Skip to content

Commit

Permalink
feat: upgrade PO to 0.61.0-rhobs1 (#234)
Browse files Browse the repository at this point in the history 
* feat: upgrade PO to 0.61.0-rhobs1

* fix: remove tls-certificates volumes from admission webhook

Admission Webhook Deployment relies on certs injected by OLM, thus this
commit removes tls-certificates volume mounts from admission-webhook
deployment.

* fix: adapt to changes to admission webhook

* chore: make bundle

Signed-off-by: Sunil Thaha <sthaha@redhat.com>
  • Loading branch information
@sthaha
sthaha authored Dec 14, 2022
1 parent d026fc9 commit 8f342e8
Show file tree
Hide file tree
Showing 16 changed files with 189 additions and 73 deletions.
9 changes: 9 additions & 0 deletions bundle/manifests/monitoring.rhobs_alertmanagers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,15 @@ spec:
type: array
type: object
type: object
alertmanagerConfigMatcherStrategy:
properties:
type:
default: OnNamespace
enum:
- OnNamespace
- None
type: string
type: object
alertmanagerConfigNamespaceSelector:
properties:
matchExpressions:
Expand Down
8 changes: 4 additions & 4 deletions bundle/manifests/monitoring.rhobs_monitoringstacks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -613,8 +613,8 @@ spec:
description: TLS Config to use for remote write.
properties:
ca:
description: Struct containing the CA cert to use for
the targets.
description: Certificate authority used when verifying
server certificates.
properties:
configMap:
description: ConfigMap containing data to use for
Expand Down Expand Up @@ -665,8 +665,8 @@ spec:
to use for the targets.
type: string
cert:
description: Struct containing the client cert file
for the targets.
description: Client certificate to present when doing
client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for
Expand Down
4 changes: 4 additions & 0 deletions bundle/manifests/monitoring.rhobs_prometheuses.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,8 @@ spec:
type: object
bearerTokenFile:
type: string
enableHttp2:
type: boolean
name:
type: string
namespace:
Expand Down Expand Up @@ -2258,6 +2260,8 @@ spec:
type: string
bearerTokenFile:
type: string
filterExternalLabels:
type: boolean
headers:
additionalProperties:
type: string
Expand Down
8 changes: 8 additions & 0 deletions bundle/manifests/monitoring.rhobs_prometheusrules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,14 @@ spec:
items:
properties:
interval:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
name:
minLength: 1
type: string
partial_response_strategy:
default: ""
pattern: ^(?i)(abort|warn)?$
type: string
rules:
items:
Expand All @@ -54,6 +58,7 @@ spec:
- type: string
x-kubernetes-int-or-string: true
for:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
labels:
additionalProperties:
Expand All @@ -70,6 +75,9 @@ spec:
- rules
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- spec
Expand Down
7 changes: 7 additions & 0 deletions bundle/manifests/monitoring.rhobs_servicemonitors.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ spec:
type: object
spec:
properties:
attachMetadata:
properties:
node:
type: boolean
type: object
endpoints:
items:
properties:
Expand Down Expand Up @@ -93,6 +98,8 @@ spec:
x-kubernetes-map-type: atomic
enableHttp2:
type: boolean
filterRunning:
type: boolean
followRedirects:
type: boolean
honorLabels:
Expand Down
4 changes: 2 additions & 2 deletions bundle/manifests/obo-prometheus-operator-admission-webhook_v1_service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
name: obo-prometheus-operator-admission-webhook
spec:
ports:
- name: https
port: 8443
port: 443
targetPort: https
selector:
app.kubernetes.io/name: prometheus-operator-admission-webhook
Expand Down
38 changes: 26 additions & 12 deletions bundle/manifests/observability-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: observability-operator
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
name: obo-prometheus-operator
spec:
replicas: 1
Expand All @@ -373,7 +373,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: observability-operator
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
spec:
affinity:
nodeAffinity:
Expand All @@ -386,11 +386,11 @@ spec:
automountServiceAccountToken: true
containers:
- args:
- --prometheus-config-reloader=quay.io/rhobs/obo-prometheus-config-reloader:v0.60.0-rhobs1
- --prometheus-config-reloader=quay.io/rhobs/obo-prometheus-config-reloader:v0.61.1-rhobs1
- --prometheus-instance-selector=app.kubernetes.io/managed-by=observability-operator
- --alertmanager-instance-selector=app.kubernetes.io/managed-by=observability-operator
- --thanos-ruler-instance-selector=app.kubernetes.io/managed-by=observability-operator
image: quay.io/rhobs/obo-prometheus-operator:v0.60.0-rhobs1
