From 4009c04811f97bba9db524ed2104695e22f9a097 Mon Sep 17 00:00:00 2001 From: Oscar Espitia Date: Wed, 29 Apr 2020 04:25:32 -0400 Subject: [PATCH] Update grafana & prometheus docker images (#8) ### Motivation As seen below, there is a fix for one of the Grafana dashboards that are currently broken in this project (available since version 0.0.5): - [The Pulsar-topics metrics can't load in Grafana](https://github.com/streamnative/charts/issues/49) Additionally, upgrading Prometheus to the latest version improves performance as seen here: https://prometheus.io/blog/2017/11/08/announcing-prometheus-2-0 ### Modifications Bring Docker images to their most up-to-date version (streamnative/apache-pulsar-grafana-dashboard-k8s:0.0.6, prom/prometheus:v2.17.2) to fix the following issues: - https://github.com/streamnative/charts/issues/49 <- fixes Pulsar-topics metrics failure to load - https://github.com/prometheus/prometheus/pull/2859 <- prevent escalation vulnerabilities by defaulting to the ```nobody``` user **Note**: upgrading to the latest version of Prometheus (currently v2.17.2) caused the pod to fail with the following error: ```open /prometheus/queries.active: permission denied```. In order to fix this issue I followed the instructions from these 2 comments: - [Permission denied UID/GID solution](https://github.com/prometheus/prometheus/issues/5976#issuecomment-532942295) - [Unable to create mmap-ed active query log securityContext fix](https://github.com/aws/eks-charts/issues/21#issuecomment-607031756) ### Verifying this change - [x] Make sure that the change passes the CI checks. --- charts/pulsar/templates/prometheus-deployment.yaml | 5 +++++ charts/pulsar/values.yaml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/pulsar/templates/prometheus-deployment.yaml b/charts/pulsar/templates/prometheus-deployment.yaml index 75bae72..b51fd7a 100644 --- a/charts/pulsar/templates/prometheus-deployment.yaml +++ b/charts/pulsar/templates/prometheus-deployment.yaml @@ -68,6 +68,11 @@ spec: mountPath: /etc/prometheus - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" mountPath: /prometheus + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 volumes: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-config" configMap: diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index 5c1582d..a441690 100644 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -149,11 +149,11 @@ images: tag: 2.5.0 prometheus: repository: prom/prometheus - tag: v1.6.3 + tag: v2.17.2 pullPolicy: IfNotPresent grafana: repository: streamnative/apache-pulsar-grafana-dashboard-k8s - tag: 0.0.4 + tag: 0.0.6 pullPolicy: IfNotPresent pulsar_manager: repository: apachepulsar/pulsar-manager