From cccf8369db916a386ea8aa7acf25f8e178effbd2 Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Tue, 23 Jan 2024 00:55:06 +0530 Subject: [PATCH] Added support to turn off automountServiceAccountToken for Prometheus Signed-off-by: Sheikh-Abubaker --- charts/kube-prometheus-stack/Chart.yaml | 2 +- charts/kube-prometheus-stack/charts/crds/Chart.yaml | 2 +- .../charts/crds/crds/crd-prometheuses.yaml | 3 +++ .../kube-prometheus-stack/templates/prometheus/prometheus.yaml | 1 + charts/kube-prometheus-stack/values.yaml | 3 +++ 5 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 094caaa49860..73f95d3fa7fe 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -23,7 +23,7 @@ name: kube-prometheus-stack sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus -version: 56.0.3 +version: 56.0.4 appVersion: v0.71.0 kubeVersion: ">=1.19.0-0" home: https://github.com/prometheus-operator/kube-prometheus diff --git a/charts/kube-prometheus-stack/charts/crds/Chart.yaml b/charts/kube-prometheus-stack/charts/crds/Chart.yaml index adb9e4a5d36c..3b0839c53232 100644 --- a/charts/kube-prometheus-stack/charts/crds/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/crds/Chart.yaml @@ -1,3 +1,3 @@ apiVersion: v2 name: crds -version: 0.0.0 +version: 1.0.0 diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml index 8ed338402aea..02fd21a34fd0 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml @@ -68,6 +68,9 @@ spec: description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: + automountServiceAccountToken: + description: Controls whether a service account token is automatically mounted for the Prometheus pods. + type: boolean additionalAlertManagerConfigs: description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The diff --git a/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml index d0abe447a785..cb7bd2b6dcbf 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml @@ -17,6 +17,7 @@ metadata: {{ toYaml .Values.prometheus.annotations | indent 4 }} {{- end }} spec: + automountServiceAccountToken: {{ .Values.prometheus.prometheusSpec.automountServiceAccountToken }} {{- if and (not .Values.prometheus.agentMode) (or .Values.prometheus.prometheusSpec.alertingEndpoints .Values.alertmanager.enabled) }} alerting: alertmanagers: diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index bf3c0d7323b9..fa9f01d95bd3 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -3166,6 +3166,9 @@ prometheus: prometheusSpec: ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos ## + ## automountServiceAccountToken set to false to prevent auto mount of service account token. + automountServiceAccountToken: false + disableCompaction: false ## APIServerConfig ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig