4009c04811
### Motivation As seen below, there is a fix for one of the Grafana dashboards that are currently broken in this project (available since version 0.0.5): - [The Pulsar-topics metrics can't load in Grafana](https://github.com/streamnative/charts/issues/49) Additionally, upgrading Prometheus to the latest version improves performance as seen here: https://prometheus.io/blog/2017/11/08/announcing-prometheus-2-0 ### Modifications Bring Docker images to their most up-to-date version (streamnative/apache-pulsar-grafana-dashboard-k8s:0.0.6, prom/prometheus:v2.17.2) to fix the following issues: - https://github.com/streamnative/charts/issues/49 <- fixes Pulsar-topics metrics failure to load - https://github.com/prometheus/prometheus/pull/2859 <- prevent escalation vulnerabilities by defaulting to the ```nobody``` user **Note**: upgrading to the latest version of Prometheus (currently v2.17.2) caused the pod to fail with the following error: ```open /prometheus/queries.active: permission denied```. In order to fix this issue I followed the instructions from these 2 comments: - [Permission denied UID/GID solution](https://github.com/prometheus/prometheus/issues/5976#issuecomment-532942295) - [Unable to create mmap-ed active query log securityContext fix](https://github.com/aws/eks-charts/issues/21#issuecomment-607031756) ### Verifying this change - [x] Make sure that the change passes the CI checks.
90 lines
3.9 KiB
YAML
90 lines
3.9 KiB
YAML
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}"
|
|
namespace: {{ .Values.namespace }}
|
|
labels:
|
|
{{- include "pulsar.standardLabels" . | nindent 4 }}
|
|
component: {{ .Values.prometheus.component }}
|
|
spec:
|
|
replicas: {{ .Values.prometheus.replicaCount }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "pulsar.matchLabels" . | nindent 6 }}
|
|
component: {{ .Values.prometheus.component }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "pulsar.template.labels" . | nindent 8 }}
|
|
component: {{ .Values.prometheus.component }}
|
|
annotations:
|
|
{{ toYaml .Values.prometheus.annotations | indent 8 }}
|
|
spec:
|
|
{{- if .Values.prometheus.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml .Values.prometheus.nodeSelector | indent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.prometheus.tolerations }}
|
|
tolerations:
|
|
{{ toYaml .Values.prometheus.tolerations | indent 8 }}
|
|
{{- end }}
|
|
{{- if or .Values.prometheus.rbac.enabled .Values.prometheus_rbac }}
|
|
serviceAccount: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}"
|
|
{{- end }}
|
|
terminationGracePeriodSeconds: {{ .Values.prometheus.gracePeriod }}
|
|
containers:
|
|
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}"
|
|
image: "{{ .Values.images.prometheus.repository }}:{{ .Values.images.prometheus.tag }}"
|
|
imagePullPolicy: {{ .Values.images.prometheus.pullPolicy }}
|
|
{{- if .Values.prometheus.resources }}
|
|
resources:
|
|
{{ toYaml .Values.prometheus.resources | indent 10 }}
|
|
{{- end }}
|
|
ports:
|
|
- name: server
|
|
containerPort: {{ .Values.prometheus.port }}
|
|
volumeMounts:
|
|
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-config"
|
|
mountPath: /etc/prometheus
|
|
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}"
|
|
mountPath: /prometheus
|
|
securityContext:
|
|
fsGroup: 65534
|
|
runAsGroup: 65534
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
volumes:
|
|
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-config"
|
|
configMap:
|
|
name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}"
|
|
{{- if not (and (and .Values.persistence .Values.volumes.persistence) .Values.prometheus.volumes.persistence) }}
|
|
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}"
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.prometheus.volumes.persistence }}
|
|
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}"
|
|
persistentVolumeClaim:
|
|
claimName: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}"
|
|
{{- end }}
|
|
{{- end }}
|