From 84cd17b4d8c5847d178762072a7aaf997a9c8da7 Mon Sep 17 00:00:00 2001 From: Haoyu SUN Date: Sun, 25 Jul 2021 22:11:02 +0200 Subject: [PATCH] expose /api/v1/labels end point for Thanos query. --- CHANGELOG.md | 3 ++- assets/alertmanager/alertmanager.yaml | 2 +- assets/kube-state-metrics/deployment.yaml | 4 ++-- assets/node-exporter/daemonset.yaml | 2 +- assets/openshift-state-metrics/deployment.yaml | 4 ++-- assets/prometheus-k8s/prometheus.yaml | 4 ++-- assets/prometheus-operator-user-workload/deployment.yaml | 2 +- assets/prometheus-operator/deployment.yaml | 2 +- assets/prometheus-user-workload/prometheus.yaml | 4 ++-- assets/telemeter-client/deployment.yaml | 2 +- assets/thanos-querier/deployment.yaml | 7 ++++--- jsonnet/thanos-querier.libsonnet | 3 ++- jsonnet/versions.yaml | 2 +- 13 files changed, 22 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9628579778..ddeef42b22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - [#1291](https://github.com/openshift/cluster-monitoring-operator/pull/1291) Drop high caredinality cAdvisor metrics via [kube-prometheus #1250](https://github.com/prometheus-operator/kube-prometheus/pull/1250) - [#1270](https://github.com/openshift/cluster-monitoring-operator/pull/1270) Show a message in the degraded condition when Platform Monitoring Prometheus runs without persistent storage. - [#1241](https://github.com/openshift/cluster-monitoring-operator/pull/1241) Allow configuring additional Alertmanagers in User Workload Prometheus and Thanos Ruler. +- [#1299](https://github.com/openshift/cluster-monitoring-operator/pull/1299) Expose expose /api/v1/labels endpoint for Thanos query. ## 4.8 @@ -15,7 +16,7 @@ - [#1087](https://github.com/openshift/cluster-monitoring-operator/pull/1087) Remove ThanosQueryInstantLatencyHigh and ThanosQueryRangeLatencyHigh alerts. - [#1090](https://github.com/openshift/cluster-monitoring-operator/pull/1090) Decrease alert severity to "warning" for all Thanos sidecar alerts. - [#1090](https://github.com/openshift/cluster-monitoring-operator/pull/1090) Increase "for" duration to 1 hour for all Thanos sidecar alerts. -- [#1093](https://github.com/openshift/cluster-monitoring-operator/pull/1093) Bump kube-state-metrics to major new release v2.0.0-rc.1. This changes a lot of metrics and flags, see kube-state-metrics CHANGELOG for full changes. +- [#1093](https://github.com/openshift/cluster-monitoring-operator/pull/1093) Bump kube-state-metrics to major new release v2.0.0-rc.1. This changes a lot of metrics and flags, see kube-state-metrics CHANGELOG for full changes. - [#1126](https://github.com/openshift/cluster-monitoring-operator/pull/1126) Remove deprecated techPreviewUserWorkload field from CMO's configmap. - [#1136](https://github.com/openshift/cluster-monitoring-operator/pull/1136) Add recording rule for builds by strategy - [#1210](https://github.com/openshift/cluster-monitoring-operator/pull/1210) Bump Grafana version to 7.5.5 diff --git a/assets/alertmanager/alertmanager.yaml b/assets/alertmanager/alertmanager.yaml index 4407c01f53..13b7e30b16 100644 --- a/assets/alertmanager/alertmanager.yaml +++ b/assets/alertmanager/alertmanager.yaml @@ -74,7 +74,7 @@ spec: - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9092 diff --git a/assets/kube-state-metrics/deployment.yaml b/assets/kube-state-metrics/deployment.yaml index ff4261a879..5e540d00cc 100644 --- a/assets/kube-state-metrics/deployment.yaml +++ b/assets/kube-state-metrics/deployment.yaml @@ -66,7 +66,7 @@ spec: - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-main ports: - containerPort: 8443 @@ -92,7 +92,7 @@ spec: - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-self ports: - containerPort: 9443 diff --git a/assets/node-exporter/daemonset.yaml b/assets/node-exporter/daemonset.yaml index b7b3944827..e4f2d47f8a 100644 --- a/assets/node-exporter/daemonset.yaml +++ b/assets/node-exporter/daemonset.yaml @@ -69,7 +69,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9100 diff --git a/assets/openshift-state-metrics/deployment.yaml b/assets/openshift-state-metrics/deployment.yaml index 8baebc8d7f..9e78ddf3ea 100644 --- a/assets/openshift-state-metrics/deployment.yaml +++ b/assets/openshift-state-metrics/deployment.yaml @@ -25,7 +25,7 @@ spec: - --upstream=http://127.0.0.1:8081/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-main ports: - containerPort: 8443 @@ -45,7 +45,7 @@ spec: - --upstream=http://127.0.0.1:8082/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-self ports: - containerPort: 9443 diff --git a/assets/prometheus-k8s/prometheus.yaml b/assets/prometheus-k8s/prometheus.yaml index 936f96fa7b..2279118e0b 100644 --- a/assets/prometheus-k8s/prometheus.yaml +++ b/assets/prometheus-k8s/prometheus.yaml @@ -85,7 +85,7 @@ spec: - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9092 @@ -124,7 +124,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-thanos ports: - containerPort: 10902 diff --git a/assets/prometheus-operator-user-workload/deployment.yaml b/assets/prometheus-operator-user-workload/deployment.yaml index 69c0b014ac..6cf9e3e389 100644 --- a/assets/prometheus-operator-user-workload/deployment.yaml +++ b/assets/prometheus-operator-user-workload/deployment.yaml @@ -52,7 +52,7 @@ spec: - --upstream=http://127.0.0.1:8080/ - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/assets/prometheus-operator/deployment.yaml b/assets/prometheus-operator/deployment.yaml index ab8d2b4a64..e7c5f9749b 100644 --- a/assets/prometheus-operator/deployment.yaml +++ b/assets/prometheus-operator/deployment.yaml @@ -62,7 +62,7 @@ spec: - --tls-private-key-file=/etc/tls/private/tls.key - --client-ca-file=/etc/tls/client/client-ca.crt - --upstream-ca-file=/etc/configmaps/operator-cert-ca-bundle/service-ca.crt - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/assets/prometheus-user-workload/prometheus.yaml b/assets/prometheus-user-workload/prometheus.yaml index b28d8592be..b9c6cf270c 100644 --- a/assets/prometheus-user-workload/prometheus.yaml +++ b/assets/prometheus-user-workload/prometheus.yaml @@ -47,7 +47,7 @@ spec: - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --allow-paths=/metrics - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9091 @@ -73,7 +73,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-thanos ports: - containerPort: 10902 diff --git a/assets/telemeter-client/deployment.yaml b/assets/telemeter-client/deployment.yaml index 69a994d044..eb8d0012ab 100644 --- a/assets/telemeter-client/deployment.yaml +++ b/assets/telemeter-client/deployment.yaml @@ -79,7 +79,7 @@ spec: - --tls-cert-file=/etc/tls/private/tls.crt - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/assets/thanos-querier/deployment.yaml b/assets/thanos-querier/deployment.yaml index a010e127a1..b6a733366b 100644 --- a/assets/thanos-querier/deployment.yaml +++ b/assets/thanos-querier/deployment.yaml @@ -135,8 +135,8 @@ spec: - --tls-private-key-file=/etc/tls/private/tls.key - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - - --allow-paths=/api/v1/query,/api/v1/query_range - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + - --allow-paths="/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values" + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9092 @@ -155,6 +155,7 @@ spec: - --insecure-listen-address=127.0.0.1:9095 - --upstream=http://127.0.0.1:9090 - --label=namespace + - --enable-label-apis image: quay.io/prometheuscommunity/prom-label-proxy:v0.3.0 name: prom-label-proxy resources: @@ -171,7 +172,7 @@ spec: - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --logtostderr=true - --allow-paths=/api/v1/rules - image: quay.io/brancz/kube-rbac-proxy:v0.9.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-rules ports: - containerPort: 9093 diff --git a/jsonnet/thanos-querier.libsonnet b/jsonnet/thanos-querier.libsonnet index de188fe127..193deda33d 100644 --- a/jsonnet/thanos-querier.libsonnet +++ b/jsonnet/thanos-querier.libsonnet @@ -472,7 +472,7 @@ function(params) '--tls-private-key-file=/etc/tls/private/tls.key', '--tls-cipher-suites=' + cfg.tlsCipherSuites, '--logtostderr=true', - '--allow-paths=/api/v1/query,/api/v1/query_range', + '--allow-paths="/api/v1/query,/api/v1/query_range,/api/v1/labels,/api/v1/label/*/values"', ], terminationMessagePolicy: 'FallbackToLogsOnError', volumeMounts: [ @@ -493,6 +493,7 @@ function(params) '--insecure-listen-address=127.0.0.1:9095', '--upstream=http://127.0.0.1:9090', '--label=namespace', + '--enable-label-apis', ], resources: { requests: { diff --git a/jsonnet/versions.yaml b/jsonnet/versions.yaml index d9486ad9e7..f5dc546be5 100644 --- a/jsonnet/versions.yaml +++ b/jsonnet/versions.yaml @@ -16,7 +16,7 @@ repos: versions: alertmanager: 0.21.0 grafana: 7.5.5 - kubeRbacProxy: 0.9.0 + kubeRbacProxy: 0.11.0 kubeStateMetrics: 2.0.0 nodeExporter: 1.1.2 promLabelProxy: 0.3.0