file:
+
+```
+cat existingrule.yaml | gojsontoyaml -yamltojson > existingrule.json
+```
+
+Then import it in jsonnet:
+
+```jsonnet mdox-exec="cat examples/prometheus-additional-rendered-rule-example.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+  exampleApplication: {
+    prometheusRuleExample: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'PrometheusRule',
+      metadata: {
+        name: 'my-prometheus-rule',
+        namespace: $.values.common.namespace,
+      },
+      spec: {
+        groups: (import 'existingrule.json').groups,
+      },
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
+```
+
+### Changing default rules
+
+Along with adding additional rules, we give the user the option to filter or adjust the existing rules imported by `kube-prometheus/main.libsonnet`.
+The recording rules can be found in [kube-prometheus/components/mixin/rules](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/components/mixin/rules)
+and [kubernetes-mixin/rules](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules).
+The alerting rules can be found in [kube-prometheus/components/mixin/alerts](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/components/mixin/alerts)
+and [kubernetes-mixin/alerts](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/alerts).
+
+Knowing which rules to change, the user can now use functions from the [Jsonnet standard library](https://jsonnet.org/ref/stdlib.html) to make these changes.
+Below are examples of both a filter and an adjustment being made to the default rules.
+These changes can be assigned to a local variable and then added to the `local kp` object as seen in the examples above.
+
+#### Filter
+
+Here the alert `KubeStatefulSetReplicasMismatch` is being filtered out of the group `kubernetes-apps`.
+The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet).
+You first need to find out in which component the rule is defined (here it is kuberentesControlPlane).
+
+```jsonnet
+local filter = {
+  kubernetesControlPlane+: {
+    prometheusRule+: {
+      spec+: {
+        groups: std.map(
+          function(group)
+            if group.name == 'kubernetes-apps' then
+              group {
+                rules: std.filter(
+                  function(rule)
+                    rule.alert != 'KubeStatefulSetReplicasMismatch',
+                  group.rules
+                ),
+              }
+            else
+              group,
+          super.groups
+        ),
+      },
+    },
+  },
+};
+```
+
+#### Adjustment
+
+Here the expression for another alert in the same component is updated from its previous value.
+The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet).
+
+```jsonnet
+local update = {
+  kubernetesControlPlane+: {
+    prometheusRule+: {
+      spec+: {
+        groups: std.map(
+          function(group)
+            if group.name == 'kubernetes-apps' then
+              group {
+                rules: std.map(
+                  function(rule)
+                    if rule.alert == 'KubePodCrashLooping' then
+                      rule {
+                        expr: 'rate(kube_pod_container_status_restarts_total{namespace=kube-system,job="kube-state-metrics"}[10m]) * 60 * 5 > 0',
+                      }
+                    else
+                      rule,
+                  group.rules
+                ),
+              }
+            else
+              group,
+          super.groups
+        ),
+      },
+    },
+  },
+};
+```
+
+Using the example from above about adding in pre-rendered rules, the new local variables can be added in as follows:
+
+```jsonnet
+local add = {
+  exampleApplication:: {
+    prometheusRule+: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'PrometheusRule',
+      metadata: {
+        name: 'example-application-rules',
+        namespace: $.values.common.namespace,
+      },
+      spec: (import 'existingrule.json'),
+    },
+  },
+};
+local kp = (import 'kube-prometheus/main.libsonnet') + filter + update + add;
+local kp = (import 'kube-prometheus/main.libsonnet') +
+            filter +
+            update +
+            add + {
+	      values+:: {
+                common+: {
+                  namespace: 'monitoring',
+                },
+              },
+            };
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +
+{ ['exampleApplication-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
+```
+
+## Dashboards
+
+Dashboards can either be added using jsonnet or simply a pre-rendered json dashboard.
+
+### Jsonnet dashboard
+
+We recommend using the [grafonnet](https://github.com/grafana/grafonnet-lib/) library for jsonnet,
+which gives you a simple DSL to generate Grafana dashboards.
+Following the [Prometheus Monitoring Mixins proposal](https://github.com/monitoring-mixins/docs/blob/master/design.pdf)
+additional dashboards are added to the `grafanaDashboards` key, located in the top level object.
+To add new jsonnet dashboards, simply add one.
+
+> Note that dashboards can just as well be included into this file, using the jsonnet `import` function.
+> In this example it is just inlined in order to demonstrate their use in a single file.
+
+```jsonnet mdox-exec="cat examples/grafana-additional-jsonnet-dashboard-example.jsonnet"
+local grafana = import 'grafonnet/grafana.libsonnet';
+local dashboard = grafana.dashboard;
+local row = grafana.row;
+local prometheus = grafana.prometheus;
+local template = grafana.template;
+local graphPanel = grafana.graphPanel;
+
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+:: {
+      namespace: 'monitoring',
+    },
+    grafana+: {
+      dashboards+:: {
+        'my-dashboard.json':
+          dashboard.new('My Dashboard')
+          .addTemplate(
+            {
+              current: {
+                text: 'Prometheus',
+                value: 'Prometheus',
+              },
+              hide: 0,
+              label: null,
+              name: 'datasource',
+              options: [],
+              query: 'prometheus',
+              refresh: 1,
+              regex: '',
+              type: 'datasource',
+            },
+          )
+          .addRow(
+            row.new()
+            .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource')
+                      .addTarget(prometheus.target('vector(1)')))
+          ),
+      },
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+### Pre-rendered Grafana dashboards
+
+As jsonnet is a superset of json, the jsonnet `import` function can be used to include Grafana dashboard json blobs.
+In this example we are importing a [provided example dashboard](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/example-grafana-dashboard.json).
+
+```jsonnet mdox-exec="cat examples/grafana-additional-rendered-dashboard-example.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+:: {
+      namespace: 'monitoring',
+    },
+    grafana+: {
+      dashboards+:: {  // use this method to import your dashboards to Grafana
+        'my-dashboard.json': (import 'example-grafana-dashboard.json'),
+      },
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+In case you have lots of json dashboard exported out from grafana UI the above approach is going to take lots of time.
+To improve performance we can use `rawDashboards` field and provide it's value as json string by using `importstr`
+
+```jsonnet mdox-exec="cat examples/grafana-additional-rendered-dashboard-example-2.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+:: {
+      namespace: 'monitoring',
+    },
+    grafana+: {
+      rawDashboards+:: {
+        'my-dashboard.json': (importstr 'example-grafana-dashboard.json'),
+      },
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+### Mixins
+
+Kube-prometheus comes with a couple of default mixins as the Kubernetes-mixin and the Node-exporter mixin,
+however there [are many more mixins](https://monitoring.mixins.dev/).
+To use other mixins, kube-prometheus has a jsonnet library for creating a PrometheusRule CRD and Grafana dashboards from a mixin.
+Below is an example of creating a mixin object that has Prometheus rules and Grafana dashboards:
+
+```jsonnet
+// Import the library function for adding mixins
+local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet');
+
+// Create your mixin
+local myMixin = addMixin({
+  name: 'myMixin',
+  mixin: import 'my-mixin/mixin.libsonnet',
+});
+```
+
+The myMixin object will have two objects - `prometheusRules` and `grafanaDashboards`. The `grafanaDashboards` object will be needed to be added to the `dashboards` field as in the example below:
+
+```jsonnet
+values+:: {
+  grafana+:: {
+    dashboards+:: myMixin.grafanaDashboards
+```
+
+The `prometheusRules` object is a PrometheusRule CRD. It should be defined as its own jsonnet object.
+If you define multiple mixins in a single jsonnet object, there is a possibility that they will overwrite each others'
+configuration and there will be unintended effects.
+Therefore, use the `prometheusRules` object as its own jsonnet object:
+
+```jsonnet
+...
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ 'external-mixins/my-mixin-prometheus-rules': myMixin.prometheusRules } // one object for each mixin
+```
+
+As mentioned above each mixin is configurable and you would configure the mixin as in the example below:
+
+```jsonnet
+local myMixin = addMixin({
+  name: 'myMixin',
+  mixin: (import 'my-mixin/mixin.libsonnet') + {
+    _config+:: {
+      myMixinSelector: 'my-selector',
+      interval: '30d', // example
+    },
+  },
+});
+```
+
+The library has also two optional parameters - the namespace for the `PrometheusRule` CRD and the dashboard folder for the Grafana dashboards.
+The below example shows how to use both:
+
+```jsonnet
+local myMixin = addMixin({
+  name: 'myMixin',
+  namespace: 'prometheus', // default is monitoring
+  dashboardFolder: 'Observability',
+  mixin: (import 'my-mixin/mixin.libsonnet') + {
+    _config+:: {
+      myMixinSelector: 'my-selector',
+      interval: '30d', // example
+    },
+  },
+});
+```
+
+The created `prometheusRules` object will have the metadata field `namespace` added and the usage will remain the same.
+However, the `grafanaDasboards` will be added to the `folderDashboards` field instead of the `dashboards` field as shown in the example below:
+
+```jsonnet
+values+:: {
+  grafana+:: {
+    folderDashboards+:: {
+        Kubernetes: {
+            ...
+        },
+        Misc: {
+            'grafana-home.json': import 'dashboards/misc/grafana-home.json',
+        },
+    } + myMixin.grafanaDashboards
+```
+
+Full example of including etcd mixin using method described above:
+
+```jsonnet mdox-exec="cat examples/mixin-inclusion.jsonnet"
+local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet');
+local etcdMixin = addMixin({
+  name: 'etcd',
+  mixin: (import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + {
+    _config+: {},  // mixin configuration object
+  },
+});
+
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           {
+             values+:: {
+               common+: {
+                 namespace: 'monitoring',
+               },
+               grafana+: {
+                 // Adding new dashboard to grafana. This will modify grafana configMap with dashboards
+                 dashboards+: etcdMixin.grafanaDashboards,
+               },
+             },
+           };
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+// Rendering prometheusRules object. This is an object compatible with prometheus-operator CRD definition for prometheusRule
+{ 'external-mixins/etcd-mixin-prometheus-rules': etcdMixin.prometheusRules }
+```

docs/customizations/dropping-unwanted-dashboards.md

@@ -0,0 +1,41 @@
+### Dropping unwanted dashboards
+
+When deploying kube-prometheus, your Grafana instance is deployed with a lot of dashboards by default. All those dashboards are comming from upstream projects like [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin), [prometheus-mixin](https://github.com/prometheus/prometheus/tree/main/documentation/prometheus-mixin) and [node-exporter-mixin](https://github.com/prometheus/node_exporter/tree/master/docs/node-mixin), among others.
+
+In case you find out that you don't need some of them, you can choose to remove those dashboards like in the example below, which removes the [`alertmanager-overview.json`](https://github.com/prometheus/alertmanager/blob/main/doc/alertmanager-mixin/dashboards/overview.libsonnet) dashboard.
+
+```jsonnet mdox-exec="cat examples/drop-dashboards.jsonnet"
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+      grafana+: {
+        dashboards: std.mergePatch(super.dashboards, {
+          // Add more unwanted dashboards here
+          'alertmanager-overview.json': null,
+        }),
+      },
+    },
+  };
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+```

docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md

@@ -1,12 +1,23 @@
-# Exposing Prometheus, Alertmanager and Grafana UIs via Ingress
+---
+weight: 303
+toc: true
+title: Expose via Ingress
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you deploying a Kubernetes Ingress to expose Prometheus, Alertmanager and Grafana.
+images: []
+draft: false
+description: This guide will help you deploying a Kubernetes Ingress to expose Prometheus, Alertmanager and Grafana.
+---
 
-In order to access the web interfaces via the Internet [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a popular option. This guide explains, how Kubernetes Ingress can be setup, in order to expose the Prometheus, Alertmanager and Grafana UIs, that are included in the [kube-prometheus](https://github.com/coreos/kube-prometheus) project.
+In order to access the web interfaces via the Internet [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a popular option. This guide explains, how Kubernetes Ingress can be setup, in order to expose the Prometheus, Alertmanager and Grafana UIs, that are included in the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.
 
-Note: before continuing, it is recommended to first get familiar with the [kube-prometheus](https://github.com/coreos/kube-prometheus) stack by itself.
+Note: before continuing, it is recommended to first get familiar with the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) stack by itself.
 
 ## Prerequisites
 
-Apart from a running Kubernetes cluster with a running [kube-prometheus](https://github.com/coreos/kube-prometheus) stack, a Kubernetes Ingress controller must be installed and functional. This guide was tested with the [nginx-ingress-controller](https://github.com/kubernetes/ingress-nginx). If you wish to reproduce the exact result in as depicted in this guide we recommend using the nginx-ingress-controller.
+Apart from a running Kubernetes cluster with a running [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) stack, a Kubernetes Ingress controller must be installed and functional. This guide was tested with the [nginx-ingress-controller](https://github.com/kubernetes/ingress-nginx). If you wish to reproduce the exact result in as depicted in this guide we recommend using the nginx-ingress-controller.
 
 ## Setting up Ingress
 
@@ -27,13 +38,6 @@ In order to use this a secret needs to be created containing the name of the `ht
 Also, the applications provide external links to themselves in alerts and various places. When an ingress is used in front of the applications these links need to be based on the external URL's. This can be configured for each application in jsonnet.
 
 ```jsonnet
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
-local secret = k.core.v1.secret;
-local ingress = k.extensions.v1beta1.ingress;
-local ingressTls = ingress.mixin.spec.tlsType;
-local ingressRule = ingress.mixin.spec.rulesType;
-local httpIngressPath = ingressRule.mixin.http.pathsType;
-
 local kp =
   (import 'kube-prometheus/kube-prometheus.libsonnet') +
   {
@@ -48,30 +52,46 @@ local kp =
       },
     },
     ingress+:: {
-      'prometheus-k8s':
-        ingress.new() +
-        ingress.mixin.metadata.withName($.prometheus.prometheus.metadata.name) +
-        ingress.mixin.metadata.withNamespace($.prometheus.prometheus.metadata.namespace) +
-        ingress.mixin.metadata.withAnnotations({
-          'nginx.ingress.kubernetes.io/auth-type': 'basic',
-          'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
-          'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
-        }) +
-        ingress.mixin.spec.withRules(
-          ingressRule.new() +
-          ingressRule.withHost('prometheus.example.com') +
-          ingressRule.mixin.http.withPaths(
-            httpIngressPath.new() +
-            httpIngressPath.mixin.backend.withServiceName($.prometheus.service.metadata.name) +
-            httpIngressPath.mixin.backend.withServicePort('web')
-          ),
-        ),
+      'prometheus-k8s': {
+        apiVersion: 'networking.k8s.io/v1',
+        kind: 'Ingress',
+        metadata: {
+          name: $.prometheus.prometheus.metadata.name,
+          namespace: $.prometheus.prometheus.metadata.namespace,
+          annotations: {
+            'nginx.ingress.kubernetes.io/auth-type': 'basic',
+            'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
+            'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
+          },
+        },
+        spec: {
+          rules: [{
+            host: 'prometheus.example.com',
+            http: {
+              paths: [{
+                backend: {
+                  service: {
+                    name: $.prometheus.service.metadata.name,
+                    port: 'web',
+                  },
+                },
+              }],
+            },
+          }],
+        },
     },
   } + {
     ingress+:: {
-      'basic-auth-secret':
-        secret.new('basic-auth', { auth: std.base64(importstr 'auth') }) +
-        secret.mixin.metadata.withNamespace($._config.namespace),
+      'basic-auth-secret': {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: 'basic-auth',
+          namespace: $._config.namespace,
+        },
+        data: { auth: std.base64(importstr 'auth') },
+        type: 'Opaque',
+      },
     },
   };
 
@@ -81,11 +101,11 @@ k.core.v1.list.new([
 ])
 ```
 
-In order to expose Alertmanager and Grafana, simply create additional fields containing an ingress object, but simply pointing at the `alertmanager` or `grafana` instead of the `prometheus-k8s` Service. Make sure to also use the correct port respectively, for Alertmanager it is also `web`, for Grafana it is `http`. Be sure to also specify the appropriate external URL. Note that the external URL for grafana is set in a different way than the external URL for Prometheus or Alertmanager. See [ingress.jsonnet](../examples/ingress.jsonnet) for how to set the Grafana external URL.
+In order to expose Alertmanager and Grafana, simply create additional fields containing an ingress object, but simply pointing at the `alertmanager` or `grafana` instead of the `prometheus-k8s` Service. Make sure to also use the correct port respectively, for Alertmanager it is also `web`, for Grafana it is `http`. Be sure to also specify the appropriate external URL. Note that the external URL for grafana is set in a different way than the external URL for Prometheus or Alertmanager. See [ingress.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/ingress.jsonnet) for how to set the Grafana external URL.
 
-In order to render the ingress objects similar to the other objects use as demonstrated in the [main readme](../README.md#usage):
+In order to render the ingress objects similar to the other objects use as demonstrated in the [main readme](https://github.com/prometheus-operator/kube-prometheus/tree/main/README.md):
 
-```
+```jsonnet
 { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
 { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
 { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
@@ -98,4 +118,36 @@ In order to render the ingress objects similar to the other objects use as demon
 
 Note, that in comparison only the last line was added, the rest is identical to the original.
 
-See [ingress.jsonnet](../examples/ingress.jsonnet) for an example implementation.
+See [ingress.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/ingress.jsonnet) for an example implementation.
+
+## Adding Ingress namespace to NetworkPolicies
+
+NetworkPolicies restricting access to the components are added by default. These can either be removed as in
+[networkpolicies-disabled.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/networkpolicies-disabled.jsonnet) or modified as
+described here.
+
+This is an example for grafana, but the same can be applied to alertmanager and prometheus.
+
+```jsonnet
+{
+  alertmanager+:: {
+    networkPolicy+: {
+      spec+: {
+        ingress: [
+          super.ingress[0] + {
+            from+: [
+              {
+                namespaceSelector: {
+                  matchLabels: {
+                    'app.kubernetes.io/name': 'ingress-nginx',
+                  },
+                },
+              },
+            ],
+          },
+        ] + super.ingress[1:],
+      },
+    },
+  },
+}
+```

docs/customizations/monitoring-additional-namespaces.md

@@ -0,0 +1,81 @@
+### Monitoring additional namespaces
+
+In order to monitor additional namespaces, the Prometheus server requires the appropriate `Role` and `RoleBinding` to be able to discover targets from that namespace. By default the Prometheus server is limited to the three namespaces it requires: default, kube-system and the namespace you configure the stack to run in via `$.values.namespace`. This is specified in `$.values.prometheus.namespaces`, to add new namespaces to monitor, simply append the additional namespaces:
+
+```jsonnet mdox-exec="cat examples/additional-namespaces.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+
+    prometheus+: {
+      namespaces+: ['my-namespace', 'my-second-namespace'],
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+#### Defining the ServiceMonitor for each additional Namespace
+
+In order to Prometheus be able to discovery and scrape services inside the additional namespaces specified in previous step you need to define a ServiceMonitor resource.
+
+> Typically it is up to the users of a namespace to provision the ServiceMonitor resource, but in case you want to generate it with the same tooling as the rest of the cluster monitoring infrastructure, this is a guide on how to achieve this.
+
+You can define ServiceMonitor resources in your `jsonnet` spec. See the snippet bellow:
+
+```jsonnet mdox-exec="cat examples/additional-namespaces-servicemonitor.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+    prometheus+:: {
+      namespaces+: ['my-namespace', 'my-second-namespace'],
+    },
+  },
+  exampleApplication: {
+    serviceMonitorMyNamespace: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'ServiceMonitor',
+      metadata: {
+        name: 'my-servicemonitor',
+        namespace: 'my-namespace',
+      },
+      spec: {
+        jobLabel: 'app',
+        endpoints: [
+          {
+            port: 'http-metrics',
+          },
+        ],
+        selector: {
+          matchLabels: {
+            'app.kubernetes.io/name': 'myapp',
+          },
+        },
+      },
+    },
+  },
+
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
+```
+
+> NOTE: make sure your service resources have the right labels (eg. `'app': 'myapp'`) applied. Prometheus uses kubernetes labels to discover resources inside the namespaces.

docs/customizations/monitoring-all-namespaces.md

@@ -0,0 +1,29 @@
+### Monitoring all namespaces
+
+In case you want to monitor all namespaces in a cluster, you can add the following mixin. Also, make sure to empty the namespaces defined in prometheus so that roleBindings are not created against them.
+
+```jsonnet mdox-exec="cat examples/all-namespaces.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/all-namespaces.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+    prometheus+: {
+      namespaces: [],
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+> NOTE: This configuration can potentially make your cluster insecure especially in a multi-tenant cluster. This is because this gives Prometheus visibility over the whole cluster which might not be expected in a scenario when certain namespaces are locked down for security reasons.
+
+Proceed with [creating ServiceMonitors for the services in the namespaces](monitoring-additional-namespaces.md#defining-the-servicemonitor-for-each-additional-namespace) you actually want to monitor

docs/customizations/node-ports.md

@@ -0,0 +1,8 @@
+### NodePorts
+
+Another mixin that may be useful for exploring the stack is to expose the UIs of Prometheus, Alertmanager and Grafana on NodePorts:
+
+```jsonnet mdox-exec="cat examples/jsonnet-snippets/node-ports.jsonnet"
+(import 'kube-prometheus/main.libsonnet') +
+(import 'kube-prometheus/addons/node-ports.libsonnet')
+```

docs/customizations/platform-specific.md

@@ -0,0 +1,25 @@
+### Running kube-prometheus on specific platforms
+
+A common example is that not all Kubernetes clusters are created exactly the same way, meaning the configuration to monitor them may be slightly different. For the following clusters there are mixins available to easily configure them:
+
+* aws
+* bootkube
+* eks
+* gke
+* kops
+* kops_coredns
+* kubeadm
+* kubespray
+
+These mixins are selectable via the `platform` field of kubePrometheus:
+
+```jsonnet mdox-exec="cat examples/jsonnet-snippets/platform.jsonnet"
+(import 'kube-prometheus/main.libsonnet') +
+{
+  values+:: {
+    common+: {
+      platform: 'example-platform',
+    },
+  },
+}
+```

docs/customizations/pod-anti-affinity.md

@@ -0,0 +1,23 @@
+### Pod Anti-Affinity
+
+To prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when
+possible, one can include the [kube-prometheus-anti-affinity.libsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet) mixin:
+
+```jsonnet mdox-exec="cat examples/anti-affinity.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/anti-affinity.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```

docs/customizations/prometheus-agent.md

@@ -0,0 +1,61 @@
+### Prometheus-agent mode
+
+***ATTENTION***: Although it is possible to run Prometheus in Agent mode with Prometheus-Operator, it requires strategic merge patches. This practice is not recommended and we do not provide support if Prometheus doesn't work as you expect. **Try it at your own risk!**
+
+```jsonnet mdox-exec="cat examples/prometheus-agent.jsonnet"
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+      prometheus+: {
+        resources: {
+          requests: { memory: '100Mi' },
+        },
+        enableFeatures: ['agent'],
+      },
+    },
+    prometheus+: {
+      prometheus+: {
+        spec+: {
+          replicas: 1,
+          alerting:: {},
+          ruleSelector:: {},
+          remoteWrite: [{
+            url: 'http://remote-write-url.com',
+          }],
+          containers+: [
+            {
+              name: 'prometheus',
+              args+: [
+                '--config.file=/etc/prometheus/config_out/prometheus.env.yaml',
+                '--storage.agent.path=/prometheus',
+                '--enable-feature=agent',
+                '--web.enable-lifecycle',
+              ],
+            },
+          ],
+        },
+      },
+    },
+  };
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+```

docs/customizations/static-etcd-configuration.md

@@ -0,0 +1,66 @@
+### Static etcd configuration
+
+In order to configure a static etcd cluster to scrape there is a simple [static-etcd.libsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet) mixin prepared.
+
+An example of how to use it can be seen below:
+
+```jsonnet mdox-exec="cat examples/etcd.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/static-etcd.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+
+    etcd+: {
+      // Configure this to be the IP(s) to scrape - i.e. your etcd node(s) (use commas to separate multiple values).
+      ips: ['127.0.0.1'],
+
+      // Reference info:
+      //  * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec (has endpoints)
+      //  * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint (has tlsConfig)
+      //  * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig (has: caFile, certFile, keyFile, serverName, & insecureSkipVerify)
+
+      // Set these three variables to the fully qualified directory path on your work machine to the certificate files that are valid to scrape etcd metrics with (check the apiserver container).
+      // Most likely these certificates are generated somewhere in an infrastructure repository, so using the jsonnet `importstr` function can
+      // be useful here. (Kube-aws stores these three files inside the credential folder.)
+      // All the sensitive information on the certificates will end up in a Kubernetes Secret.
+      clientCA: importstr 'etcd-client-ca.crt',
+      clientKey: importstr 'etcd-client.key',
+      clientCert: importstr 'etcd-client.crt',
+
+      // Note that you should specify a value EITHER for 'serverName' OR for 'insecureSkipVerify'. (Don't specify a value for both of them, and don't specify a value for neither of them.)
+      // * Specifying serverName: Ideally you should provide a valid value for serverName (and then insecureSkipVerify should be left as false - so that serverName gets used).
+      // * Specifying insecureSkipVerify: insecureSkipVerify is only to be used (i.e. set to true) if you cannot (based on how your etcd certificates were created) use a Subject Alternative Name.
+      // * If you specify a value:
+      //     ** for both of these variables: When 'insecureSkipVerify: true' is specified, then also specifying a value for serverName won't hurt anything but it will be ignored.
+      //     ** for neither of these variables: then you'll get authentication errors on the prom '/targets' page with your etcd targets.
+
+      // A valid name (DNS or Subject Alternative Name) that the client (i.e. prometheus) will use to verify the etcd TLS certificate.
+      //  * Note that doing `nslookup etcd.kube-system.svc.cluster.local` (on a pod in a K8s cluster where kube-prometheus has been installed) shows that kube-prometheus sets up this hostname.
+      //  * `openssl x509 -noout -text -in etcd-client.pem` will print the Subject Alternative Names.
+      serverName: 'etcd.kube-system.svc.cluster.local',
+
+      // When insecureSkipVerify isn't specified, the default value is "false".
+      //insecureSkipVerify: true,
+
+      // In case you have generated the etcd certificate with kube-aws:
+      //  * If you only have one etcd node, you can use the value from 'etcd.internalDomainName' (specified in your kube-aws cluster.yaml) as the value for 'serverName'.
+      //  * But if you have multiple etcd nodes, you will need to use 'insecureSkipVerify: true' (if using default certificate generators method), as the valid certificate domain
+      //    will be different for each etcd node. (kube-aws default certificates are not valid against the IP - they were created for the DNS.)
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```
+
+If you'd like to monitor an etcd instance that lives outside the cluster, see [Monitoring external etcd](../monitoring-external-etcd.md) for more information.
+
+> Note that monitoring etcd in minikube is currently not possible because of how etcd is setup. (minikube's etcd binds to 127.0.0.1:2379 only, and within host networking namespace.)

docs/customizations/strip-limits.md

@@ -0,0 +1,23 @@
+### Stripping container resource limits
+
+Sometimes in small clusters, the CPU/memory limits can get high enough for alerts to be fired continuously. To prevent this, one can strip off the predefined limits.
+To do that, one can import the following mixin
+
+```jsonnet mdox-exec="cat examples/strip-limits.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/strip-limits.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```

docs/customizations/using-custom-container-registry.md

@@ -0,0 +1,39 @@
+### Internal Registry
+
+Some Kubernetes installations source all their images from an internal registry. kube-prometheus supports this use case and helps the user synchronize every image it uses to the internal registry and generate manifests pointing at the internal registry.
+
+To produce the `docker pull/tag/push` commands that will synchronize upstream images to `internal-registry.com/organization` (after having run the `jb` command to populate the vendor directory):
+
+```shell
+$ jsonnet -J vendor -S --tla-str repository=internal-registry.com/organization examples/sync-to-internal-registry.jsonnet
+$ docker pull k8s.gcr.io/addon-resizer:1.8.4
+$ docker tag k8s.gcr.io/addon-resizer:1.8.4 internal-registry.com/organization/addon-resizer:1.8.4
+$ docker push internal-registry.com/organization/addon-resizer:1.8.4
+$ docker pull quay.io/prometheus/alertmanager:v0.16.2
+$ docker tag quay.io/prometheus/alertmanager:v0.16.2 internal-registry.com/organization/alertmanager:v0.16.2
+$ docker push internal-registry.com/organization/alertmanager:v0.16.2
+...
+```
+
+The output of this command can be piped to a shell to be executed by appending `| sh`.
+
+Then to generate manifests with `internal-registry.com/organization`, use the `withImageRepository` mixin:
+
+```jsonnet mdox-exec="cat examples/internal-registry.jsonnet"
+local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet';
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+} + mixin.withImageRepository('internal-registry.com/organization');
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+```

