feat(helm)!: Update chart thanos to 15.7.7 - autoclosed #1119

homeops-gh-bot · 2024-04-02T10:14:03Z

This PR contains the following updates:

Package	Update	Change
thanos (source)	major	`11.6.8` -> `15.7.7`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

bitnami/charts (thanos)

`v15.7.7`

[bitnami/thanos] Release 15.7.7 (#27294)

`v15.7.6`

[bitnami/thanos] Fix sharded storegateway cache configs (again) (#27101) (e6d16b4), closes #27101

`v15.7.5`

[bitnami/thanos] only deploy networkPolicy when component is enabled (#27070) (1bd3b34), closes #27070

`v15.7.4`

[bitnami/thanos] Fix sharded storegateway cache configs (#26490) (54afe30), closes #26490

`v15.7.3`

[bitnami/thanos] add service monitor labels (#26880) (162d466), closes #26880

`v15.7.2`

[bitnami/thanos] Release 15.7.2 (#27020) (63e189e), closes #27020

`v15.7.1`

[bitnami/thanos] Bump chart version (#26866) (9f31b0e), closes #26866

`v15.7.0`

[bitnami/thanos] Enable PodDisruptionBudgets (#26709) (4796dad), closes #26709

`v15.6.2`

[bitnami/thanos] Bump chart version (#26808) (f0b10e8), closes #26808

`v15.6.1`

[bitnami/thanos] Release 15.6.1 (#26755) (4e3585e), closes #26755

`v15.6.0`

[bitnami/thanos] Receive, ruler & storegateway statefulsets persistentVolumeClaimRetentionPolicy sup (c955b0e), closes #25676

`v15.5.1`

[bitnami/thanos] Release 15.5.1 (#26517) (06b7586), closes #26517

`v15.5.0`

[bitnami/*] ci: 👷 Add tag and changelog support (#25359) (91c707c), closes #25359
[bitnami/thanos] feat: ✨ 🔒 Add warning when original images are replaced (#26283) (2a39de8), closes #26283

`v15.4.7`

[bitnami/thanos] Release 15.4.7 updating components versions (#26083) (e4c2454), closes #26083

`v15.4.6`

[bitnami/thanos] Release 15.4.6 updating components versions (#25829) (bf6b3ec), closes #25829

`v15.4.4`

[bitnami/*] Set new header/owner (#25558) (8d1dc11), closes #25558
[bitnami/thanos] Release 15.4.4 updating components versions (#25622) (8f47d6a), closes #25622

`v15.4.3`

[bitnami/thanos] Release 15.4.3 updating components versions (#25503) (b63467f), closes #25503

`v15.4.2`

correct thanos statefulset-sharded cache config mounts (#25487) (bb1ece6), closes #25487

`v15.4.1`

[bitnami/thanos] Fix mountPath conflict thanos store (#25384) (057cc2b), closes #25384

`v15.4.0`

[bitnami/multiple charts] Fix typo: "NetworkPolice" vs "NetworkPolicy" (#25348) (6970c1b), closes #25348
[bitnami/thanos] Add custom tsdb path (#25334) (77c4c6f), closes #25334
[bitnami/thanos] Use endpoint group optionally for Store Gateways (#25336) (e416257), closes #25336
Replace VMware by Broadcom copyright text (#25306) (a5e4bd0), closes #25306

`v15.3.0`

[bitnami/thanos] Fix thanos query downstream URL with HTTPS enabled (#25175) (252c4ef), closes #25175

`v15.2.2`

[bitnami/thanos] Fix thanos checksum annotations (#24737) (b67cc70), closes #24737

`v15.2.1`

[bitnami/thanos] Fix storegateway cache configs (#25242) (b2b8c91), closes #25242

`v15.2.0`

[bitnami/thanos] added pvc labels to thanos-receive (#24934) (2acf132), closes #24934 #24927

`v15.1.3`

[bitnami/thanos] add terminationGracePeriodSeconds (#25315) (aff45b2), closes #25315

`v15.1.2`

[bitnami/thanos] Fix compaction prometheusRule template (#25188) (05ca034), closes #25188

`v15.1.1`

Remove service monitor labels from headless services (#25171) (38947e0), closes #25171

`v15.1.0`

[bitnami/thanos] Allow disabling mTLS for GRPC (#25189) (a892573), closes #25189

`v15.0.5`

fix(thanos): enable Ingress only when component is enabled (#25103) (f696f8c), closes #25103

`v15.0.4`

[bitnami/thanos] Release 15.0.4 updating components versions (#24978) (5a26c10), closes #24978

`v15.0.3`

[bitnami/thanos] Release 15.0.3 (#24921) (273bce4), closes #24921

`v15.0.2`

[bitnami/thanos]Fix: Make prometheus rules reliable with release name (#24655) (a2a6eab), closes #24655 #24651 #24651
Update resourcesPreset comments (#24467) (92e3e8a), closes #24467

`v15.0.1`

[bitnami/thanos] fix: use https for queryURL when ingress is tls (#24456) (78e9746), closes #24456

