prometheus-community · GMartinez-Sisti · Dec 8, 2023 · Nov 20, 2023 · Nov 21, 2023 · Nov 22, 2023
@@ -21,7 +21,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 55.0.1
+version: 55.1.0
 appVersion: v0.70.0
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus

@@ -0,0 +1,4 @@
+prometheusOperator:
+  admissionWebhooks:
+    deployment:
+      enabled: true
@@ -91,6 +91,15 @@ heritage: {{ $.Release.Service | quote }}
 {{- end -}}
 {{- end -}}
 
+{{/* Create the name of kube-prometheus-stack service account to use */}}
+{{- define "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" -}}
+{{- if .Values.prometheusOperator.serviceAccount.create -}}
+    {{ default (printf "%s-webhook" (include "kube-prometheus-stack.operator.fullname" .)) .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/* Create the name of prometheus service account to use */}}
 {{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
 {{- if .Values.prometheus.serviceAccount.create -}}
@@ -277,3 +286,14 @@ global:
   {{- end }}
 {{- end }}
 {{- end -}}
+
+{{- define "kube-prometheus-stack.operator.admission-webhook.dnsNames" }}
+{{- $fullname := include "kube-prometheus-stack.operator.fullname" . }}
+{{- $namespace := include "kube-prometheus-stack.namespace" . }}
+{{- $fullname }}
+{{ $fullname }}.{{ $namespace }}.svc
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
+{{ $fullname }}-webhook
+{{ $fullname }}-webhook.{{ $namespace }}.svc
+{{- end }}
+{{- end }}
@@ -0,0 +1,138 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "kube-prometheus-stack.fullname" . }}-operator-webhook
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  labels:
+    app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.labels }}
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.annotations }}
+  annotations:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.annotations | indent 4 }}
+{{- end }}
+spec:
+  replicas: {{ .Values.prometheusOperator.admissionWebhooks.deployment.replicas }}
+  revisionHistoryLimit: {{ .Values.prometheusOperator.admissionWebhooks.deployment.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+      app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
+      release: {{ $.Release.Name | quote }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
+        release: {{ $.Release.Name | quote }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podLabels }}
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podLabels | indent 8 }}
+{{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations }}
+      annotations:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+    {{- if .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
+      priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
+    {{- end }}
+    {{- if .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+      {{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
+    {{- end }}
+      containers:
+        - name: prometheus-operator-admission-webhook
+          {{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.deployment.image.registry -}}
+          {{- if .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}
+          image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}"
+          {{- else }}
+          image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
+          imagePullPolicy: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.pullPolicy }}"
+          args:
+            {{- if .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
+            - --log-format={{ .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
+            {{- end }}
+            {{- if .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
+            - --log-level={{ .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
+            {{- end }}
+          {{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
+            - "--web.enable-tls=true"
+            - "--web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}"
+            - "--web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}"
+            - "--web.listen-address=:{{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}"
+            - "--web.tls-min-version={{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.tlsMinVersion }}"
+          ports:
+            - containerPort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}
+              name: https
+          {{- else }}
+          ports:
+            - containerPort: 8080
+              name: http
+          {{- end }}
+          {{- if .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
+              scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
+            initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.failureThreshold }}
+          {{- end }}
+          {{- if .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
+              scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
+            initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.failureThreshold }}
+          {{- end }}
+          resources:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.resources | indent 12 }}
+          securityContext:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.containerSecurityContext | indent 12 }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
+          volumeMounts:
+            - name: tls-secret
+              mountPath: /cert
+              readOnly: true
+      volumes:
+        - name: tls-secret
+          secret:
+            defaultMode: 420
+            secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
+{{- end }}
+    {{- with .Values.prometheusOperator.admissionWebhooks.deployment.dnsConfig }}
+      dnsConfig:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.securityContext }}
+      securityContext:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.securityContext | indent 8 }}
+{{- end }}
+      serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}-webhook
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.hostNetwork }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+{{- end }}
+    {{- with .Values.prometheusOperator.admissionWebhooks.deployment.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.prometheusOperator.admissionWebhooks.deployment.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.prometheusOperator.admissionWebhooks.deployment.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{- end }}
@@ -0,0 +1,15 @@
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget -}}
+apiVersion: policy/v1{{ ternary "" "beta1" ($.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "kube-prometheus-stack.fullname" . }}-operator-webhook
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  labels:
+    {{- include "kube-prometheus-stack.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
+      release: {{ $.Release.Name | quote }}
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget | indent 2 }}
+{{- end }}
@@ -0,0 +1,58 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "kube-prometheus-stack.fullname" . }}-operator-webhook
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  labels:
+    app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.labels }}
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.labels | indent 4 }}
+{{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations }}
+  annotations:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
+  clusterIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
+{{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- range $cidr := .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
+    - {{ $cidr }}
+  {{- end }}
+{{- end }}
+{{- if ne .Values.prometheusOperator.admissionWebhooks.deployment.service.type "ClusterIP" }}
+  externalTrafficPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.externalTrafficPolicy }}
+{{- end }}
+  ports:
+  {{- if not .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
+  - name: http
+    {{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort" }}
+    nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePort }}
+    {{- end }}
+    port: 8080
+    targetPort: http
+  {{- end }}
+  {{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
+  - name: https
+    {{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort"}}
+    nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePortTls }}
+    {{- end }}
+    port: 443
+    targetPort: https
+  {{- end }}
+  selector:
+    app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
+    release: {{ $.Release.Name | quote }}
+  type: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.service.type }}"
+{{- end }}
@@ -0,0 +1,17 @@
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.automountServiceAccountToken }}
+metadata:
+  name: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }}
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  labels:
+    app: {{ template "kube-prometheus-stack.name" . }}-operator
+    app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
+    app.kubernetes.io/component: prometheus-operator-webhook
+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
+{{- end }}
+{{- end }}
@@ -43,7 +43,7 @@ spec:
           imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - create
-            - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
+            - --host={{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | replace "\n" "," }}
             - --namespace={{ template "kube-prometheus-stack.namespace" . }}
             - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
           {{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }}

@@ -35,7 +35,7 @@ webhooks:
     clientConfig:
       service:
         namespace: {{ template "kube-prometheus-stack.namespace" . }}
-        name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
+        name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
         path: /admission-prometheusrules/mutate
       {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
       caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}

@@ -35,7 +35,7 @@ webhooks:
     clientConfig:
       service:
         namespace: {{ template "kube-prometheus-stack.namespace" . }}
-        name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
+        name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
         path: /admission-prometheusrules/validate
       {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
       caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}

@@ -51,7 +51,5 @@ spec:
     name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
     {{- end }}
   dnsNames:
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
+    {{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | splitList "\n" | toYaml | nindent 4 }}
 {{- end -}}