docs/customizing.md

@@ -0,0 +1,169 @@
+# Customizing Kube-Prometheus
+
+This section:
+* describes how to customize the kube-prometheus library via compiling the kube-prometheus manifests yourself (as an alternative to the [README.md quickstart section](../README.md#quickstart)).
+* still doesn't require you to make a copy of this entire repository, but rather only a copy of a few select files.
+
+## Installing
+
+The content of this project consists of a set of [jsonnet](http://jsonnet.org/) files making up a library to be consumed.
+
+Install this library in your own project with [jsonnet-bundler](https://github.com/jsonnet-bundler/jsonnet-bundler#install) (the jsonnet package manager):
+
+```shell
+$ mkdir my-kube-prometheus; cd my-kube-prometheus
+$ jb init  # Creates the initial/empty `jsonnetfile.json`
+# Install the kube-prometheus dependency
+$ jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json`
+
+$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/example.jsonnet -O example.jsonnet
+$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/build.sh -O build.sh
+```
+
+> `jb` can be installed with `go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest`
+
+> An e.g. of how to install a given version of this library: `jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main`
+
+In order to update the kube-prometheus dependency, simply use the jsonnet-bundler update functionality:
+
+```shell
+$ jb update
+```
+
+## Generating
+
+e.g. of how to compile the manifests: `./build.sh example.jsonnet`
+
+> before compiling, install `gojsontoyaml` tool with `go install github.com/brancz/gojsontoyaml@latest` and `jsonnet` with `go install github.com/google/go-jsonnet/cmd/jsonnet@latest`
+
+Here's [example.jsonnet](../example.jsonnet):
+
+> Note: some of the following components must be configured beforehand. See [configuration](#configuring) and [customization-examples](customizations).
+
+```jsonnet mdox-exec="cat example.jsonnet"
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  // Uncomment the following imports to enable its patches
+  // (import 'kube-prometheus/addons/anti-affinity.libsonnet') +
+  // (import 'kube-prometheus/addons/managed-cluster.libsonnet') +
+  // (import 'kube-prometheus/addons/node-ports.libsonnet') +
+  // (import 'kube-prometheus/addons/static-etcd.libsonnet') +
+  // (import 'kube-prometheus/addons/custom-metrics.libsonnet') +
+  // (import 'kube-prometheus/addons/external-metrics.libsonnet') +
+  // (import 'kube-prometheus/addons/pyrra.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+    },
+  };
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// { 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+// { ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+```
+
+And here's the [build.sh](../build.sh) script (which uses `vendor/` to render all manifests in a json structure of `{filename: manifest-content}`):
+
+```sh mdox-exec="cat ./build.sh"
+#!/usr/bin/env bash
+
+# This script uses arg $1 (name of *.jsonnet file to use) to generate the manifests/*.yaml files.
+
+set -e
+set -x
+# only exit with zero if all commands of the pipeline exit successfully
+set -o pipefail
+
+# Make sure to use project tooling
+PATH="$(pwd)/tmp/bin:${PATH}"
+
+# Make sure to start with a clean 'manifests' dir
+rm -rf manifests
+mkdir -p manifests/setup
+
+# Calling gojsontoyaml is optional, but we would like to generate yaml, not json
+jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml' -- {}
+
+# Make sure to remove json files
+find manifests -type f ! -name '*.yaml' -delete
+rm -f kustomization
+
+```
+
+> Note you need `jsonnet` (`go install github.com/google/go-jsonnet/cmd/jsonnet@latest`) and `gojsontoyaml` (`go install github.com/brancz/gojsontoyaml@latest`) installed to run `build.sh`. If you just want json output, not yaml, then you can skip the pipe and everything afterwards.
+
+This script runs the jsonnet code, then reads each key of the generated json and uses that as the file name, and writes the value of that key to that file, and converts each json manifest to yaml.
+
+## Configuring
+
+Jsonnet has the concept of hidden fields. These are fields, that are not going to be rendered in a result. This is used to configure the kube-prometheus components in jsonnet. In the example jsonnet code of the above [Generating section](#generating), you can see an example of this, where the `namespace` is being configured to be `monitoring`. In order to not override the whole object, use the `+::` construct of jsonnet, to merge objects, this way you can override individual settings, but retain all other settings and defaults.
+
+The available fields and their default values can be seen in [main.libsonnet](../jsonnet/kube-prometheus/main.libsonnet). Note that many of the fields get their default values from variables, and for example the version numbers are imported from [versions.json](../jsonnet/kube-prometheus/versions.json).
+
+Configuration is mainly done in the `values` map. You can see this being used in the `example.jsonnet` to set the namespace to `monitoring`. This is done in the `common` field, which all other components take their default value from. See for example how Alertmanager is configured in `main.libsonnet`:
+
+```
+    alertmanager: {
+      name: 'main',
+      // Use the namespace specified under values.common by default.
+      namespace: $.values.common.namespace,
+      version: $.values.common.versions.alertmanager,
+      image: $.values.common.images.alertmanager,
+      mixin+: { ruleLabels: $.values.common.ruleLabels },
+    },
+```
+
+The grafana definition is located in a different project (https://github.com/brancz/kubernetes-grafana ), but needed configuration can be customized from the same top level `values` field. For example to allow anonymous access to grafana, add the following `values` section:
+
+```
+      grafana+:: {
+        config: { // http://docs.grafana.org/installation/configuration/
+          sections: {
+            "auth.anonymous": {enabled: true},
+          },
+        },
+      },
+```
+
+## Apply the kube-prometheus stack
+
+The previous generation step has created a bunch of manifest files in the manifest/ folder.
+Now simply use `kubectl` to install Prometheus and Grafana as per your configuration:
+
+```shell
+# Update the namespace and CRDs, and then wait for them to be available before creating the remaining resources
+$ kubectl apply --server-side -f manifests/setup
+$ kubectl apply -f manifests/
+```
+
+> Note that due to some CRD size we are using kubeclt server-side apply feature which is generally available since
+> kubernetes 1.22. If you are using previous kubernetes versions this feature may not be available and you would need to
+> use `kubectl create` instead.
+
+Alternatively, the resources in both folders can be applied with a single command
+`kubectl apply --server-side -Rf manifests`, but it may be necessary to run the command multiple times for all components to
+be created successfully.
+
+Check the monitoring namespace (or the namespace you have specific in `namespace: `) and make sure the pods are running. Prometheus and Grafana should be up and running soon.
+
+## Minikube Example
+
+To use an easy to reproduce example, see [minikube.jsonnet](../examples/minikube.jsonnet), which uses the minikube setup as demonstrated in [Prerequisites](../README.md#prerequisites). Because we would like easy access to our Prometheus, Alertmanager and Grafana UIs, `minikube.jsonnet` exposes the services as NodePort type services.

docs/deploy-kind.md

@@ -0,0 +1,16 @@
+---
+weight: 301
+toc: true
+title: Deploy to kind
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you deploying kube-prometheus on Kubernetes kind.
+images: []
+draft: false
+description: This guide will help you deploying kube-prometheus on Kubernetes kind.
+---
+
+Time to explain how!
+
+Your chance of [**contributing**](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/deploy-kind.md)!

docs/developing-prometheus-rules-and-grafana-dashboards.md

@@ -1,333 +0,0 @@
-# Developing Prometheus Rules and Grafana Dashboards
-
-`kube-prometheus` ships with a set of default [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) and [Grafana](http://grafana.com/) dashboards. At some point one might like to extend them, the purpose of this document is to explain how to do this.
-
-All manifests of kube-prometheus are generated using [jsonnet](https://jsonnet.org/) and Prometheus rules and Grafana dashboards in specific follow the [Prometheus Monitoring Mixins proposal](https://docs.google.com/document/d/1A9xvzwqnFVSOZ5fD3blKODXfsat5fg6ZhnKu9LK3lB4/).
-
-For both the Prometheus rules and the Grafana dashboards Kubernetes `ConfigMap`s are generated within kube-prometheus. In order to add additional rules and dashboards simply merge them onto the existing json objects. This document illustrates examples for rules as well as dashboards.
-
-As a basis, all examples in this guide are based on the base example of the kube-prometheus [readme](../README.md):
-
-[embedmd]:# (../example.jsonnet)
-```jsonnet
-local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') +
-  // Uncomment the following imports to enable its patches
-  // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
-  {
-    _config+:: {
-      namespace: 'monitoring',
-    },
-  };
-
-{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{
-  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
-  for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
-} +
-// serviceMonitor is separated so that it can be created after the CRDs are ready
-{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-## Prometheus rules
-
-### Alerting rules
-
-According to the [Prometheus Monitoring Mixins proposal](https://docs.google.com/document/d/1A9xvzwqnFVSOZ5fD3blKODXfsat5fg6ZhnKu9LK3lB4/) Prometheus alerting rules are under the key `prometheusAlerts` in the top level object, so in order to add an additional alerting rule, we can simply merge an extra rule into the existing object.
-
-The format is exactly the Prometheus format, so there should be no changes necessary should you have existing rules that you want to include.
-
-> Note that alerts can just as well be included into this file, using the jsonnet `import` function. In this example it is just inlined in order to demonstrate their use in a single file.
-
-[embedmd]:# (../examples/prometheus-additional-alert-rule-example.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  prometheusAlerts+:: {
-    groups+: [
-      {
-        name: 'example-group',
-        rules: [
-          {
-            alert: 'Watchdog',
-            expr: 'vector(1)',
-            labels: {
-              severity: 'none',
-            },
-            annotations: {
-              description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.',
-            },
-          },
-        ],
-      },
-    ],
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-### Recording rules
-
-In order to add a recording rule, simply do the same with the `prometheusRules` field.
-
-> Note that rules can just as well be included into this file, using the jsonnet `import` function. In this example it is just inlined in order to demonstrate their use in a single file.
-
-[embedmd]:# (../examples/prometheus-additional-recording-rule-example.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  prometheusRules+:: {
-    groups+: [
-      {
-        name: 'example-group',
-        rules: [
-          {
-            record: 'some_recording_rule_name',
-            expr: 'vector(1)',
-          },
-        ],
-      },
-    ],
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-### Pre-rendered rules
-
-We acknowledge, that users may need to transition existing rules, and therefore allow an option to add additional pre-rendered rules. Luckily the yaml and json formats are very close so the yaml rules just need to be converted to json without any manual interaction needed. Just a tool to convert yaml to json is needed:
-
-```
-go get -u -v github.com/brancz/gojsontoyaml
-```
-
-And convert the existing rule file:
-
-```
-cat existingrule.yaml | gojsontoyaml -yamltojson > existingrule.json
-```
-
-Then import it in jsonnet:
-
-[embedmd]:# (../examples/prometheus-additional-rendered-rule-example.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  prometheusAlerts+:: {
-    groups+: (import 'existingrule.json').groups,
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-### Changing default rules
-
-Along with adding additional rules, we give the user the option to filter or adjust the existing rules imported by `kube-prometheus/kube-prometheus.libsonnet`. The recording rules can be found in [kube-prometheus/rules](../jsonnet/kube-prometheus/rules) and [kubernetes-mixin/rules](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules) while the alerting rules can be found in [kube-prometheus/alerts](../jsonnet/kube-prometheus/alerts) and [kubernetes-mixin/alerts](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/alerts).
-
-Knowing which rules to change, the user can now use functions from the [Jsonnet standard library](https://jsonnet.org/ref/stdlib.html) to make these changes. Below are examples of both a filter and an adjustment being made to the default rules. These changes can be assigned to a local variable and then added to the `local kp` object as seen in the examples above.  
-
-#### Filter
-Here the alert `KubeStatefulSetReplicasMismatch` is being filtered out of the group `kubernetes-apps`. The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet).
-```jsonnet
-local filter = {
-  prometheusAlerts+:: {
-    groups: std.map(
-      function(group)
-        if group.name == 'kubernetes-apps' then
-          group {
-            rules: std.filter(function(rule)
-              rule.alert != "KubeStatefulSetReplicasMismatch",
-              group.rules
-            )
-          }
-        else
-          group,
-      super.groups
-    ),
-  },
-};
-```
-#### Adjustment
-Here the expression for the alert used above is updated from its previous value. The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet).
-```jsonnet
-local update = {
-  prometheusAlerts+:: {
-    groups: std.map(
-      function(group)
-        if group.name == 'kubernetes-apps' then
-          group {
-            rules: std.map(
-              function(rule)
-                if rule.alert == "KubeStatefulSetReplicasMismatch" then
-                  rule {
-                    expr: "kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\",statefulset!=\"vault\"} != kube_statefulset_status_replicas{job=\"kube-state-metrics\",statefulset!=\"vault\"}"
-                  }
-                else
-                  rule,
-                group.rules
-            )
-          }
-        else
-          group,
-      super.groups
-    ),
-  },
-};
-```
-Using the example from above about adding in pre-rendered rules, the new local vaiables can be added in as follows:
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + filter + update + {
-    prometheusAlerts+:: (import 'existingrule.json'),
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-``` 
-## Dashboards
-
-Dashboards can either be added using jsonnet or simply a pre-rendered json dashboard.
-
-### Jsonnet dashboard
-
-We recommend using the [grafonnet](https://github.com/grafana/grafonnet-lib/) library for jsonnet, which gives you a simple DSL to generate Grafana dashboards. Following the [Prometheus Monitoring Mixins proposal](https://docs.google.com/document/d/1A9xvzwqnFVSOZ5fD3blKODXfsat5fg6ZhnKu9LK3lB4/) additional dashboards are added to the `grafanaDashboards` key, located in the top level object. To add new jsonnet dashboards, simply add one.
-
-> Note that dashboards can just as well be included into this file, using the jsonnet `import` function. In this example it is just inlined in order to demonstrate their use in a single file.
-
-[embedmd]:# (../examples/grafana-additional-jsonnet-dashboard-example.jsonnet)
-```jsonnet
-local grafana = import 'grafonnet/grafana.libsonnet';
-local dashboard = grafana.dashboard;
-local row = grafana.row;
-local prometheus = grafana.prometheus;
-local template = grafana.template;
-local graphPanel = grafana.graphPanel;
-
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  grafanaDashboards+:: {
-    'my-dashboard.json':
-      dashboard.new('My Dashboard')
-      .addTemplate(
-        {
-          current: {
-            text: 'Prometheus',
-            value: 'Prometheus',
-          },
-          hide: 0,
-          label: null,
-          name: 'datasource',
-          options: [],
-          query: 'prometheus',
-          refresh: 1,
-          regex: '',
-          type: 'datasource',
-        },
-      )
-      .addRow(
-        row.new()
-        .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource')
-                  .addTarget(prometheus.target('vector(1)')))
-      ),
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-### Pre-rendered Grafana dashboards
-
-As jsonnet is a superset of json, the jsonnet `import` function can be used to include Grafana dashboard json blobs. In this example we are importing a [provided example dashboard](../examples/example-grafana-dashboard.json).
-
-[embedmd]:# (../examples/grafana-additional-rendered-dashboard-example.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  grafanaDashboards+:: {
-    'my-dashboard.json': (import 'example-grafana-dashboard.json'),
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```
-
-Incase you have lots of json dashboard exported out from grafan UI the above approch is going to take lots of time. to improve performance we can use `rawGrafanaDashboards` field and provide it's value as json string by using importstr
-[embedmd]:# (../examples/grafana-additional-rendered-dashboard-example-2.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  rawGrafanaDashboards+:: {
-    'my-dashboard.json': (importstr 'example-grafana-dashboard.json'),
-  },
-};
-
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
-```

docs/kube-prometheus-on-kubeadm.md

@@ -1,70 +1,60 @@
-<br>
-<div class="alert alert-info" role="alert">
-    <i class="fa fa-exclamation-triangle"></i><b> Note:</b> Starting with v0.12.0, Prometheus Operator requires use of Kubernetes v1.7.x and up.
-</div>
+---
+weight: 302
+toc: true
+title: Deploy to kubeadm
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you deploying kube-prometheus on Kubernetes kubeadm.
+images: []
+draft: false
+description: This guide will help you deploying kube-prometheus on Kubernetes kubeadm.
+---
 
-# Kube Prometheus on Kubeadm
-
-The [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) tool is linked by Kubernetes as the offical way to deploy and manage self-hosted clusters. Kubeadm does a lot of heavy lifting by automatically configuring your Kubernetes cluster with some common options. This guide is intended to show you how to deploy Prometheus, Prometheus Operator and Kube Prometheus to get you started monitoring your cluster that was deployed with Kubeadm.
+The [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) tool is linked by Kubernetes as the offical way to deploy and manage self-hosted clusters. kubeadm does a lot of heavy lifting by automatically configuring your Kubernetes cluster with some common options. This guide is intended to show you how to deploy Prometheus, Prometheus Operator and Kube Prometheus to get you started monitoring your cluster that was deployed with kubeadm.
 