`v15.0.0`

[bitnami/thanos] feat!: 🔒 💥 Improve security defaults (#24715) (566b718), closes #24715

`v14.0.2`

[bitnami/*] Reorder Chart sections (#24455) (0cf4048), closes #24455
[bitnami/thanos] Fix thanos objstoreConfig and storegatewayConfigMap (#24603) (9a0fece), closes #24603

`v14.0.1`

[bitnami/thanos] Fine-granted checksum calculation for deployment re-trigger (#24014) (7469e43), closes #24014

`v14.0.0`

[bitnami/thanos] Update bundled MinIO (#24477) (8dbd383), closes #24477

`v13.4.1`

[bitnami/thanos] Release 13.4.1 updating components versions (#24231) (57995fd), closes #24231

`v13.4.0`

[bitnami/thanos] feat: ✨ 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (# (8583f41), closes #24161

`v13.3.0`

[bitnami/thanos] feat: ✨ 🔒 Add runAsGroup (#23995) (0011046), closes #23995

`v13.2.2`

[bitnami/thanos] Release 13.2.2 updating components versions (#23833) (4440601), closes #23833

`v13.2.1`

[bitnami/thanos] Release 13.2.1 updating components versions (#23699) (e2491f9), closes #23699

`v13.1.0`

[bitnami/thanos] feat: ✨ 🔒 Add resource preset support (#23527) (1c268f3), closes #23527

`v13.0.0`

[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default (#22687) (89643fd), closes #22687

`v12.23.2`

[bitnami/thanos] Release 12.23.2 updating components versions (#23279) (f03c904), closes #23279

`v12.23.1`

[bitnami/thanos] Release 12.23.1 updating components versions (#23145) (7cccb85), closes #23145

`v12.23.0`

[bitnami/thanos] feat: Option to enable ephemeral persistent volume for compactor (#22808) (055c8ed), closes #22808
[bitnami/thanos] Fix revisionHistoryLimit for thanos storegateway (#22751) (bc4b1dc), closes #22751

`v12.22.1`

[bitnami/thanos] Release 12.22.1 updating components versions (#22803) (dc6bce1), closes #22803

`v12.22.0`

[bitnami/*] Move documentation sections from docs.bitnami.com back to the README (#22203) (7564f36), closes #22203
[bitnami/thanos] Add revisionHistoryLimit option for each component (#22698) (0413c10), closes #22698

`v12.21.1`

[bitnami/thanos] Release 12.21.1 updating components versions (#22343) (106af76), closes #22343

`v12.21.0`

[bitnami/thanos] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential (c6fc750), closes #22195

`v12.20.4`

[bitnami/thanos] fix: 🔒 Do not use the default service account (#22031) (5ba6305), closes #22031

`v12.20.3`

[bitnami/*] Fix ref links (in comments) (#21822) (e4fa296), closes #21822
[bitnami/thanos] Release 12.20.3 updating components versions (#22010) (af1b1c9), closes #22010

`v12.20.2`

[bitnami/*] Fix docs.bitnami.com broken links (#21901) (f35506d), closes #21901
[bitnami/*] Update copyright: Year and company (#21815) (6c4bf75), closes #21815
[bitnami/thanos] Release 12.20.2 updating components versions (#21972) (d6544fb), closes #21972

`v12.20.1`

[bitnami/thanos]: Removing replicas in storegateway in sharded mode when autoscaling is enabled (#21 (fcb2dbb), closes #21515

`v12.20.0`

[bitnami/thanos] Add Configurability for runbookUrl Parameter (#21628) (83d8843), closes #21628

`v12.19.1`

[bitnami/thanos] Release 12.19.1 updating components versions (#21645) (e21d642), closes #21645

`v12.19.0`

[bitnami/thanos] Add minReadySeconds to Thanos Receive (#21583) (0c325af), closes #21583

`v12.18.0`

[bitnami/thanos] Implement tpl for ingress hostname/extraTls (#21351) (daa7324), closes #21351

`v12.17.0`

[bitnami/thanos] feat: expose compactor cronjob ttlSecondsAfterFinished (#21411) (d2a41e2), closes #21411

`v12.16.2`

[bitnami/thanos] Release 12.16.2 updating components versions (#21436) (f1d93a5), closes #21436

`v12.16.1`

[bitnami/*] Rename solutions to "Bitnami package for ..." (#21038) (b82f979), closes #21038
[bitnami/thanos] Release 12.16.1 updating components versions (#21180) (1d867ec), closes #21180

`v12.16.0`

[bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR (1103633), closes #20967
[bitnami/thanos] feat: add generic ephemeral volume option for compactor (#21030) (5f9344f), closes #21030

`v12.15.0`

[bitnami/thanos] Automatically apply query-frontend's ingress hostname to alert.queryURL (#20795) (fe05d92), closes #20795

`v12.14.2`

[bitnami/thanos] Release 12.14.2 updating components versions (#20831) (f017cfa), closes #20831

`v12.14.1`

[bitnami/thanos] Release 12.14.1 updating components versions (#20788) (8560811), closes #20788

`v12.14.0`

[bitnami/thanos] feat: ✨ Add support for PSA restricted policy (#20553) (af354f2), closes #20553