image: quay.io/rhobs/obo-prometheus-operator:v0.61.1-rhobs1
name: prometheus-operator
ports:
- containerPort: 8080
Expand All @@ -416,23 +416,25 @@ spec:
- label:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
name: obo-prometheus-operator-admission-webhook
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
strategy: {}
strategy:
rollingUpdate:
maxUnavailable: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
spec:
affinity:
nodeAffinity:
Expand All @@ -442,13 +444,22 @@ spec:
- key: node-role.kubernetes.io/infra
operator: Exists
weight: 1
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
namespaces:
- default
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
containers:
- args:
- --web.enable-tls=true
- --web.cert-file=/tmp/k8s-webhook-server/serving-certs/tls.crt
- --web.key-file=/tmp/k8s-webhook-server/serving-certs/tls.key
image: quay.io/rhobs/obo-admission-webhook:v0.60.0-rhobs1
image: quay.io/rhobs/obo-admission-webhook:v0.61.1-rhobs1
name: prometheus-operator-admission-webhook
ports:
- containerPort: 8443
Expand All @@ -462,6 +473,9 @@ spec:
memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
terminationMessagePolicy: FallbackToLogsOnError
securityContext:
Expand Down Expand Up @@ -562,15 +576,15 @@ spec:
webhookdefinitions:
- admissionReviewVersions:
- v1
containerPort: 8443
containerPort: 443
deploymentName: obo-prometheus-operator-admission-webhook
failurePolicy: Ignore
generateName: alertmanagerconfigs.monitoring.rhobs
rules:
- apiGroups:
- monitoring.rhobs
apiVersions:
- v1alpha1
- '*'
operations:
- CREATE
- UPDATE
Expand All @@ -584,15 +598,15 @@ spec:
webhookPath: /admission-alertmanagerconfigs/validate
- admissionReviewVersions:
- v1
containerPort: 8443
containerPort: 443
deploymentName: obo-prometheus-operator-admission-webhook
failurePolicy: Ignore
generateName: prometheusrules.monitoring.rhobs
rules:
- apiGroups:
- monitoring.rhobs
apiVersions:
- v1
- '*'
operations:
- CREATE
- UPDATE
Expand Down
8 changes: 4 additions & 4 deletions deploy/crds/common/monitoring.rhobs_monitoringstacks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -614,8 +614,8 @@ spec:
description: TLS Config to use for remote write.
properties:
ca:
description: Struct containing the CA cert to use for
the targets.
description: Certificate authority used when verifying
server certificates.
properties:
configMap:
description: ConfigMap containing data to use for
Expand Down Expand Up @@ -666,8 +666,8 @@ spec:
to use for the targets.
type: string
cert:
description: Struct containing the client cert file
for the targets.
description: Client certificate to present when doing
client-authentication.
properties:
configMap:
description: ConfigMap containing data to use for
Expand Down
8 changes: 4 additions & 4 deletions deploy/dependencies/admission-webhook/alertmanager-config-validating-webhook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,18 @@ webhooks:
# NOTE: the caBundle get automatically injected by OLM
caBundle: Cg==
service:
# NOTE: the name and namespace will be replaced by OLM
# NOTE: when changing the service, ensure the same changes are applied
# to prometheus-rule-validating-webhook
name: obo-prometheus-operator-admission-webhook
namespace: operators
path: /admission-alertmanagerconfigs/validate
port: 8443
failurePolicy: Ignore
name: alertmanagerconfigs.monitoring.rhobs
failurePolicy: Ignore
rules:
- apiGroups:
- monitoring.rhobs
apiVersions:
- v1alpha1
- '*'
operations:
- CREATE
- UPDATE
Expand Down
2 changes: 1 addition & 1 deletion deploy/dependencies/admission-webhook/cluster-role-binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
name: prometheus-operator-admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down
2 changes: 1 addition & 1 deletion deploy/dependencies/admission-webhook/cluster-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/version: 0.60.0-rhobs1
app.kubernetes.io/version: 0.61.1-rhobs1
name: prometheus-operator-admission-webhook
rules:
- apiGroups:
Expand Down
6 changes: 3 additions & 3 deletions deploy/dependencies/admission-webhook/prometheus-rule-validating-webhook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,18 @@ webhooks:
# NOTE: the caBundle get automatically injected by OLM
caBundle: Cg==
service:
# NOTE: the name and namespace will be replaced by OLM
# NOTE: when changing the service, ensure the same changes are applied
# to alertmanager-config-validating-webhook as well
name: obo-prometheus-operator-admission-webhook
namespace: operators
path: /admission-prometheusrules/validate
port: 8443
failurePolicy: Ignore
name: prometheusrules.monitoring.rhobs
rules:
- apiGroups:
- monitoring.rhobs
apiVersions:
- v1
- '*'
operations:
- CREATE
- UPDATE
Expand Down
Loading

0 comments on commit 8f342e8

Please sign in to comment.