 This guide assumes you have a basic understanding of how to use the functionality the Prometheus Operator implements. If you haven't yet, we recommend reading through the [getting started guide](https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md) as well as the [alerting guide](https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/alerting.md).
 
-## Kubeadm Pre-requisites
+## kubeadm Pre-requisites
 
 This guide assumes you have some familiarity with `kubeadm` or at least have deployed a cluster using `kubeadm`. By default, `kubeadm` does not expose two of the services that we will be monitoring. Therefore, in order to get the most out of the `kube-prometheus` package, we need to make some quick tweaks to the Kubernetes cluster. Since we will be monitoring the `kube-controller-manager` and `kube-scheduler`, we must expose them to the cluster.
 
 By default, `kubeadm` runs these pods on your master and bound to `127.0.0.1`. There are a couple of ways to change this. The recommended way to change these features is to use the [kubeadm config file](https://kubernetes.io/docs/reference/generated/kubeadm/#config-file). An example configuration file can be used:
 
 ```yaml
-apiVersion: kubeadm.k8s.io/v1alpha1
-kind: MasterConfiguration
-api:
-  advertiseAddress: 192.168.1.173
-  bindPort: 6443
-authorizationModes:
-- Node
-- RBAC
-certificatesDir: /etc/kubernetes/pki
-cloudProvider:
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+controlPlaneEndpoint: "192.168.1.173:6443"
+apiServer:
+  extraArgs:
+    authorization-mode: "Node,RBAC"
+controllerManager:
+  extraArgs:
+    bind-address: "0.0.0.0"
+scheduler:
+  extraArgs:
+    bind-address: "0.0.0.0"
+certificatesDir: "/etc/kubernetes/pki"
 etcd:
-  dataDir: /var/lib/etcd
-  endpoints: null
-imageRepository: gcr.io/google_containers
-kubernetesVersion: v1.8.3
+  # one of local or external
+  local:
+    dataDir: "/var/lib/etcd"
+kubernetesVersion: "v1.23.1"
 networking:
-  dnsDomain: cluster.local
-  serviceSubnet: 10.96.0.0/12
-nodeName: your-dev
-tokenTTL: 24h0m0s
-controllerManagerExtraArgs:
-  address: 0.0.0.0
-schedulerExtraArgs:
-  address: 0.0.0.0
+  dnsDomain: "cluster.local"
+  serviceSubnet: "10.96.0.0/12"
+imageRepository: "registry.k8s.io"
 ```
 
-Notice the `schedulerExtraArgs` and `controllerManagerExtraArgs`. This exposes the `kube-controller-manager` and `kube-scheduler` services to the rest of the cluster. If you have kubernetes core components as pods in the kube-system namespace, ensure that the `kube-prometheus-exporter-kube-scheduler` and `kube-prometheus-exporter-kube-controller-manager` services' `spec.selector` values match those of pods.
+Notice the `.scheduler.extraArgs` and `.controllerManager.extraArgs`. This exposes the `kube-controller-manager` and `kube-scheduler` services to the rest of the cluster. If you have kubernetes core components as pods in the kube-system namespace, ensure that the `kube-prometheus-exporter-kube-scheduler` and `kube-prometheus-exporter-kube-controller-manager` services' `spec.selector` values match those of pods.
 
-In addition, we will be using `node-exporter` to monitor the `cAdvisor` service on all the nodes. This, however requires a change to the `kubelet` service on the master as well as all the nodes. According to the Kubernetes documentation
-
-> The kubeadm deb package ships with configuration for how the kubelet should be run. Note that the `kubeadm` CLI command will never touch this drop-in file. This drop-in file belongs to the kubeadm deb/rpm package.
-
-Again, we need to expose the `cadvisor` that is installed and managed by the `kubelet` daemon and allow webhook token authentication. To do so, we do the following on all the masters and nodes:
-
-```bash
-KUBEADM_SYSTEMD_CONF=/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-sed -e "/cadvisor-port=0/d" -i "$KUBEADM_SYSTEMD_CONF"
-if ! grep -q "authentication-token-webhook=true" "$KUBEADM_SYSTEMD_CONF"; then
-  sed -e "s/--authorization-mode=Webhook/--authentication-token-webhook=true --authorization-mode=Webhook/" -i "$KUBEADM_SYSTEMD_CONF"
-fi
-systemctl daemon-reload
-systemctl restart kubelet
-```
+In previous versions of Kubernetes, we had to make a change to the `kubelet` setting with regard to `cAdvisor` monitoring on the control-plane as well as all the nodes. But this is **no longer required due to [the change of Kubernetes](https://github.com/kubernetes/kubernetes/issues/56523)**.
 
 In case you already have a Kubernetes deployed with kubeadm, change the address kube-controller-manager and kube-scheduler listens in addition to previous kubelet change:
 
 ```
-sed -e "s/- --address=127.0.0.1/- --address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-controller-manager.yaml
-sed -e "s/- --address=127.0.0.1/- --address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-scheduler.yaml
+sed -e "s/- --bind-address=127.0.0.1/- --bind-address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-controller-manager.yaml
+sed -e "s/- --bind-address=127.0.0.1/- --bind-address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-scheduler.yaml
 ```
 
 With these changes, your Kubernetes cluster is ready.
@@ -86,7 +76,6 @@ Once you complete this guide you will monitor the following:
 * kube-scheduler
 * kube-controller-manager
 
-
 ## Getting Up and Running Fast with Kube-Prometheus
 
 To help get started more quickly with monitoring Kubernetes clusters, [kube-prometheus](https://github.com/coreos/kube-prometheus) was created. It is a collection of manifests including dashboards and alerting rules that can easily be deployed. It utilizes the Prometheus Operator and all the manifests demonstrated in this guide.

docs/migration-example/my.release-0.3.jsonnet

@@ -0,0 +1,296 @@
+// Has the following customisations
+// 	Custom alert manager config
+// 	Ingresses for the alert manager, prometheus and grafana
+// 	Grafana admin user password
+// 	Custom prometheus rules
+// 	Custom grafana dashboards
+// 	Custom prometheus config - Data retention, memory, etc.
+//	Node exporter role and role binding so we can use a PSP for the node exporter
+
+
+// External variables
+// See https://jsonnet.org/learning/tutorial.html
+local cluster_identifier = std.extVar('cluster_identifier');
+local etcd_ip = std.extVar('etcd_ip');
+local etcd_tls_ca = std.extVar('etcd_tls_ca');
+local etcd_tls_cert = std.extVar('etcd_tls_cert');
+local etcd_tls_key = std.extVar('etcd_tls_key');
+local grafana_admin_password = std.extVar('grafana_admin_password');
+local prometheus_data_retention_period = std.extVar('prometheus_data_retention_period');
+local prometheus_request_memory = std.extVar('prometheus_request_memory');
+
+
+// Derived variables
+local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local';
+local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local';
+local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local';
+
+
+// Imports
+local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
+local ingress = k.extensions.v1beta1.ingress;
+local ingressRule = ingress.mixin.spec.rulesType;
+local ingressRuleHttpPath = ingressRule.mixin.http.pathsType;
+local ingressTls = ingress.mixin.spec.tlsType;
+local role = k.rbac.v1.role;
+local roleBinding = k.rbac.v1.roleBinding;
+local roleRulesType = k.rbac.v1.role.rulesType;
+
+
+local kp =
+  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') +
+  (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
+
+  {
+    _config+:: {
+      // Override namespace
+      namespace: 'monitoring',
+
+
+      // Override alert manager config
+      // See https://github.com/coreos/kube-prometheus/tree/master/examples/alertmanager-config-external.jsonnet
+      alertmanager+: {
+        config: importstr 'alertmanager.yaml',
+      },
+
+      // Override etcd config
+      // See https://github.com/coreos/kube-prometheus/blob/master/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
+      // See https://github.com/coreos/kube-prometheus/blob/master/examples/etcd-skip-verify.jsonnet
+      etcd+:: {
+        clientCA: etcd_tls_ca,
+        clientCert: etcd_tls_cert,
+        clientKey: etcd_tls_key,
+        ips: [etcd_ip],
+      },
+
+      // Override grafana config
+      // anonymous access
+      // 	See http://docs.grafana.org/installation/configuration/
+      // 	See http://docs.grafana.org/auth/overview/#anonymous-authentication
+      // admin_password
+      // 	See http://docs.grafana.org/installation/configuration/#admin-password
+      grafana+:: {
+        config: {
+          sections: {
+            'auth.anonymous': {
+              enabled: true,
+            },
+            security: {
+              admin_password: grafana_admin_password,
+            },
+          },
+        },
+
+
+      },
+    },
+
+    // Additional grafana dashboards
+    grafanaDashboards+:: {
+      'my-specific.json': (import 'my-grafana-dashboard-definitions.json'),
+    },
+
+    // Alert manager needs an externalUrl
+    alertmanager+:: {
+      alertmanager+: {
+        spec+: {
+          // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
+          // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md
+          externalUrl: 'https://' + alert_manager_host,
+        },
+      },
+    },
+
+
+    // Add additional ingresses
+    // See https://github.com/coreos/kube-prometheus/tree/master/examples/ingress.jsonnet
+    ingress+:: {
+      alertmanager:
+        ingress.new() +
+
+
+        ingress.mixin.metadata.withName('alertmanager') +
+        ingress.mixin.metadata.withNamespace($._config.namespace) +
+        ingress.mixin.metadata.withAnnotations({
+          'kubernetes.io/ingress.class': 'nginx-api',
+        }) +
+
+        ingress.mixin.spec.withRules(
+          ingressRule.new() +
+          ingressRule.withHost(alert_manager_host) +
+          ingressRule.mixin.http.withPaths(
+            ingressRuleHttpPath.new() +
+
+
+            ingressRuleHttpPath.mixin.backend.withServiceName('alertmanager-operated') +
+
+            ingressRuleHttpPath.mixin.backend.withServicePort(9093)
+          ),
+        ) +
+
+
+        // Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard
+        // secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371
+        ingress.mixin.spec.withTls(
+          ingressTls.new() +
+          ingressTls.withHosts(alert_manager_host)
+        ),
+
+
+      grafana:
+        ingress.new() +
+
+
+        ingress.mixin.metadata.withName('grafana') +
+        ingress.mixin.metadata.withNamespace($._config.namespace) +
+        ingress.mixin.metadata.withAnnotations({
+          'kubernetes.io/ingress.class': 'nginx-api',
+        }) +
+
+        ingress.mixin.spec.withRules(
+          ingressRule.new() +
+          ingressRule.withHost(grafana_host) +
+          ingressRule.mixin.http.withPaths(
+            ingressRuleHttpPath.new() +
+
+
+            ingressRuleHttpPath.mixin.backend.withServiceName('grafana') +
+
+            ingressRuleHttpPath.mixin.backend.withServicePort(3000)
+          ),
+        ) +
+
+
+        // Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard
+        // secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371
+        ingress.mixin.spec.withTls(
+          ingressTls.new() +
+          ingressTls.withHosts(grafana_host)
+        ),
+
+
+      prometheus:
+        ingress.new() +
+
+
+        ingress.mixin.metadata.withName('prometheus') +
+        ingress.mixin.metadata.withNamespace($._config.namespace) +
+        ingress.mixin.metadata.withAnnotations({
+          'kubernetes.io/ingress.class': 'nginx-api',
+        }) +
+        ingress.mixin.spec.withRules(
+          ingressRule.new() +
+
+          ingressRule.withHost(prometheus_host) +
+          ingressRule.mixin.http.withPaths(
+            ingressRuleHttpPath.new() +
+
+
+            ingressRuleHttpPath.mixin.backend.withServiceName('prometheus-operated') +
+
+            ingressRuleHttpPath.mixin.backend.withServicePort(9090)
+          ),
+        ) +
+
+
+        // Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard
+        // secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371
+        ingress.mixin.spec.withTls(
+          ingressTls.new() +
+          ingressTls.withHosts(prometheus_host)
+        ),
+    },
+
+
+    // Node exporter PSP role and role binding
+    // Add a new top level field for this, the "node-exporter" PSP already exists, so not defining here just referencing
+    // See https://github.com/coreos/prometheus-operator/issues/787
+    nodeExporterPSP: {
+      role:
+        role.new() +
+
+
+        role.mixin.metadata.withName('node-exporter-psp') +
+        role.mixin.metadata.withNamespace($._config.namespace) +
+        role.withRules([
+          roleRulesType.new() +
+          roleRulesType.withApiGroups(['policy']) +
+          roleRulesType.withResources(['podsecuritypolicies']) +
+          roleRulesType.withVerbs(['use']) +
+          roleRulesType.withResourceNames(['node-exporter']),
+        ]),
+
+      roleBinding:
+        roleBinding.new() +
+        roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
+
+
+        roleBinding.mixin.metadata.withName('node-exporter-psp') +
+        roleBinding.mixin.metadata.withNamespace($._config.namespace) +
+
+
+        roleBinding.mixin.roleRef.withName('node-exporter-psp') +
+        roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) +
+
+
+        roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'node-exporter' }]),
+
+
+    },
+
+
+    // Prometheus needs some extra custom config
+    prometheus+:: {
+      prometheus+: {
+        spec+: {
+          // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+          externalLabels: {
+            cluster: cluster_identifier,
+          },
+          // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
+          // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md
+          externalUrl: 'https://' + prometheus_host,
+          // Override reuest memory
+          resources: {
+            requests: {
+              memory: prometheus_request_memory,
+            },
+          },
+          // Override data retention period
+          retention: prometheus_data_retention_period,
+        },
+      },
+    },
+
+
+    // Additional prometheus rules
+    // See https://github.com/coreos/kube-prometheus/docs/developing-prometheus-rules-and-grafana-dashboards.md
+    // cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json
+    prometheusRules+:: {
+
+
+      groups+: import 'my-prometheus-rules.json',
+
+
+    },
+  };
+
+
+// Render
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+
+
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+
+
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+
+{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['node-exporter-psp-' + name]: kp.nodeExporterPSP[name] for name in std.objectFields(kp.nodeExporterPSP) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }

docs/migration-example/my.release-0.8.jsonnet

@@ -0,0 +1,316 @@
+// Has the following customisations
+// 	Custom alert manager config
+// 	Ingresses for the alert manager, prometheus and grafana
+// 	Grafana admin user password
+// 	Custom prometheus rules
+// 	Custom grafana dashboards
+// 	Custom prometheus config - Data retention, memory, etc.
+//	Node exporter role and role binding so we can use a PSP for the node exporter
+
+// for help with expected content, see https://github.com/thaum-xyz/ankhmorpork
+
+// External variables
+// See https://jsonnet.org/learning/tutorial.html
+local cluster_identifier = std.extVar('cluster_identifier');
+local etcd_ip = std.extVar('etcd_ip');
+local etcd_tls_ca = std.extVar('etcd_tls_ca');
+local etcd_tls_cert = std.extVar('etcd_tls_cert');
+local etcd_tls_key = std.extVar('etcd_tls_key');
+local grafana_admin_password = std.extVar('grafana_admin_password');
+local prometheus_data_retention_period = std.extVar('prometheus_data_retention_period');
+local prometheus_request_memory = std.extVar('prometheus_request_memory');
+
+
+// Derived variables
+local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local';
+local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local';
+local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local';
+
+
+// ksonnet no longer required
+
+
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  // kubeadm now achieved by setting platform value - see 9 lines below
+  (import 'kube-prometheus/addons/static-etcd.libsonnet') +
+  (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+
+      // Add kubeadm platform-specific items,
+      // including kube-contoller-manager and kube-scheduler discovery
+      kubePrometheus+: {
+        platform: 'kubeadm',
+      },
+
+      // Override alert manager config
+      // See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/alertmanager-config-external.jsonnet
+      alertmanager+: {
+        config: importstr 'alertmanager.yaml',
+      },
+
+      // Override etcd config
+      // See https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet
+      // See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/etcd-skip-verify.jsonnet
+      etcd+:: {
+        clientCA: etcd_tls_ca,
+        clientCert: etcd_tls_cert,
+        clientKey: etcd_tls_key,
+        ips: [etcd_ip],
+      },
+
+      // Override grafana config
+      // anonymous access
+      // 	See http://docs.grafana.org/installation/configuration/
+      // 	See http://docs.grafana.org/auth/overview/#anonymous-authentication
+      // admin_password
+      // 	See http://docs.grafana.org/installation/configuration/#admin-password
+      grafana+:: {
+        config: {
+          sections: {
+            'auth.anonymous': {
+              enabled: true,
+            },
+            security: {
+              admin_password: grafana_admin_password,
+            },
+          },
+        },
+        // Additional grafana dashboards
+        dashboards+:: {
+          'my-specific.json': (import 'my-grafana-dashboard-definitions.json'),
+        },
+      },
+    },
+
+
+    // Alert manager needs an externalUrl
+    alertmanager+:: {
+      alertmanager+: {
+        spec+: {
+
+          // See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md
+          externalUrl: 'https://' + alert_manager_host,
+        },
+      },
+    },
+
+
+    // Add additional ingresses
+    // See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/ingress.jsonnet
+    ingress+:: {
+      alertmanager: {
+        apiVersion: 'networking.k8s.io/v1',
+        kind: 'Ingress',
+        metadata: {
+          name: 'alertmanager',
+          namespace: $.values.common.namespace,
+          annotations: {
+            'kubernetes.io/ingress.class': 'nginx-api',
+          },
+        },
+        spec: {
+          rules: [{
+            host: alert_manager_host,
+            http: {
+              paths: [{
+                path: '/',
+                pathType: 'Prefix',
+                backend: {
+                  service: {
+                    name: 'alertmanager-operated',
+                    port: {
+                      number: 9093,
+                    },
+                  },
+                },
+              }],
+            },
+          }],
+          tls: [{
+
+            hosts: [alert_manager_host],
+          }],
+        },
+      },
+      grafana: {
+        apiVersion: 'networking.k8s.io/v1',
+        kind: 'Ingress',
+        metadata: {
+          name: 'grafana',
+          namespace: $.values.common.namespace,
+          annotations: {
+            'kubernetes.io/ingress.class': 'nginx-api',
+          },
+        },
+        spec: {
+          rules: [{
+            host: grafana_host,
+            http: {
+              paths: [{
+                path: '/',
+                pathType: 'Prefix',
+                backend: {
+                  service: {
+                    name: 'grafana',
+                    port: {
+                      number: 3000,
+                    },
+                  },
+                },
+              }],
+            },
+          }],
+          tls: [{
+
+            hosts: [grafana_host],
+          }],
+        },
+      },
+      prometheus: {
+        apiVersion: 'networking.k8s.io/v1',
+        kind: 'Ingress',
+        metadata: {
+          name: 'prometheus',
+          namespace: $.values.common.namespace,
+          annotations: {
+            'kubernetes.io/ingress.class': 'nginx-api',
+          },
+        },
+        spec: {
+          rules: [{
+            host: prometheus_host,
+            http: {
+              paths: [{
+                path: '/',
+                pathType: 'Prefix',
+                backend: {
+                  service: {
+                    name: 'prometheus-operated',
+                    port: {
+                      number: 9090,
+                    },
+                  },
+                },
+              }],
+            },
+          }],
+          tls: [{
+
+            hosts: [prometheus_host],
+          }],
+        },
+      },
+    },
+
+
+    // Node exporter PSP role and role binding
+    nodeExporter+: {
+      'psp-role'+: {
+        apiVersion: 'rbac.authorization.k8s.io/v1',
+        kind: 'Role',
+        metadata: {
+          name: 'node-exporter-psp',
+          namespace: $.values.common.namespace,
+        },
+        rules: [{
+          apiGroups: ['policy'],
+          resources: ['podsecuritypolicies'],
+          verbs: ['use'],
+          resourceNames: ['node-exporter'],
+        }],
+      },
+      'psp-rolebinding'+: {
+
+        apiVersion: 'rbac.authorization.k8s.io/v1',
+        kind: 'RoleBinding',
+        metadata: {
+          name: 'node-exporter-psp',
+          namespace: $.values.common.namespace,
+        },
+        roleRef: {
+          apiGroup: 'rbac.authorization.k8s.io',
+          name: 'node-exporter-psp',
+          kind: 'Role',
+        },
+        subjects: [{
+          kind: 'ServiceAccount',
+          name: 'node-exporter',
+        }],
+      },
+    },
+
+    // Prometheus needs some extra custom config
+    prometheus+:: {
+      prometheus+: {
+        spec+: {
+
+          externalLabels: {
+            cluster: cluster_identifier,
+          },
+
+          // See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md
+          externalUrl: 'https://' + prometheus_host,
+          // Override reuest memory
+          resources: {
+            requests: {
+              memory: prometheus_request_memory,
+            },
+          },
+          // Override data retention period
+          retention: prometheus_data_retention_period,
+        },
+      },
+    },
+
+
+    // Additional prometheus rules
+    // See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/developing-prometheus-rules-and-grafana-dashboards.md#pre-rendered-rules
+    // cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json
+    prometheusMe: {
+      rules: {
+        apiVersion: 'monitoring.coreos.com/v1',
+        kind: 'PrometheusRule',
+        metadata: {
+          name: 'my-prometheus-rule',
+          namespace: $.values.common.namespace,
+          labels: {
+            'app.kubernetes.io/name': 'kube-prometheus',
+            'app.kubernetes.io/part-of': 'kube-prometheus',
+            prometheus: 'k8s',
+            role: 'alert-rules',
+          },
+        },
+        spec: {
+          groups: import 'my-prometheus-rules.json',
+        },
+      },
+    },
+  };
+
+
+// Render
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
++ { ['prometheus-my-' + name]: kp.prometheusMe[name] for name in std.objectFields(kp.prometheusMe) }

docs/migration-example/readme.md

@@ -0,0 +1,251 @@
+## Example of conversion of a legacy my.jsonnet file
+
+An example conversion of a legacy custom jsonnet file to release-0.8
+format can be seen by viewing and comparing this
+[release-0.3 jsonnet file](my.release-0.3.jsonnet) (when the github
+repo was under `https://github.com/coreos/kube-prometheus...`)
+and the corresponding [release-0.8 jsonnet file](my.release-0.8.jsonnet).
+
+These two files have had necessary blank lines added so that they
+can be compared side-by-side and line-by-line on screen.
+
+The conversion covers both the change of stopping using ksonnet after
+release-0.3 and also the major migration after release-0.7 as described in
+[migration-guide.md](../migration-guide.md)
+
+The sample files are intended as an example of format conversion and
+not necessarily best practice for the files in release-0.3 or release-0.8.
+
+Below are three sample extracts of the conversion as an indication of the
+changes required.
+
+<table>
+<tr>
+<th> release-0.3 </th>
+<th> release-0.8 </th>
+</tr>
+<tr>
+<td>
+
+```jsonnet
+local kp =
+  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') +
+  (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
+
+  {
+    _config+:: {
+      // Override namespace
+      namespace: 'monitoring',
+  
+  
+  
+  
+   
+   
+   
+```
+
+</td>
+<td>
+
+```jsonnet
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  // kubeadm now achieved by setting platform value - see 9 lines below
+  (import 'kube-prometheus/addons/static-etcd.libsonnet') +
+  (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+
+      // Add kubeadm platform-specific items,
+      // including kube-contoller-manager and kube-scheduler discovery
+      kubePrometheus+: {
+        platform: 'kubeadm',
+      },
+```
+
+</td>
+</tr>
+</table>
+<table>
+<tr>
+<th> release-0.3 </th>
+<th> release-0.8 </th>
+</tr>
+<tr>
+<td>
+
+```jsonnet
+    // Add additional ingresses
+    // See https://github.com/coreos/kube-prometheus/...
+    //           tree/master/examples/ingress.jsonnet
+    ingress+:: {
+      alertmanager:
+        ingress.new() +
+
+
+        ingress.mixin.metadata.withName('alertmanager') +
+        ingress.mixin.metadata.withNamespace($._config.namespace) +
+        ingress.mixin.metadata.withAnnotations({
+          'kubernetes.io/ingress.class': 'nginx-api',
+        }) +
+
+        ingress.mixin.spec.withRules(
+          ingressRule.new() +
+          ingressRule.withHost(alert_manager_host) +
+          ingressRule.mixin.http.withPaths(
+            ingressRuleHttpPath.new() +
+
+
+
+
+            ingressRuleHttpPath.mixin.backend
+                               .withServiceName('alertmanager-operated') +
+            ingressRuleHttpPath.mixin.backend.withServicePort(9093)
+          ),
+        ) +
+        // Note we do not need a TLS secretName here as we are going to use the
+        // nginx-ingress default secret which is a wildcard
+        // secretName would need to be in the same namespace at this time,
+        // see https://github.com/kubernetes/ingress-nginx/issues/2371
+        ingress.mixin.spec.withTls(
+          ingressTls.new() +
+          ingressTls.withHosts(alert_manager_host)
+        ),
+  
+  
+```
+
+</td>
+<td>
+
+```jsonnet
+    // Add additional ingresses
+    // See https://github.com/prometheus-operator/kube-prometheus/...
+    //           blob/main/examples/ingress.jsonnet
+    ingress+:: {
+      alertmanager: {
+        apiVersion: 'networking.k8s.io/v1',
+        kind: 'Ingress',
+        metadata: {
+          name: 'alertmanager',
+          namespace: $.values.common.namespace,
+          annotations: {
+            'kubernetes.io/ingress.class': 'nginx-api',
+          },
+        },
+        spec: {
+          rules: [{
+            host: alert_manager_host,
+            http: {
+              paths: [{
+                path: '/',
+                pathType: 'Prefix',
+                backend: {
+                  service: {
+                    name: 'alertmanager-operated',
+                    port: {
+                      number: 9093,
+                    },
+                  },
+                },
+              }],
+            },
+          }],
+          tls: [{
+
+            hosts: [alert_manager_host],
+          }],
+        },
+      },
+```
+
+</td>
+</tr>
+</table>
+<table>
+<tr>
+<th> release-0.3 </th>
+<th> release-0.8 </th>
+</tr>
+<tr>
+<td>
+
+```jsonnet
+    // Additional prometheus rules
+    // See https://github.com/coreos/kube-prometheus/docs/...
+    //           developing-prometheus-rules-and-grafana-dashboards.md
+    //
+    // cat my-prometheus-rules.yaml | \
+    //   gojsontoyaml -yamltojson | \
+    //   jq . > my-prometheus-rules.json
+    prometheusRules+:: {
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+      groups+: import 'my-prometheus-rules.json',
+
+
+    },
+  };
+  
+  
+  
+  
+```
+
+</td>
+<td>
+
+```jsonnet
+    // Additional prometheus rules
+    // See https://github.com/prometheus-operator/kube-prometheus/blob/main/...
+    //           docs/developing-prometheus-rules-and-grafana-dashboards.md...
+    //           #pre-rendered-rules
+    // cat my-prometheus-rules.yaml | \
+    //   gojsontoyaml -yamltojson | \
+    //   jq . > my-prometheus-rules.json
+    prometheusMe: {
+      rules: {
+        apiVersion: 'monitoring.coreos.com/v1',
+        kind: 'PrometheusRule',
+        metadata: {
+          name: 'my-prometheus-rule',
+          namespace: $.values.common.namespace,
+          labels: {
+            'app.kubernetes.io/name': 'kube-prometheus',
+            'app.kubernetes.io/part-of': 'kube-prometheus',
+            prometheus: 'k8s',
+            role: 'alert-rules',
+          },
+        },
+        spec: {
+          groups: import 'my-prometheus-rules.json',
+        },
+      },
+    },
+  };
+
+...
+
++ { ['prometheus-my-' + name]: kp.prometheusMe[name] for name in std.objectFields(kp.prometheusMe) }
+```
+
+</td>
+</tr>
+</table>