`v12.13.13`

[bitnami/*] Rename VMware Application Catalog (#20361) (3acc734), closes #20361
[bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#19841) (bb9a01b), closes #19841
[bitnami/*] Standardize documentation (#19835) (af5f753), closes #19835
[bitnami/thanos] Fix dup common labels in the query pdb (#20340) (f762fd2), closes #20340

`v12.13.12`

[bitnami/thanos] Release 12.13.12 (#20320) (71d96f9), closes #20320

`v12.13.11`

[bitnami/thanos] Release 12.13.11 (#20194) (1071560), closes #20194

`v12.13.10`

[bitnami/thanos] Release 12.13.10 (#20065) (ff73e64), closes #20065

`v12.13.9`

[bitnami/thanos] Release 12.13.9 (#19988) (23fc196), closes #19988

`v12.13.8`

[bitnami/*] Update Helm charts prerequisites (#19745) (eb755dd), closes #19745
[bitnami/thanos] Release 12.13.8 (#19944) (0b59eb2), closes #19944

`v12.13.7`

[bitnami/thanos] Release 12.13.7 (#19753) (b2abc7a), closes #19753

`v12.13.6`

[bitnami/thanos] Use common capabilities for PSP (#19641) (3bcbd9a), closes #19641

`v12.13.5`

[bitnami/thanos] Release 12.13.5 (#19432) (9a0c3f9), closes #19432
Revert "Autogenerate schema files (#19194)" (#19335) (73d80be), closes #19194 #19335

`v12.13.4`

[bitnami/thanos] Fix line break issue with serviceMonitor selector labels (#19286) (c4e23e0), closes #19286
Autogenerate schema files (#19194) (a2c2090), closes #19194

`v12.13.3`

[bitnami/thanos]: Use merge helper (#19119) (9f4fe77), closes #19119

`v12.13.2`

[bitnami/thanos] Release 12.13.2 (#19134) (fe00bbb), closes #19134

`v12.13.1`

[bitnami/*] Rename VMware Application Catalog (#20361) (3acc734), closes #20361
[bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#19841) (bb9a01b), closes #19841
[bitnami/*] Standardize documentation (#19835) (af5f753), closes #19835
[bitnami/thanos] Fix dup common labels in the query pdb (#20340) (f762fd2), closes #20340

`v12.13.0`

bitnami/thanos enable custom secretName for query.ingress and query.ingress.grpc (#18409) (c78083c), closes #18409

`v12.12.1`

[bitnami/thanos] Release 12.12.1 (#18915) (3edf0a1), closes #18915

`v12.12.0`

[bitnami/thanos] Support for customizing standard labels (#18756) (065a727), closes #18756

`v12.11.4`

[bitnami/thanos] thanos/receive/ingress.yaml: support custom portName on extraHosts (#17173) (d81bc2c), closes #17173

`v12.11.3`

[bitnami/thanos] Release 12.11.3 (#18820) (dd716c2), closes #18820

`v12.11.2`

[bitnami/thanos] Release 12.11.2 (#18725) (20ea1e4), closes #18725

`v12.11.1`

[bitnami/thanos] Release 12.11.1 (#18494) (29cf2a1), closes #18494

`v12.11.0`

[bitnami/thanos] Allow customizing the thanos-sidecar's job name in prometheus alerts (#18140) (7c285a8), closes #18140

`v12.10.1`

[bitnami/thanos] Add ServiceMonitor labels for receive-headless service (#17685) (50a6bb3), closes #17685

`v12.10.0`

add dnsPolicy support in query deployment (#17520) (769740a), closes #17520

`v12.9.1`

[bitnami/thanos] Release 12.9.1 (#17960) (4047bb4), closes #17960

`v12.9.0`

[bitnami/thanos] Add support for custom receiver statfulset labels (#17849) (da889f4), closes #17849

`v12.8.6`

[bitnami/thanos] Allow template expressions in extraFlags (#17345) (1cbe931), closes #17345

`v12.8.5`

[bitnami/thanos] Release 12.8.5 (#17740) (2472b4f), closes #17740

`v12.8.4`

[bitnami/thanos] Release 12.8.4 (#17682) (04864c1), closes #17682
Add copyright header (#17300) (da68be8), closes #17300
Fix rule config (#17111) (df77c5d), closes #17111

`v12.8.3`

[bitnami/thanos] Release 12.8.3 (#17305) (d8d3b05), closes #17305

`v12.8.2`

[bitnami/thanos] Release 12.8.2 (#17284) (ac5606e), closes #17284
[bitnami/thanos] Remove namespace field for cluster wide resources (#17260) (99bad99), closes #17260
Update charts readme (#17217) (31b3c0a), closes #17217

`v12.8.1`

[bitnami/thanos] Release 12.8.1 (#17280) (ad18684), closes #17280

`v12.8.0`

[bitnami/thanos] Exclude headless services from serviceMonitor (#17118) (55acf31), closes #17118

`v12.7.0`

[bitnami/thanos] Add labels for Thanos Compactor PVC (#17171) (0d90bba), closes #17171

`v12.6.3`

[bitnami/*] Change copyright section in READMEs (#17006) (ef986a1), closes #17006
[bitnami/several] Change copyright section in READMEs (#16989) (5b6a5cf), closes #16989
[bitnami/thanos]: conditionals for compactor cronjob (#16898) (90b290b), closes #16898 bitnami/charts#16742

`v12.6.2`

[bitnami/thanos] Release 12.6.2 (#16801) (a8032e6), closes #16801

`v12.6.1`

[bitnami/thanos] Added support for query-url for Thanos ruler (#16112) (1f0028b), closes #16112
Add wording for enterprise page (#16560) (8f22774), closes #16560

`v12.5.2`

[bitnami/thanos] Release 12.5.2 (#16543) (68ec23f), closes #16543

`v12.5.1`

[bitnami/thanos] Release 12.5.1 (#16334) (9306142), closes #16334

`v12.4.3`

[bitnami/thanos] Fix autoGenerated GRPC certs by using common CA (#16000) (9c5b31b), closes #16000

`v12.4.2`

[bitnami/thanos] Fix dnsConfig in sharded thanos storegateway (#15827) (d061eac), closes #15827

`v12.4.1`

[bitnami/thanos] Release 12.4.1 (#15901) (76a8472), closes #15901

`v12.4.0`

[bitnami/thanos]: add dnsConfig option (#15694) (b802b25), closes #15694

`v12.3.2`

[bitnami/thanos] Release 12.3.2 (#15707) (9a48a96), closes #15707

`v12.3.1`

[bitnami/thanos] Release 12.3.1 (#15619) (3686549), closes #15619

`v12.3.0`

[bitnami/thanos] Add HTTPS support to ServiceMonitors (#15397) (97dbd2b), closes #15397

`v12.2.1`

[bitnami/thanos] Release 12.2.1 (#15482) (a27ae15), closes #15482

`v12.2.0`

[bitnami/charts] Apply linter to README files (#15357) (0e29e60), closes #15357
[bitnami/thanos] Add support for service.headless.annotations (#15446) (b5430ea), closes #15446

`v12.1.2`

[bitnami/thanos]: Replace deprecated spec.serviceAccount field with spec.serviceAccountName (#15180) (f9ab87f), closes #15180

`v12.1.1`

[bitnami/thanos] Release 12.1.1 (#15250) (a29838b), closes #15250

`v12.1.0`

[bitnami/thanos] Compactor cronjob (#14865) (cae55cf), closes #14865

`v12.0.6`

[bitnami/*] Fix markdown linter issues (#14874) (a51e0e8), closes #14874
[bitnami/*] Fix markdown linter issues 2 (#14890) (aa96572), closes #14890
[bitnami/*] Remove unexpected extra spaces (#14873) (c97c714), closes #14873
[bitnami/thanos] Release 12.0.6 (#15033

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

homeops-gh-bot · 2024-04-02T10:14:38Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.0

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -587,8 +826,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +842,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +879,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +916,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +956,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +974,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +994,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1030,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1093,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1126,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1157,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1188,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1219,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1250,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1283,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1295,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1307,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1319,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1331,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1343,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1355,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1367,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1379,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1391,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-02T10:17:04Z

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Errors	Elapsed time
✅ REPOSITORY	git_diff	yes	no	0.03s
✅ REPOSITORY	secretlint	yes	no	1.42s
✅ YAML	prettier	1	0	0.43s
✅ YAML	yamllint	1	0	0.27s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

homeops-gh-bot · 2024-04-03T09:14:13Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.1

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-03T10:14:29Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.2

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-03T11:11:58Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.0

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -587,8 +826,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +842,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +879,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +916,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +956,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +974,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +994,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1030,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1093,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1126,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1157,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1188,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1219,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1250,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1283,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1295,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1307,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1319,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1331,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1343,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1355,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1367,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1379,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1391,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-03T12:22:50Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.2

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-05T01:47:10Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.3

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r2
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r2
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r2
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r2
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r2
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

github-advanced-security · 2024-04-05T01:47:40Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

homeops-gh-bot · 2024-04-05T19:20:54Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.4

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-11T08:17:02Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.0.5

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-04-18T16:16:01Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.1.0

@@ -1,84 +1,278 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +281,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +301,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +320,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +336,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +345,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +361,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +370,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +385,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +394,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +410,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +419,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +440,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +449,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +470,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +479,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +495,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +516,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +578,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +599,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +634,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +701,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +727,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +760,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +798,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +827,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +843,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: d11db702b3cb233ba465cddebeb4117c00ebdbda6ad18dd38964228345883c6a
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +880,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +917,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +957,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +975,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +995,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1031,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.34.1-debian-12-r3
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1094,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1127,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1158,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1189,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1220,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1251,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1284,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1296,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1308,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1320,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1332,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1344,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1356,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1368,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1380,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1392,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-05T18:18:21Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.1

@@ -1,84 +1,354 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +357,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +377,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +396,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +412,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +421,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +437,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +446,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +461,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +470,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +486,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +495,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +516,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +525,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +546,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +555,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +571,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +592,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +654,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +675,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +710,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +777,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +803,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +836,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +874,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +903,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +919,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +956,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +993,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +1033,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +1051,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1071,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1107,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1170,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1203,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1234,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1265,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1296,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1327,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1360,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1372,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1384,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1396,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1408,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1420,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1432,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1444,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1456,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1468,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-06T18:18:01Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.2

@@ -1,84 +1,354 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +357,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +377,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +396,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +412,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +421,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +437,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +446,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +461,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +470,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +486,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +495,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +516,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +525,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +546,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +555,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +571,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +592,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +654,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +675,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +710,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +777,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +803,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +836,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +874,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +903,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +919,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +956,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +993,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +1033,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +1051,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1071,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1107,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1170,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1203,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1234,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1265,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1296,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1327,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1360,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1372,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1384,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1396,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1408,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1420,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1432,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1444,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1456,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1468,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-07T09:15:41Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.1

@@ -1,84 +1,354 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +357,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +377,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +396,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +412,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +421,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +437,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +446,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +461,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +470,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +486,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +495,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +516,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +525,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +546,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +555,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +571,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +592,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +654,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +675,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +710,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +777,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +803,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +836,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +874,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +903,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +919,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +956,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +993,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +1033,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +1051,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1071,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1107,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1170,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1203,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1234,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1265,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1296,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1327,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1360,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1372,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1384,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1396,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1408,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1420,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1432,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1444,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1456,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1468,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-07T10:15:01Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.2

@@ -1,84 +1,354 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +357,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +377,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +396,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +412,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +421,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +437,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +446,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +461,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +470,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +486,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +495,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +516,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +525,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +546,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +555,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +571,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +592,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +654,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +675,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +710,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +777,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +803,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +836,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +874,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +903,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +919,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +956,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +993,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +1033,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +1051,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1071,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1107,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1170,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1203,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1234,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1265,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1296,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1327,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1360,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1372,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1384,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1396,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1408,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1420,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1432,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1444,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1456,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1468,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-10T12:25:50Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.3

@@ -1,84 +1,354 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +357,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +377,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +396,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +412,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +421,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +437,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +446,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +461,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +470,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +486,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +495,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +516,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +525,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +546,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +555,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +571,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +592,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +654,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +675,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +710,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +777,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +803,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +836,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +874,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +903,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +919,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +956,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +993,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +1033,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +1051,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1071,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1107,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1170,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1203,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1234,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1265,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1296,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1327,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1360,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1372,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1384,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1396,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1408,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1420,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1432,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1444,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1456,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1468,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-11T11:13:55Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.4

@@ -1,84 +1,354 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query-frontend/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query-frontend
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query-frontend
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 9090
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/receive/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-receive
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: receive
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10902
+ - port: 10901
+ - port: 10901
+ - port: 19291
+ - port: 19291
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +357,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +377,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +396,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +412,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +421,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +437,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +446,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +461,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +470,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +486,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +495,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +516,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +525,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +546,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +555,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +571,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +592,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +654,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +675,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +710,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +777,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +803,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +836,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +874,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +903,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +919,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +956,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +993,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +1033,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +1051,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1071,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1107,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1170,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1203,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1234,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1265,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1296,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1327,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1360,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1372,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1384,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1396,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1408,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1420,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1432,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1444,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1456,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1468,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-11T16:18:22Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.5

@@ -1,84 +1,296 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +299,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +319,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +338,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +354,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +363,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +379,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +388,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +403,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +412,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +428,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +437,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +458,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +467,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +488,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +497,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +513,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +534,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +596,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +617,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +652,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +719,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +745,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +778,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +816,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +845,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +861,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +898,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +935,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +975,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +993,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1013,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1049,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1112,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1145,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1176,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1207,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1238,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1269,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1302,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1314,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1326,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1338,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1350,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1362,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1374,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1386,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1398,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1410,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot · 2024-06-12T16:18:13Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.6

@@ -1,84 +1,296 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +299,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +319,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +338,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +354,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +363,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +379,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +388,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +403,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +412,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +428,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +437,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +458,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +467,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +488,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +497,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +513,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +534,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +596,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +617,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +652,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +719,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +745,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +778,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +816,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +845,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +861,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +898,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +935,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +975,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +993,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1013,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1049,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1112,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1145,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1176,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1207,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1238,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1269,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1302,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1314,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1326,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1338,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1350,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1362,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1374,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1386,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1398,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1410,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | helm | thanos | 11.6.8 | 15.7.7 |

homeops-gh-bot · 2024-06-17T14:14:47Z

Path: cluster/apps/monitoring/thanos/helm-release.yaml
Version: 11.6.8 -> 15.7.7

@@ -1,84 +1,296 @@
 ---
+# Source: thanos/templates/bucketweb/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-bucketweb
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 8080
+ - port: 8080
+---
+# Source: thanos/templates/compactor/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-compactor
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: compactor
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+---
+# Source: thanos/templates/query/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-query
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 10901
+ - port: 9090
+ - port: 10901
+---
+# Source: thanos/templates/ruler/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-ruler
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/storegateway/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: thanos-storegateway
+ namespace: "default"
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+ policyTypes:
+ - Ingress
+ - Egress
+ egress:
+ - {}
+ ingress:
+ - ports:
+ - port: 10902
+ - port: 9090
+ - port: 10901
+ - port: 10901
+---
+# Source: thanos/templates/bucketweb/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-bucketweb
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: bucketweb
+---
+# Source: thanos/templates/query/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-query
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: query
+---
+# Source: thanos/templates/ruler/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-ruler
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: ruler
+---
+# Source: thanos/templates/storegateway/pdb.yaml
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: thanos-storegateway
+ namespace: default
+ labels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
+ app.kubernetes.io/component: storegateway
+---
 # Source: thanos/templates/bucketweb/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/compactor/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/query/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/ruler/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/storegateway/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
- annotations:
-automountServiceAccountToken: true
+automountServiceAccountToken: false
 ---
 # Source: thanos/templates/objstore-secret.yaml
 apiVersion: v1
 kind: Secret
 metadata:
 name: thanos-objstore-secret
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 data:
 objstore.yml: |-
 Y29uZmlnOgogIGluc2VjdXJlOiB0cnVlCnR5cGU6IHMz
@@ -87,12 +299,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: thanos-ruler-configmap
- namespace: "default"
+ name: thanos-ruler
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 data:
 ruler.yml: |-
@@ -107,11 +319,11 @@
 apiVersion: v1
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 accessModes:
@@ -126,13 +338,13 @@
 kind: Service
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -142,8 +354,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 ---
 # Source: thanos/templates/compactor/service.yaml
@@ -151,13 +363,13 @@
 kind: Service
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -167,8 +379,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 ---
 # Source: thanos/templates/query/service-grpc.yaml
@@ -176,13 +388,12 @@
 kind: Service
 metadata:
 name: thanos-query-grpc
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -192,8 +403,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/query/service.yaml
@@ -201,13 +412,13 @@
 kind: Service
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
- annotations:
+ prometheus-operator/monitor: 'true'
 spec:
 type: ClusterIP
 ports:
@@ -217,8 +428,8 @@
 name: http
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 ---
 # Source: thanos/templates/ruler/service.yaml
@@ -226,14 +437,13 @@
 kind: Service
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -248,8 +458,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 ---
 # Source: thanos/templates/storegateway/service.yaml
@@ -257,14 +467,13 @@
 kind: Service
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 prometheus-operator/monitor: 'true'
- annotations:
 spec:
 type: ClusterIP
 ports:
@@ -279,8 +488,8 @@
 name: grpc
 nodePort: null
 selector:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 ---
 # Source: thanos/templates/bucketweb/deployment.yaml
@@ -288,14 +497,15 @@
 kind: Deployment
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 rollingUpdate:
 maxSurge: 1
@@ -303,20 +513,20 @@
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-bucketweb
+ serviceAccountName: thanos-bucketweb
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -324,22 +534,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: bucketweb
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - tools
 - bucket
@@ -375,8 +596,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -390,32 +617,33 @@
 kind: Deployment
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 replicas: 1
+ revisionHistoryLimit: 10
 strategy:
 type: Recreate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-compactor
+ serviceAccountName: thanos-compactor
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -424,23 +652,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: compactor
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - compact
 - --log.level=info
@@ -480,8 +719,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -500,30 +745,31 @@
 kind: Deployment
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 strategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
- serviceAccount: thanos-query
+ serviceAccountName: thanos-query
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -532,23 +778,34 @@
 - podAffinityTerm:
 labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 topologyKey: kubernetes.io/hostname
 weight: 1
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: query
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - query
 - --log.level=info
@@ -559,6 +816,7 @@
 - --endpoint=dnssrv+_grpc._tcp.kube-prometheus-stack-thanos-discovery.monitoring.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-storegateway.default.svc.cluster.local
 - --endpoint=dnssrv+_grpc._tcp.thanos-ruler.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 ports:
 - name: http
 containerPort: 10902
@@ -587,8 +845,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 volumes:
 ---
@@ -597,35 +861,36 @@
 kind: StatefulSet
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-ruler-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
- checksum/ruler-configuration: 7afcad4879bbb799b132d7e34633031899e8cf18d4ad6762b1b08fbec4111f11
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
+ checksum/ruler-configuration: b35799093da107f873e2a979b49d64483f166909c932e0533e46a3651d5dd847
 spec:
- serviceAccount: thanos-ruler
+ serviceAccountName: thanos-ruler
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -633,22 +898,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: ruler
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - rule
 - --log.level=info
@@ -659,6 +935,7 @@
 - --eval-interval=1m
 - --alertmanagers.url=http://kube-prometheus-stack-alertmanager.monitoring:9093
 - --query=dnssrv+_http._tcp.thanos-query.default.svc.cluster.local
+ - --alert.query-url=http://thanos-query.default.svc.cluster.local:9090
 - --label=replica="$(POD_NAME)"
 - --label=ruler_cluster="${CLUSTER_NAME}"
 - --alert.label-drop=replica
@@ -698,8 +975,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: ruler-config
 mountPath: /conf/rules
@@ -710,7 +993,7 @@
 volumes:
 - name: ruler-config
 configMap:
- name: thanos-ruler-configmap
+ name: thanos-ruler
 - name: objstore-config
 secret:
 secretName: thanos-objstore-secret
@@ -730,34 +1013,35 @@
 kind: StatefulSet
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 replicas: 2
+ revisionHistoryLimit: 10
 podManagementPolicy: OrderedReady
 serviceName: thanos-storegateway-headless
 updateStrategy:
 type: RollingUpdate
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 template:
 metadata:
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
- checksum/objstore-configuration: a93da925c3c359a7dc21156a96e83bec545b7769f9fc941080d74a9a8b72025a
+ checksum/objstore-configuration: ad0fe7703e3971c0a9fef7ac45a3321986468cf50c70c094cff319483f4a559d
 spec:
- serviceAccount: thanos-storegateway
+ serviceAccountName: thanos-storegateway
 automountServiceAccountToken: true
 affinity:
 podAffinity:
@@ -765,22 +1049,33 @@
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 topologyKey: kubernetes.io/hostname
 nodeAffinity:
 securityContext:
 fsGroup: 1001
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ sysctls: []
 containers:
 - name: storegateway
- image: docker.io/bitnami/thanos:0.30.1-scratch-r0
+ image: docker.io/bitnami/thanos:0.35.1-debian-12-r1
 imagePullPolicy: "IfNotPresent"
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
 readOnlyRootFilesystem: true
+ runAsGroup: 1001
 runAsNonRoot: true
 runAsUser: 1001
+ seLinuxOptions: {}
+ seccompProfile:
+ type: RuntimeDefault
 args:
 - store
 - --log.level=info
@@ -817,8 +1112,14 @@
 port: http
 scheme: HTTP
 resources:
- limits: {}
- requests: {}
+ limits:
+ cpu: 150m
+ ephemeral-storage: 1024Mi
+ memory: 192Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 128Mi
 volumeMounts:
 - name: objstore-config
 mountPath: /conf
@@ -844,11 +1145,11 @@
 kind: Ingress
 metadata:
 name: thanos-bucketweb
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 annotations:
 hajimari.io/enable: "false"
@@ -875,11 +1176,11 @@
 kind: Ingress
 metadata:
 name: thanos-compactor
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 annotations:
 hajimari.io/enable: "false"
@@ -906,11 +1207,11 @@
 kind: Ingress
 metadata:
 name: thanos-query
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 annotations:
 hajimari.io/icon: table-search
@@ -937,11 +1238,11 @@
 kind: Ingress
 metadata:
 name: thanos-ruler
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 annotations:
 hajimari.io/enable: "false"
@@ -968,11 +1269,11 @@
 kind: Ingress
 metadata:
 name: thanos-storegateway
- namespace: "default"
+ namespace: default
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 annotations:
 hajimari.io/enable: "false"
@@ -1001,9 +1302,9 @@
 name: thanos-bucketweb
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
 spec:
 endpoints:
@@ -1013,9 +1314,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: bucketweb
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/compactor/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1024,9 +1326,9 @@
 name: thanos-compactor
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
 spec:
 endpoints:
@@ -1036,9 +1338,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: compactor
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/query/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1047,9 +1350,9 @@
 name: thanos-query
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
 spec:
 endpoints:
@@ -1059,9 +1362,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: query
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/ruler/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1070,9 +1374,9 @@
 name: thanos-ruler
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
 spec:
 endpoints:
@@ -1082,9 +1386,10 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: ruler
+ prometheus-operator/monitor: 'true'
 ---
 # Source: thanos/templates/storegateway/servicemonitor.yaml
 apiVersion: monitoring.coreos.com/v1
@@ -1093,9 +1398,9 @@
 name: thanos-storegateway
 namespace: "default"
 labels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
 spec:
 endpoints:
@@ -1105,6 +1410,7 @@
 - "default"
 selector:
 matchLabels:
- app.kubernetes.io/name: thanos
 app.kubernetes.io/instance: thanos
+ app.kubernetes.io/name: thanos
 app.kubernetes.io/component: storegateway
+ prometheus-operator/monitor: 'true'