docs/migration-guide.md

@@ -0,0 +1,76 @@
+# Migration guide from release-0.7 and earlier
+
+## Why?
+
+Thanks to our community we identified a lot of short-commings of previous design, varying from issues with global state to UX problems. Hoping to fix at least part of those issues we decided to do a complete refactor of the codebase.
+
+## Overview
+
+### Breaking Changes
+
+- global `_config` object is removed and the new `values` object is a partial replacement
+- `imageRepos` field was removed and the project no longer tries to compose image strings. Use `$.values.common.images` to override default images.
+- prometheus alerting and recording rules are split into multiple `PrometheusRule` objects
+- kubernetes control plane ServiceMonitors and Services are now part of the new `kubernetesControlPlane` top-level object instead of `prometheus` object
+- `jsonnet/kube-prometheus/kube-prometheus.libsonnet` file was renamed to `jsonnet/kube-prometheus/main.libsonnet` and slimmed down to bare minimum
+- `jsonnet/kube-prometheus/kube-prometheus*-.libsonnet` files were move either to `jsonnet/kube-prometheus/addons/` or `jsonnet/kube-prometheus/platforms/` depending on the feature they provided
+- all component libraries are now function- and not object-based
+- monitoring-mixins are included inside each component and not globally. `prometheusRules`, `prometheusAlerts`, and `grafanaDashboards` are accessible only per component via `mixin` object (ex. `$.alertmanager.mixin.prometheusAlerts`)
+- default repository branch changed from `master` to `main`
+- labels on resources have changes, `kubectl apply` will not work correctly due to those field being immutable. Deleting the resource first before applying is a workaround if you are using the kubectl CLI. (This only applies to `Deployments` and `DaemonSets`.)
+
+### New Features
+
+- concept of `addons`, `components`, and `platforms` was introduced
+- all main `components` are now represented internally by a function with default values and required parameters (see #Component-configuration for more information)
+- `$.values` holds main configuration parameters and should be used to set basic stack configuration.
+- common parameters across all `components` are stored now in `$.values.common`
+- removed dependency on deprecated ksonnet library
+
+## Details
+
+### Components, Addons, Platforms
+
+Those concepts were already present in the repository but it wasn't clear which file is holding what. After refactoring we categorized jsonnet code into 3 buckets and put them into separate directories:
+- `components` - main building blocks for kube-prometheus, written as functions responsible for creating multiple objects representing kubernetes manifests. For example all objects for node_exporter deployment are bundled in `components/node_exporter.libsonnet` library
+- `addons` - everything that can enhance kube-prometheus deployment. Those are small snippets of code adding a small feature, for example adding anti-affinity to pods via [`addons/anti-affinity.libsonnet`](https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet). Addons are meant to be used in object-oriented way like `local kp = (import 'kube-prometheus/main.libsonnet') + (import 'kube-prometheus/addons/all-namespaces.libsonnet')`
+- `platforms` - currently those are `addons` specialized to allow deploying kube-prometheus project on a specific platform.
+
+### Component configuration
+
+Refactoring main components to use functions allowed us to define APIs for said components. Each function has a default set of parameters that can be overridden or that are required to be set by a user. Those default parameters are represented in each component by `defaults` map at the top of each library file, for example in [`node_exporter.libsonnet`](https://github.com/prometheus-operator/kube-prometheus/blob/1d2a0e275af97948667777739a18b24464480dc8/jsonnet/kube-prometheus/components/node-exporter.libsonnet#L3-L34).
+
+This API is meant to ease the use of kube-prometheus as parameters can be passed from a JSON file and don't need to be in jsonnet format. However, if you need to modify particular parts of the stack, jsonnet allows you to do this and we are also not restricting such access in any way. An example of such modifications can be seen in any of our `addons`, like the [`addons/anti-affinity.libsonnet`](https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet) one.
+
+### Mixin integration
+
+Previously kube-prometheus project joined all mixins on a global level. However with a wider adoption of monitoring mixins this turned out to be a problem, especially apparent when two mixins started to use the same configuration field for different purposes. To fix this we moved all mixins into their own respective components:
+- alertmanager mixin -> `alertmanager.libsonnet`
+- kubernetes mixin -> `k8s-control-plane.libsonnet`
+- kube-state-metrics mixin -> `kube-state-metrics.libsonnet`
+- node_exporter mixin -> `node_exporter.libsonnet`
+- prometheus and thanos sidecar mixins -> `prometheus.libsonnet`
+- prometheus-operator mixin -> `prometheus-operator.libsonnet`
+- kube-prometheus alerts and rules -> `components/mixin/custom.libsonnet`
+
+> etcd mixin is a special case as we add it inside an `addon` in `addons/static-etcd.libsonnet`
+
+This results in creating multiple `PrometheusRule` objects instead of having one giant object as before. It also means each mixin is configured separately and accessing mixin objects is done via `$.<component>.mixin`.
+
+## Examples
+
+All examples from `examples/` directory were adapted to the new codebase. [Please take a look at them for guideance](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples)
+
+## Legacy migration
+
+An example of conversion of a legacy release-0.3 my.jsonnet file to release-0.8 can be found in [migration-example](migration-example)
+
+## Advanced usage examples
+
+For more advanced usage examples you can take a look at those two, open to public, implementations:
+- [thaum-xyz/ankhmorpork](https://github.com/thaum-xyz/ankhmorpork/blob/master/apps/monitoring/jsonnet) - extending kube-prometheus to adapt to a required environment
+- [openshift/cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/pull/1044) - using kube-prometheus components as standalone libraries to build a custom solution
+
+## Final note
+
+Refactoring was a huge undertaking and possibly this document didn't describe in enough detail how to help you with migration to the new stack. If that is the case, please reach out to us by using [GitHub discussions](https://github.com/prometheus-operator/kube-prometheus/discussions) feature or directly on [#prometheus-operator kubernetes slack channel](http://slack.k8s.io/).

docs/monitoring-external-etcd.md

@@ -1,10 +1,22 @@
-# Monitoring external etcd
-This guide will help you monitor an external etcd cluster. When the etcd cluster is not hosted inside Kubernetes.
+---
+weight: 305
+toc: true
+title: Monitoring external etcd
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you monitoring an external etcd cluster.
+images: []
+draft: false
+description: This guide will help you monitoring an external etcd cluster.
+---
+
+When the etcd cluster is not hosted inside Kubernetes.
 This is often the case with Kubernetes setups. This approach has been tested with kube-aws but the same principals apply to other tools.
 
-Note that [etcd.jsonnet](../examples/etcd.jsonnet) & [kube-prometheus-static-etcd.libsonnet](../jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet) (which are described by a section of the [Readme](../README.md#static-etcd-configuration)) do the following:
- * Put the three etcd TLS client files (CA & cert & key) into a secret in the namespace, and have Prometheus Operator load the secret.
- * Create the following (to expose etcd metrics - port 2379): a Service, Endpoint, & ServiceMonitor.
+Note that [etcd.jsonnet](../examples/etcd.jsonnet) & [static-etcd.libsonnet](../jsonnet/kube-prometheus/addons/static-etcd.libsonnet) (which are described by a section of the [customization](customizations/static-etcd-configuration.md)) do the following:
+* Put the three etcd TLS client files (CA & cert & key) into a secret in the namespace, and have Prometheus Operator load the secret.
+* Create the following (to expose etcd metrics - port 2379): a Service, Endpoint, & ServiceMonitor.
 
 # Step 1: Open the port
 
@@ -13,6 +25,7 @@ You now need to allow the nodes Prometheus are running on to talk to the etcd on
 If using kube-aws, you will need to edit the etcd security group inbound, specifying the security group of your Kubernetes node (worker) as the source.
 
 ## kube-aws and EIP or ENI inconsistency
+
 With kube-aws, each etcd node has two IP addresses:
 
 * EC2 instance IP
@@ -27,6 +40,7 @@ Another idea woud be to use the DNS entries of etcd, but those are not currently
 # Step 2: verify
 
 Go to the Prometheus UI on :9090/config and check that you have an etcd job entry:
+
 ```
 - job_name: monitoring/etcd-k8s/0
   scrape_interval: 30s
@@ -35,6 +49,5 @@ Go to the Prometheus UI on :9090/config and check that you have an etcd job entr
 ```
 
 On the :9090/targets page:
- * You should see "etcd" with the UP state. If not, check the Error column for more information.
- * If no "etcd" targets are even shown on this page, prometheus isn't attempting to scrape it.
-
+* You should see "etcd" with the UP state. If not, check the Error column for more information.
+* If no "etcd" targets are even shown on this page, prometheus isn't attempting to scrape it.

docs/monitoring-other-namespaces.md

@@ -1,28 +1,55 @@
-# Monitoring other Kubernetes Namespaces
-This guide will help you monitor applications in other Namespaces. By default the RBAC rules are only enabled for the `Default` and `kube-system` Namespace during Install.
+---
+weight: 306
+toc: true
+title: Monitoring other Namespaces
+menu:
+    docs:
+        parent: kube
+lead: This guide will help you monitoring applications in other namespaces.
+images: []
+draft: false
+description: This guide will help you monitoring applications in other namespaces.
+---
+
+By default the RBAC rules are only enabled for the `Default` and `kube-system` namespaces.
 
 # Setup
-You have to give the list of the Namespaces that you want to be able to monitor.
+
+You have to give the list of the namespaces that you want to be able to monitor.
 This is done in the variable `prometheus.roleSpecificNamespaces`. You usually set this in your `.jsonnet` file when building the manifests.
 
-Example to create the needed `Role` and `RoleBinding` for the Namespace `foo` : 
-```
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+Example to create the needed `Role` and `RoleBinding` for the Namespace `foo` :
 
-    prometheus+:: {
-      namespaces: ["default", "kube-system", "foo"],
+```
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+
+      prometheus+:: {
+        namespaces: ["default", "kube-system", "monitoring", "foo"],
+      },
     },
-  },
-};
- 
-{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
-{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
-{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
-{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+  };
 
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
 ```

docs/security.md

@@ -0,0 +1,24 @@
+## Security
+
+The manifests generated in this repository are subject to a security audit in CI via [kubescape](https://github.com/armosec/kubescape).
+The scan can be run locally via `make kubescape`.
+
+While we aim for best practices in terms of security by default, due to the nature of the project, we are required to make the exceptions in the following components:
+
+#### node-exporter
+* Host Port is set. [Kubernetes already sets a Host Port by default when Host Network is enabled.](https://github.com/kubernetes/kubernetes/blob/1945829906546caf867992669a0bfa588edf8be6/pkg/apis/core/v1/defaults.go#L402-L411). Since nothing can be done here, we configure it to our preference port.
+* Host PID is set to `true`, since node-exporter requires direct access to the host namespace to gather statistics.
+* Host Network is set to `true`, since node-exporter requires direct access to the host network to gather statistics.
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server.
+
+#### prometheus-adapter
+* `automountServiceAccountToken` is set to `true` on Pod level as application requires connection to kubernetes API server.
+
+#### blackbox-exporter
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server.
+
+#### kube-state-metrics
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server.
+
+#### prometheus-operator
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server.

docs/troubleshooting.md

@@ -0,0 +1,49 @@
+# Troubleshooting
+
+See the general [guidelines](community-support.md) for getting support from the community.
+
+## Error retrieving kubelet metrics
+
+Should the Prometheus `/targets` page show kubelet targets, but not able to successfully scrape the metrics, then most likely it is a problem with the authentication and authorization setup of the kubelets.
+
+As described in the [README.md Prerequisites](../README.md#prerequisites) section, in order to retrieve metrics from the kubelet token authentication and authorization must be enabled. Some Kubernetes setup tools do not enable this by default.
+
+- If you are using Google's GKE product, see [cAdvisor support](GKE-cadvisor-support.md).
+- If you are using AWS EKS, see [AWS EKS CNI support](EKS-cni-support.md).
+- If you are using Weave Net, see [Weave Net support](weave-net-support.md).
+
+### Authentication problem
+
+The Prometheus `/targets` page will show the kubelet job with the error `403 Unauthorized`, when token authentication is not enabled. Ensure, that the `--authentication-token-webhook=true` flag is enabled on all kubelet configurations.
+
+### Authorization problem
+
+The Prometheus `/targets` page will show the kubelet job with the error `401 Unauthorized`, when token authorization is not enabled. Ensure that the `--authorization-mode=Webhook` flag is enabled on all kubelet configurations.
+
+## kube-state-metrics resource usage
+
+In some environments, kube-state-metrics may need additional
+resources. One driver for more resource needs, is a high number of
+namespaces. There may be others.
+
+kube-state-metrics resource allocation is managed by
+[addon-resizer](https://github.com/kubernetes/autoscaler/tree/master/addon-resizer/nanny)
+You can control it's parameters by setting variables in the
+config. They default to:
+
+```jsonnet
+    kubeStateMetrics+:: {
+      baseCPU: '100m',
+      cpuPerNode: '2m',
+      baseMemory: '150Mi',
+      memoryPerNode: '30Mi',
+    }
+```
+
+## Error retrieving kube-proxy metrics
+
+By default, kubeadm will configure kube-proxy to listen on 127.0.0.1 for metrics. Because of this prometheus would not be able to scrape these metrics. This would have to be changed to 0.0.0.0 in one of the following two places:
+
+1. Before cluster initialization, the config file passed to kubeadm init should have KubeProxyConfiguration manifest with the field metricsBindAddress set to 0.0.0.0:10249
+2. If the k8s cluster is already up and running, we'll have to modify the configmap kube-proxy in the namespace kube-system and set the metricsBindAddress field. After this kube-proxy daemonset would have to be restarted with
+   `kubectl -n kube-system rollout restart daemonset kube-proxy`

docs/update.md

@@ -0,0 +1,29 @@
+# Update kube-prometheus
+
+You may wish to fetch changes made on this project so they are available to you.
+
+## Update jb
+
+`jb` may have been updated so it's a good idea to get the latest version of this binary:
+
+```shell
+$ go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
+```
+
+## Update kube-prometheus
+
+The command below will sync with upstream project:
+
+```shell
+$ jb update
+```
+
+## Compile the manifests and apply
+
+Once updated, just follow the instructions under [Generating](customizing.md#generating) and [Apply the kube-prometheus stack](customizing.md#apply-the-kube-prometheus-stack) from [customizing.md doc](customizing.md) to apply the changes to your cluster.
+
+## Migration from previous versions
+
+If you are migrating from `release-0.7` branch or earlier please read [what changed and how to migrate in our guide](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/migration-guide.md).
+
+Refer to [migration document](migration-example) for more information about migration from 0.3 and 0.8 versions of kube-prometheus.

docs/weave-net-support.md

@@ -1,12 +1,14 @@
 # Setup Weave Net monitoring using kube-prometheus
+
 [Weave Net](https://kubernetes.io/docs/concepts/cluster-administration/networking/#weave-net-from-weaveworks) is a resilient and simple to use CNI provider for Kubernetes. A well monitored and observed CNI provider helps in troubleshooting Kubernetes networking problems. [Weave Net](https://www.weave.works/docs/net/latest/concepts/how-it-works/) emits [prometheus metrics](https://www.weave.works/docs/net/latest/tasks/manage/metrics/) for monitoring Weave Net. There are many ways to install Weave Net in your cluster. One of them is using [kops](https://github.com/kubernetes/kops/blob/master/docs/networking.md).
 
 Following this document, you can setup Weave Net monitoring for your cluster using kube-prometheus.
 
 ## Contents
+
 Using kube-prometheus and kubectl you will be able install the following for monitoring Weave Net in your cluster:
 
-1. [Service for Weave Net](https://gist.github.com/alok87/379c6234b582f555c141f6fddea9fbce) The service which the [service monitor](https://coreos.com/operators/prometheus/docs/latest/user-guides/cluster-monitoring.html) scrapes.
+1. [Service for Weave Net](https://gist.github.com/alok87/379c6234b582f555c141f6fddea9fbce) The service which the ServiceMonitor scrapes.
 2. [ServiceMonitor for Weave Net](https://gist.github.com/alok87/e46a7f9a79ef6d1da6964a035be2cfb9) Service monitor to scrape the Weave Net metrics and bring it to Prometheus.
 3. [Prometheus Alerts for Weave Net](https://stackoverflow.com/a/60447864) This will setup all the important Weave Net metrics you should be alerted on.
 4. [Grafana Dashboard for Weave Net](https://grafana.com/grafana/dashboards/11789) This will setup the per Weave Net pod level monitoring for Weave Net.
@@ -15,38 +17,43 @@ Using kube-prometheus and kubectl you will be able install the following for mon
 ## Instructions
 - You can monitor Weave Net using an example like below. **Please note that some alert configurations are environment specific and may require modifications of alert thresholds**. For example: The FastDP flows have never gone below 15000 for us. But if this value is say 20000 for you then you can use an example like below to update the alert. The alerts which may require threshold modifications are `WeaveNetFastDPFlowsLow` and `WeaveNetIPAMUnreachable`.
 
-[embedmd]:# (../examples/weave-net-example.jsonnet)
-```jsonnet
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
-           (import 'kube-prometheus/kube-prometheus-weave-net.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+```jsonnet mdox-exec="cat examples/weave-net-example.jsonnet"
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/weave-net/weave-net.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
   },
-  prometheusAlerts+:: {
-    groups: std.map(
-      function(group)
-        if group.name == 'weave-net' then
-          group {
-            rules: std.map(
-              function(rule)
-                if rule.alert == 'WeaveNetFastDPFlowsLow' then
-                  rule {
-                    expr: 'sum(weave_flows) < 20000',
-                  }
-                else if rule.alert == 'WeaveNetIPAMUnreachable' then
-                  rule {
-                    expr: 'weave_ipam_unreachable_percentage > 25',
-                  }
-                else
-                  rule
-              ,
-              group.rules
-            ),
-          }
-        else
-          group,
-      super.groups
-    ),
+  kubernetesControlPlane+: {
+    prometheusRuleWeaveNet+: {
+      spec+: {
+        groups: std.map(
+          function(group)
+            if group.name == 'weave-net' then
+              group {
+                rules: std.map(
+                  function(rule)
+                    if rule.alert == 'WeaveNetFastDPFlowsLow' then
+                      rule {
+                        expr: 'sum(weave_flows) < 20000',
+                      }
+                    else if rule.alert == 'WeaveNetIPAMUnreachable' then
+                      rule {
+                        expr: 'weave_ipam_unreachable_percentage > 25',
+                      }
+                    else
+                      rule
+                  ,
+                  group.rules
+                ),
+              }
+            else
+              group,
+          super.groups
+        ),
+      },
+    },
   },
 };
 
@@ -60,6 +67,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
 ```
 