homeops-gh-bot bot added renovate/helm type/major size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 2, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 37e3a57 to 8f5f04c Compare April 3, 2024 09:13

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.0~~ feat(helm)!: Update chart thanos to 15.0.1 Apr 3, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 8f5f04c to efd6428 Compare April 3, 2024 10:13

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.1~~ feat(helm)!: Update chart thanos to 15.0.2 Apr 3, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from efd6428 to 41b3a7b Compare April 3, 2024 11:11

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.2~~ feat(helm)!: Update chart thanos to 15.0.0 Apr 3, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 41b3a7b to 0712d84 Compare April 3, 2024 12:22

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.0~~ feat(helm)!: Update chart thanos to 15.0.2 Apr 3, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 0712d84 to 414b17c Compare April 5, 2024 01:46

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.2~~ feat(helm)!: Update chart thanos to 15.0.3 Apr 5, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 414b17c to 9b2e70f Compare April 5, 2024 19:20

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.3~~ feat(helm)!: Update chart thanos to 15.0.4 Apr 5, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 9b2e70f to e55c963 Compare April 11, 2024 08:16

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.4~~ feat(helm)!: Update chart thanos to 15.0.5 Apr 11, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from e55c963 to 3d5c35b Compare April 18, 2024 16:15

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.0.5~~ feat(helm)!: Update chart thanos to 15.1.0 Apr 18, 2024

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.6.0~~ feat(helm)!: Update chart thanos to 15.7.1 Jun 5, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from c83680c to c2a6c7b Compare June 6, 2024 18:17

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.1~~ feat(helm)!: Update chart thanos to 15.7.2 Jun 6, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from c2a6c7b to 456bc1d Compare June 7, 2024 09:15

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.2~~ feat(helm)!: Update chart thanos to 15.7.1 Jun 7, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 456bc1d to 29e13ae Compare June 7, 2024 10:14

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.1~~ feat(helm)!: Update chart thanos to 15.7.2 Jun 7, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 29e13ae to 40ef7ac Compare June 10, 2024 12:25

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.2~~ feat(helm)!: Update chart thanos to 15.7.3 Jun 10, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 40ef7ac to a9b5dab Compare June 11, 2024 11:13

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.3~~ feat(helm)!: Update chart thanos to 15.7.4 Jun 11, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from a9b5dab to 238bccf Compare June 11, 2024 16:17

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.4~~ feat(helm)!: Update chart thanos to 15.7.5 Jun 11, 2024

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 238bccf to 951c751 Compare June 12, 2024 16:17

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.5~~ feat(helm)!: Update chart thanos to 15.7.6 Jun 12, 2024

feat(helm)!: Update chart thanos to 15.7.7

c6f47e8

| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | helm | thanos | 11.6.8 | 15.7.7 |

homeops-gh-bot bot force-pushed the renovate/thanos-15.x branch from 951c751 to c6f47e8 Compare June 17, 2024 14:14

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.6~~ feat(helm)!: Update chart thanos to 15.7.7 Jun 17, 2024

homeops-gh-bot bot changed the title ~~feat(helm)!: Update chart thanos to 15.7.7~~ feat(helm)!: Update chart thanos to 15.7.7 - autoclosed Jun 17, 2024

homeops-gh-bot bot closed this Jun 17, 2024

homeops-gh-bot bot deleted the renovate/thanos-15.x branch June 17, 2024 15:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(helm)!: Update chart thanos to 15.7.7 - autoclosed #1119

feat(helm)!: Update chart thanos to 15.7.7 - autoclosed #1119

homeops-gh-bot bot commented Apr 2, 2024 •

edited

Loading

homeops-gh-bot bot commented Apr 2, 2024

homeops-gh-bot bot commented Apr 2, 2024 •

edited

Loading

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 5, 2024

github-advanced-security bot commented Apr 5, 2024

homeops-gh-bot bot commented Apr 5, 2024

homeops-gh-bot bot commented Apr 11, 2024

homeops-gh-bot bot commented Apr 18, 2024

homeops-gh-bot bot commented Jun 5, 2024

homeops-gh-bot bot commented Jun 6, 2024

homeops-gh-bot bot commented Jun 7, 2024

homeops-gh-bot bot commented Jun 7, 2024

homeops-gh-bot bot commented Jun 10, 2024

homeops-gh-bot bot commented Jun 11, 2024

homeops-gh-bot bot commented Jun 11, 2024

homeops-gh-bot bot commented Jun 12, 2024

homeops-gh-bot bot commented Jun 17, 2024

feat(helm)!: Update chart thanos to 15.7.7 - autoclosed #1119

feat(helm)!: Update chart thanos to 15.7.7 - autoclosed #1119

Conversation

homeops-gh-bot bot commented Apr 2, 2024 • edited Loading

Release Notes

Configuration

homeops-gh-bot bot commented Apr 2, 2024

homeops-gh-bot bot commented Apr 2, 2024 • edited Loading

🦙 MegaLinter status: ✅ SUCCESS

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 3, 2024

homeops-gh-bot bot commented Apr 5, 2024

github-advanced-security bot commented Apr 5, 2024

homeops-gh-bot bot commented Apr 5, 2024

homeops-gh-bot bot commented Apr 11, 2024

homeops-gh-bot bot commented Apr 18, 2024

homeops-gh-bot bot commented Jun 5, 2024

homeops-gh-bot bot commented Jun 6, 2024

homeops-gh-bot bot commented Jun 7, 2024

homeops-gh-bot bot commented Jun 7, 2024

homeops-gh-bot bot commented Jun 10, 2024

homeops-gh-bot bot commented Jun 11, 2024

homeops-gh-bot bot commented Jun 11, 2024

homeops-gh-bot bot commented Jun 12, 2024

homeops-gh-bot bot commented Jun 17, 2024

homeops-gh-bot bot commented Apr 2, 2024 •

edited

Loading

homeops-gh-bot bot commented Apr 2, 2024 •

edited

Loading