 - After you have the required yamls file please run
+
 ```
 kubectl create -f prometheus-serviceWeaveNet.yaml
 kubectl create -f prometheus-serviceMonitorWeaveNet.yaml

docs/windows.md

@@ -0,0 +1,23 @@
+# Windows
+
+The [Windows addon](../examples/windows.jsonnet) adds the dashboards and rules from [kubernetes-monitoring/kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin#dashboards-for-windows-nodes).
+
+Currently, Docker based Windows does not support running with [windows_exporter](https://github.com/prometheus-community/windows_exporter) in a pod so this add on uses [additional scrape configuration](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/additional-scrape-config.md) to set up a static config to scrape the node ports where windows_exporter is configured.
+
+The addon requires you to specify the node ips and ports where it can find the windows_exporter. See the [full example](../examples/windows.jsonnet) for setup.
+
+```
+local kp = (import 'kube-prometheus/main.libsonnet') +
+  (import 'kube-prometheus/addons/windows.libsonnet') +
+  {
+    values+:: {
+      windowsScrapeConfig+:: {
+          static_configs: {
+              targets: ["10.240.0.65:5000", "10.240.0.63:5000"],
+          },
+      },
+    },
+  };
+```
+
+[Containerd](https://github.com/prometheus-community/windows_exporter/blob/master/kubernetes/kubernetes.md) version can run as pod.

example.jsonnet

@@ -1,27 +1,37 @@
 local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  (import 'kube-prometheus/main.libsonnet') +
   // Uncomment the following imports to enable its patches
-  // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
-  // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') +
+  // (import 'kube-prometheus/addons/anti-affinity.libsonnet') +
+  // (import 'kube-prometheus/addons/managed-cluster.libsonnet') +
+  // (import 'kube-prometheus/addons/node-ports.libsonnet') +
+  // (import 'kube-prometheus/addons/static-etcd.libsonnet') +
+  // (import 'kube-prometheus/addons/custom-metrics.libsonnet') +
+  // (import 'kube-prometheus/addons/external-metrics.libsonnet') +
+  // (import 'kube-prometheus/addons/pyrra.libsonnet') +
   {
-    _config+:: {
-      namespace: 'monitoring',
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
     },
   };
 
-{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
 {
   ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
-  for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
 } +
-// serviceMonitor is separated so that it can be created after the CRDs are ready
+// { 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
 { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
-{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
-{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
 { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+// { ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
 { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }

examples/additional-namespaces-servicemonitor.jsonnet

@@ -1,11 +1,13 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
     prometheus+:: {
       namespaces+: ['my-namespace', 'my-second-namespace'],
     },
   },
-  prometheus+:: {
+  exampleApplication: {
     serviceMonitorMyNamespace: {
       apiVersion: 'monitoring.coreos.com/v1',
       kind: 'ServiceMonitor',
@@ -22,7 +24,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
         ],
         selector: {
           matchLabels: {
-            app: 'myapp',
+            'app.kubernetes.io/name': 'myapp',
           },
         },
       },
@@ -37,4 +39,5 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
 { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
 { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
 { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
-{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }

examples/additional-namespaces.jsonnet

@@ -1,8 +1,10 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
 
-    prometheus+:: {
+    prometheus+: {
       namespaces+: ['my-namespace', 'my-second-namespace'],
     },
   },

examples/alertmanager-alert-template.tmpl

@@ -0,0 +1,37 @@
+# to know more about custom template language read alertmanager documentation
+# inspired by : https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512
+
+{{ define "slack.title" -}}
+    [{{ .Status | toUpper -}}
+    {{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{- end -}}
+    ] {{ template "__alert_severity_prefix_title" . }} {{ .CommonLabels.alertname }}
+{{- end }}
+
+{{ define "slack.color" -}}
+    {{ if eq .Status "firing" -}}
+        {{ if eq .CommonLabels.severity "warning" -}}
+            warning
+        {{- else if eq .CommonLabels.severity "critical" -}}
+            danger
+        {{- else -}}
+            #439FE0
+        {{- end -}}
+    {{ else -}}
+    good
+    {{- end }}
+{{- end }}
+
+{{ define "slack.icon_emoji" }}:prometheus:{{ end }}
+
+{{/* The test to display in the alert */}}
+  {{ define "slack.text" -}}
+    {{ range .Alerts }}
+        {{- if .Annotations.message }}
+            {{ .Annotations.message }}
+        {{- end }}
+        {{- if .Annotations.description }}
+            {{ .Annotations.description }}
+        {{- end }}
+    {{- end }}
+{{- end }}
+

examples/alertmanager-config-external.jsonnet

@@ -1,5 +1,5 @@
-((import 'kube-prometheus/kube-prometheus.libsonnet') + {
-   _config+:: {
+((import 'kube-prometheus/main.libsonnet') + {
+   values+:: {
      alertmanager+: {
        config: importstr 'alertmanager-config.yaml',
      },

examples/alertmanager-config-template-external.jsonnet

@@ -0,0 +1,35 @@
+local configmap(name, namespace, data) = {
+  apiVersion: 'v1',
+  kind: 'ConfigMap',
+  metadata: {
+    name: name,
+    namespace: namespace,
+  },
+  data: data,
+};
+
+local kp =
+  // different libsonnet imported
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+    },
+    alertmanager+:: {
+      alertmanager+: {
+        spec+: {
+          // the important field configmaps:
+          configMaps: ['alert-templates'],  // goes to etc/alermanager/configmaps
+        },
+      },
+    },
+    configmap+:: {
+      'alert-templates': configmap(
+        'alertmanager-alert-template.tmpl',
+        $.values.common.namespace,  // could be $._config.namespace to assign namespace once
+        { data: importstr 'alertmanager-alert-template.tmpl' },
+      ),
+    },
+  };
+{ [name + '-configmap']: kp.configmap[name] for name in std.objectFields(kp.configmap) }

examples/alertmanager-config-with-template.yaml

@@ -0,0 +1,27 @@
+# external alertmanager yaml
+global:
+  resolve_timeout: 10m
+  slack_api_url: url
+route:
+  group_by: ['job']
+  group_wait: 30s
+  group_interval: 5m
+  repeat_interval: 12h
+  receiver: 'null'
+  routes:
+  - match:
+      alertname: Watchdog
+    receiver: 'null'
+receivers:
+- name: 'null'
+- name: slack
+slack_configs:
+- channel: '#alertmanager-testing'
+  send_resolved: true
+   title: '{{ template "slack.title" . }}'
+    icon_emoji: '{{ template "slack.icon_emoji" . }}'
+    color: '{{ template "slack.color" . }}'
+    text: '{{ template "slack.text" . }}
+
+templates:
+- '/etc/alertmanager/configmaps/alertmanager-alert-template.tmpl'

examples/alertmanager-config.jsonnet

@@ -1,5 +1,5 @@
-((import 'kube-prometheus/kube-prometheus.libsonnet') + {
-   _config+:: {
+((import 'kube-prometheus/main.libsonnet') + {
+   values+:: {
      alertmanager+: {
        config: |||
          global:

examples/alertmanager-config.yaml

@@ -1,6 +1,7 @@
 # external alertmanager yaml
 global:
   resolve_timeout: 10m
+  slack_api_url: url
 route:
   group_by: ['job']
   group_wait: 30s
@@ -13,3 +14,17 @@ route:
     receiver: 'null'
 receivers:
 - name: 'null'
+- name: slack
+slack_configs:
+- channel: '#alertmanager-testing'
+  send_resolved: true
+  title: '[{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] Monitoring Event Notification'
+  text: |-
+    {{ range .Alerts }}
+      *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
+      *Description:* {{ .Annotations.description }}
+      *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:> *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
+      *Details:*
+      {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`
+      {{ end }}
+    {{ end }}

examples/all-namespaces.jsonnet

@@ -0,0 +1,19 @@
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/all-namespaces.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+    prometheus+: {
+      namespaces: [],
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }

examples/anti-affinity.jsonnet

@@ -0,0 +1,16 @@
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/anti-affinity.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }

examples/basic-auth/service-monitor.yaml

@@ -19,4 +19,4 @@ spec:
     - logging
   selector:
     matchLabels:
-      app: myapp
+      app.kubernetes.io/name: myapp

examples/changing-default-rules.libsonnet

@@ -0,0 +1,92 @@
+local filter = {
+  kubernetesControlPlane+: {
+    prometheusRule+:: {
+      spec+: {
+        groups: std.map(
+          function(group)
+            if group.name == 'kubernetes-apps' then
+              group {
+                rules: std.filter(
+                  function(rule)
+                    rule.alert != 'KubeStatefulSetReplicasMismatch',
+                  group.rules
+                ),
+              }
+            else
+              group,
+          super.groups
+        ),
+      },
+    },
+  },
+};
+local update = {
+  kubernetesControlPlane+: {
+    prometheusRule+:: {
+      spec+: {
+        groups: std.map(
+          function(group)
+            if group.name == 'kubernetes-apps' then
+              group {
+                rules: std.map(
+                  function(rule)
+                    if rule.alert == 'KubePodCrashLooping' then
+                      rule {
+                        expr: 'rate(kube_pod_container_status_restarts_total{namespace=kube-system,job="kube-state-metrics"}[10m]) * 60 * 5 > 0',
+                      }
+                    else
+                      rule,
+                  group.rules
+                ),
+              }
+            else
+              group,
+          super.groups
+        ),
+      },
+    },
+  },
+};
+
+local add = {
+  exampleApplication:: {
+    prometheusRule+: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'PrometheusRule',
+      metadata: {
+        name: 'example-application-rules',
+        namespace: $.values.common.namespace,
+      },
+      spec: (import 'existingrule.json'),
+    },
+  },
+};
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           filter +
+           update +
+           add + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+};
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +
+{ ['exampleApplication-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }

examples/continuous-delivery/argocd/README.md

@@ -0,0 +1,9 @@
+## ArgoCD Example
+
+This is the simplest, working example of an argocd app, the JSON object built is now an array of objects as that is the prefered format for ArgoCD.
+
+Requirements:
+
+**ArgoCD 1.7+**
+
+Follow the vendor generation steps at the root of this repository and generate a `vendored` folder (referenced in `application.yaml`).

examples/continuous-delivery/argocd/application.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-prometheus
+  namespace: argocd
+  annotations:
+    recipients.argocd-notifications.argoproj.io: "slack:jenkins"
+spec:
+  destination:
+    namespace: monitoring
+    server: https://kubernetes.default.svc
+  project: monitoring
+  source:
+    directory:
+      jsonnet:
+        libs:
+          - vendored
+      recurse: true
+    path: examples/continuous-delivery/argocd/kube-prometheus
+    repoURL: git@github.com:prometheus-operator/kube-prometheus.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+---

examples/continuous-delivery/argocd/appproject.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  annotations:
+    recipients.argocd-notifications.argoproj.io: slack:alerts
+  generation: 1
+  name: monitoring
+  namespace: argocd
+spec:
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  description: "Monitoring Stack deployment"
+  destinations:
+    - namespace: kube-system
+      server: https://kubernetes.default.svc
+    - namespace: default
+      server: https://kubernetes.default.svc
+    - namespace: monitoring
+      server: https://kubernetes.default.svc
+  sourceRepos:
+    - git@github.com:prometheus-operator/kube-prometheus.git

examples/continuous-delivery/argocd/kube-prometheus/argocd-basic.jsonnet

@@ -0,0 +1,14 @@
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+  },
+};
+
+[kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus)] +
+[kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator)] +
+[kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter)] +
+[kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics)] +
+[kp.prometheus[name] for name in std.objectFields(kp.prometheus)] +
+[kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter)]

examples/drop-dashboards.jsonnet

@@ -0,0 +1,33 @@
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+      grafana+: {
+        dashboards: std.mergePatch(super.dashboards, {
+          // Add more unwanted dashboards here
+          'alertmanager-overview.json': null,
+        }),
+      },
+    },
+  };
+
+{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
+} +
+// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
+{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
+{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }

examples/eks-cni-example.jsonnet

@@ -1,20 +1,28 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
-           (import 'kube-prometheus/kube-prometheus-eks.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
+    kubePrometheus+: {
+      platform: 'eks',
+    },
   },
-  prometheusRules+:: {
-    groups+: [
-      {
-        name: 'example-group',
-        rules: [
+  kubernetesControlPlane+: {
+    prometheusRuleEksCNI+: {
+      spec+: {
+        groups+: [
           {
-            record: 'aws_eks_available_ip',
-            expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10',
+            name: 'example-group',
+            rules: [
+              {
+                record: 'aws_eks_available_ip',
+                expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10',
+              },
+            ],
           },
         ],
       },
-    ],
+    },
   },
 };
 

examples/etcd-skip-verify.jsonnet

@@ -1,8 +1,9 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
-           (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/static-etcd.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
     etcd+:: {
       ips: ['127.0.0.1'],
       clientCA: importstr 'etcd-client-ca.crt',

examples/etcd.jsonnet

@@ -1,17 +1,18 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
-           (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+local kp = (import 'kube-prometheus/main.libsonnet') +
+           (import 'kube-prometheus/addons/static-etcd.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
 
-    // Reference info: https://github.com/coreos/kube-prometheus/blob/master/README.md#static-etcd-configuration
-    etcd+:: {
+    etcd+: {
       // Configure this to be the IP(s) to scrape - i.e. your etcd node(s) (use commas to separate multiple values).
       ips: ['127.0.0.1'],
 
       // Reference info:
-      //  * https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitorspec (has endpoints)
-      //  * https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint (has tlsConfig)
-      //  * https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig (has: caFile, certFile, keyFile, serverName, & insecureSkipVerify)
+      //  * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec (has endpoints)
+      //  * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint (has tlsConfig)
+      //  * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig (has: caFile, certFile, keyFile, serverName, & insecureSkipVerify)
 
       // Set these three variables to the fully qualified directory path on your work machine to the certificate files that are valid to scrape etcd metrics with (check the apiserver container).
       // Most likely these certificates are generated somewhere in an infrastructure repository, so using the jsonnet `importstr` function can

examples/example-app/example-app.yaml

@@ -7,7 +7,7 @@ metadata:
   namespace: default
 spec:
   selector:
-    app: example-app
+    app.kubernetes.io/name: example-app
   ports:
   - name: web
     protocol: TCP
@@ -22,17 +22,17 @@ metadata:
 spec:
   selector:
     matchLabels:
-      app: example-app
+      app.kubernetes.io/name: example-app
       version: 1.1.3
   replicas: 4
   template:
     metadata:
       labels:
-        app: example-app
+        app.kubernetes.io/name: example-app
         version: 1.1.3
     spec:
       containers:
-      - name: example-app 
+      - name: example-app
         image: quay.io/fabxc/prometheus_demo_service
         ports:
         - name: web

examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml

@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: prometheus-frontend

examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml

@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: alertmanager-discovery

examples/example-app/prometheus-frontend-role-binding.yaml

@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: prometheus-frontend

examples/example-app/prometheus-frontend-role.yaml

@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: prometheus-frontend

examples/existingrule.json

@@ -1 +1 @@
-{"groups":[{"name":"example-group","rules":[{"alert":"Watchdog","annotations":{"description":"This is a Watchdog meant to ensure that the entire alerting pipeline is functional."},"expr":"vector(1)","labels":{"severity":"none"}}]}]}
+{"groups":[{"name":"example-group","rules":[{"alert":"ExampleAlert","annotations":{"description":"This is an example alert."},"expr":"vector(1)","labels":{"severity":"warning"}}]}]}

examples/existingrule.yaml

@@ -1,9 +1,9 @@
 groups:
 - name: example-group
   rules:
-  - alert: Watchdog
+  - alert: ExampleAlert
     expr: vector(1)
     labels:
-      severity: "none"
+      severity: "warning"
     annotations:
-      description: This is a Watchdog meant to ensure that the entire alerting pipeline is functional.
+      description: This is an example alert.

examples/grafana-additional-jsonnet-dashboard-example.jsonnet

@@ -5,34 +5,38 @@ local prometheus = grafana.prometheus;
 local template = grafana.template;
 local graphPanel = grafana.graphPanel;
 
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  grafanaDashboards+:: {
-    'my-dashboard.json':
-      dashboard.new('My Dashboard')
-      .addTemplate(
-        {
-          current: {
-            text: 'Prometheus',
-            value: 'Prometheus',
-          },
-          hide: 0,
-          label: null,
-          name: 'datasource',
-          options: [],
-          query: 'prometheus',
-          refresh: 1,
-          regex: '',
-          type: 'datasource',
-        },
-      )
-      .addRow(
-        row.new()
-        .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource')
-                  .addTarget(prometheus.target('vector(1)')))
-      ),
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+:: {
+      namespace: 'monitoring',
+    },
+    grafana+: {
+      dashboards+:: {
+        'my-dashboard.json':
+          dashboard.new('My Dashboard')
+          .addTemplate(
+            {
+              current: {
+                text: 'Prometheus',
+                value: 'Prometheus',
+              },
+              hide: 0,
+              label: null,
+              name: 'datasource',
+              options: [],
+              query: 'prometheus',
+              refresh: 1,
+              regex: '',
+              type: 'datasource',
+            },
+          )
+          .addRow(
+            row.new()
+            .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource')
+                      .addTarget(prometheus.target('vector(1)')))
+          ),
+      },
+    },
   },
 };
 

examples/grafana-additional-rendered-dashboard-example-2.jsonnet

@@ -1,9 +1,13 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  rawGrafanaDashboards+:: {
-    'my-dashboard.json': (importstr 'example-grafana-dashboard.json'),
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+:: {
+      namespace: 'monitoring',
+    },
+    grafana+: {
+      rawDashboards+:: {
+        'my-dashboard.json': (importstr 'example-grafana-dashboard.json'),
+      },
+    },
   },
 };
 

examples/grafana-additional-rendered-dashboard-example.jsonnet

@@ -1,9 +1,13 @@
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
-  },
-  grafanaDashboards+:: {
-    'my-dashboard.json': (import 'example-grafana-dashboard.json'),
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+:: {
+      namespace: 'monitoring',
+    },
+    grafana+: {
+      dashboards+:: {  // use this method to import your dashboards to Grafana
+        'my-dashboard.json': (import 'example-grafana-dashboard.json'),
+      },
+    },
   },
 };
 

examples/grafana-ldap.jsonnet

@@ -0,0 +1,36 @@
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+      grafana+: {
+        config+: {
+          sections: {
+            'auth.ldap': {
+              enabled: true,
+              config_file: '/etc/grafana/ldap.toml',
+              allow_sign_up: true,
+            },
+          },
+        },
+        ldap: |||
+          [[servers]]
+          host = "127.0.0.1"
+          port = 389
+          use_ssl = false
+          start_tls = false
+          ssl_skip_verify = false
+
+          bind_dn = "cn=admins,dc=example,dc=com"
+          bind_password = 'grafana'
+
+          search_filter = "(cn=%s)"
+          search_base_dns = ["dc=example,dc=com"]
+        |||,
+      },
+    },
+  };
+
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }

examples/grafana-only-dashboards.jsonnet

@@ -0,0 +1,25 @@
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
+    },
+
+    // Disable all grafana-related objects apart from dashboards and datasource
+    grafana: {
+      dashboardSources:: {},
+      deployment:: {},
+      serviceAccount:: {},
+      serviceMonitor:: {},
+      service:: {},
+    },
+  };
+
+// Manifestation
+{
+  [component + '-' + resource + '.json']: kp[component][resource]
+  for component in std.objectFields(kp)
+  for resource in std.objectFields(kp[component])
+}

examples/ingress-one-to-many.jsonnet

@@ -0,0 +1,111 @@
+local ingress(name, namespace, rules) = {
+  apiVersion: 'networking.k8s.io/v1',
+  kind: 'Ingress',
+  metadata: {
+    name: name,
+    namespace: namespace,
+    annotations: {
+      'nginx.ingress.kubernetes.io/auth-type': 'basic',
+      'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
+      'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
+    },
+  },
+  spec: { rules: rules },
+};
+
+local kp =
+  (import 'kube-prometheus/main.libsonnet') +
+  {
+    _config+:: {
+      namespace: 'monitoring',
+      grafana+:: {
+        config+: {
+          sections+: {
+            server+: {
+              root_url: 'http://grafana.example.com/',
+            },
+          },
+        },
+      },
+    },
+    // Configure External URL's per application
+    alertmanager+:: {
+      alertmanager+: {
+        spec+: {
+          externalUrl: 'http://alertmanager.example.com',
+        },
+      },
+    },
+    prometheus+:: {
+      prometheus+: {
+        spec+: {
+          externalUrl: 'http://prometheus.example.com',
+        },
+      },
+    },
+    // Create one ingress object that routes to each individual application
+    ingress+:: {
+      'kube-prometheus': ingress(
+        'kube-prometheus',
+        $._config.namespace,
+        [
+          {
+            host: 'alertmanager.example.com',
+            http: {
+              paths: [{
+                backend: {
+                  service: {
+                    name: 'alertmanager-main',
+                    port: 'web',
+                  },
+                },
+              }],
+            },
+          },
+          {
+            host: 'grafana.example.com',
+            http: {
+              paths: [{
+                backend: {
+                  service: {
+                    name: 'grafana',
+                    port: 'http',
+                  },
+                },
+              }],
+            },
+          },
+          {
+            host: 'alertmanager.example.com',
+            http: {
+              paths: [{
+                backend: {
+                  service: {
+                    name: 'prometheus-k8s',
+                    port: 'web',
+                  },
+                },
+              }],
+            },
+          },
+        ]
+      ),
+
+    },
+  } + {
+    // Create basic auth secret - replace 'auth' file with your own
+    ingress+:: {
+      'basic-auth-secret': {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: 'basic-auth',
+          namespace: $._config.namespace,
+        },
+        data: { auth: std.base64(importstr 'auth') },
+        type: 'Opaque',
+      },
+    },
+  };
+
+{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }

examples/ingress.jsonnet

@@ -1,15 +1,25 @@
-local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
-local secret = k.core.v1.secret;
-local ingress = k.extensions.v1beta1.ingress;
-local ingressTls = ingress.mixin.spec.tlsType;
-local ingressRule = ingress.mixin.spec.rulesType;
-local httpIngressPath = ingressRule.mixin.http.pathsType;
+local ingress(name, namespace, rules) = {
+  apiVersion: 'networking.k8s.io/v1',
+  kind: 'Ingress',
+  metadata: {
+    name: name,
+    namespace: namespace,
+    annotations: {
+      'nginx.ingress.kubernetes.io/auth-type': 'basic',
+      'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
+      'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
+    },
+  },
+  spec: { rules: rules },
+};
 
 local kp =
-  (import 'kube-prometheus/kube-prometheus.libsonnet') +
+  (import 'kube-prometheus/main.libsonnet') +
   {
-    _config+:: {
-      namespace: 'monitoring',
+    values+:: {
+      common+: {
+        namespace: 'monitoring',
+      },
       grafana+:: {
         config+: {
           sections+: {
@@ -37,67 +47,83 @@ local kp =
     },
     // Create ingress objects per application
     ingress+:: {
-      'alertmanager-main':
-        ingress.new() +
-        ingress.mixin.metadata.withName('alertmanager-main') +
-        ingress.mixin.metadata.withNamespace($._config.namespace) +
-        ingress.mixin.metadata.withAnnotations({
-          'nginx.ingress.kubernetes.io/auth-type': 'basic',
-          'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
-          'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
-        }) +
-        ingress.mixin.spec.withRules(
-          ingressRule.new() +
-          ingressRule.withHost('alertmanager.example.com') +
-          ingressRule.mixin.http.withPaths(
-            httpIngressPath.new() +
-            httpIngressPath.mixin.backend.withServiceName('alertmanager-main') +
-            httpIngressPath.mixin.backend.withServicePort('web')
-          ),
-        ),
-      grafana:
-        ingress.new() +
-        ingress.mixin.metadata.withName('grafana') +
-        ingress.mixin.metadata.withNamespace($._config.namespace) +
-        ingress.mixin.metadata.withAnnotations({
-          'nginx.ingress.kubernetes.io/auth-type': 'basic',
-          'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
-          'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
-        }) +
-        ingress.mixin.spec.withRules(
-          ingressRule.new() +
-          ingressRule.withHost('grafana.example.com') +
-          ingressRule.mixin.http.withPaths(
-            httpIngressPath.new() +
-            httpIngressPath.mixin.backend.withServiceName('grafana') +
-            httpIngressPath.mixin.backend.withServicePort('http')
-          ),
-        ),
-      'prometheus-k8s':
-        ingress.new() +
-        ingress.mixin.metadata.withName('prometheus-k8s') +
-        ingress.mixin.metadata.withNamespace($._config.namespace) +
-        ingress.mixin.metadata.withAnnotations({
-          'nginx.ingress.kubernetes.io/auth-type': 'basic',
-          'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
-          'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
-        }) +
-        ingress.mixin.spec.withRules(
-          ingressRule.new() +
-          ingressRule.withHost('prometheus.example.com') +
-          ingressRule.mixin.http.withPaths(
-            httpIngressPath.new() +
-            httpIngressPath.mixin.backend.withServiceName('prometheus-k8s') +
-            httpIngressPath.mixin.backend.withServicePort('web')
-          ),
-        ),
+      'alertmanager-main': ingress(
+        'alertmanager-main',
+        $.values.common.namespace,
+        [{
+          host: 'alertmanager.example.com',
+          http: {
+            paths: [{
+              path: '/',
+              pathType: 'Prefix',
+              backend: {
+                service: {
+                  name: 'alertmanager-main',
+                  port: {
+                    name: 'web',
+                  },
+                },
+              },
+            }],
+          },
+        }]
+      ),
+      grafana: ingress(
+        'grafana',
+        $.values.common.namespace,
+        [{
+          host: 'grafana.example.com',
+          http: {
+            paths: [{
+              path: '/',
+              pathType: 'Prefix',
+              backend: {
+                service: {
+                  name: 'grafana',
+                  port: {
+                    name: 'http',
+                  },
+                },
+              },
+            }],
+          },
+        }],
+      ),
+      'prometheus-k8s': ingress(
+        'prometheus-k8s',
+        $.values.common.namespace,
+        [{
+          host: 'prometheus.example.com',
+          http: {
+            paths: [{
+              path: '/',
+              pathType: 'Prefix',
+              backend: {
+                service: {
+                  name: 'prometheus-k8s',
+                  port: {
+                    name: 'web',
+                  },
+                },
+              },
+            }],
+          },
+        }],
+      ),
     },
   } + {
     // Create basic auth secret - replace 'auth' file with your own
     ingress+:: {
-      'basic-auth-secret':
-        secret.new('basic-auth', { auth: std.base64(importstr 'auth') }) +
-        secret.mixin.metadata.withNamespace($._config.namespace),
+      'basic-auth-secret': {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: 'basic-auth',
+          namespace: $.values.common.namespace,
+        },
+        data: { auth: std.base64(importstr 'auth') },
+        type: 'Opaque',
+      },
     },
   };
 

examples/internal-registry.jsonnet

@@ -1,7 +1,9 @@
-local mixin = import 'kube-prometheus/kube-prometheus-config-mixins.libsonnet';
-local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
-  _config+:: {
-    namespace: 'monitoring',
+local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet';
+local kp = (import 'kube-prometheus/main.libsonnet') + {
+  values+:: {
+    common+: {
+      namespace: 'monitoring',
+    },
   },
 } + mixin.withImageRepository('internal-registry.com/organization');
 

examples/jsonnet-snippets/bootkube.jsonnet

@@ -1,2 +0,0 @@
-(import 'kube-prometheus/kube-prometheus.libsonnet') +
-(import 'kube-prometheus/kube-prometheus-bootkube.libsonnet')