fixup! fixup! fix: allow opting-into upstream probes

Author: rexagod

jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet

@@ -167,16 +167,32 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
         spec+: {
           automountServiceAccountToken: true,
           containers: std.map(function(c) c {
-            ports:: null,
             securityContext+: {
               runAsGroup: 65534,
             },
             args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
             resources: ksm._config.resources,
           } + if !ksm._config.enableProbes then {
+            ports:: null,
             livenessProbe:: null,
             readinessProbe:: null,
-          } else {}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
+          } else {
+            ports: defaults.kubeRbacProxyMain.ports + defaults.kubeRbacProxySelf.ports,
+            livenessProbe: {
+              httpGet: {
+                path: '/livez',
+                port: defaults.kubeRbacProxyMain.ports[0].name,
+                scheme: 'HTTPS',
+              },
+            },
+            readinessProbe: {
+              httpGet: {
+                path: '/readyz',
+                port: defaults.kubeRbacProxySelf.ports[0].name,
+                scheme: 'HTTPS',
+              },
+            },
+          }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
         },
       },
     },

jsonnetfile.lock.json

@@ -18,7 +18,7 @@
           "subdir": "contrib/mixin"
         }
       },
-      "version": "6c1fe4a92a00854fc54828e257708f9e7f5b4f28",
+      "version": "2ed418c191bccc23d542b4081f96b694025fe031",
       "sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
     },
     {
@@ -88,7 +88,7 @@
           "subdir": "grafana-builder"
         }
       },
-      "version": "c0b39ad68a99c7791a19b14da92c7f886d8c55da",
+      "version": "a41bfeae97007b9ed047823e44974ce1a0817ca9",
       "sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo="
     },
     {
@@ -98,7 +98,7 @@
           "subdir": "mixin-utils"
         }
       },
-      "version": "c0b39ad68a99c7791a19b14da92c7f886d8c55da",
+      "version": "a41bfeae97007b9ed047823e44974ce1a0817ca9",
       "sum": "LoYq5QxJmUXEtqkEG8CFUBLBhhzDDaNANHc7Gz36ZdM="
     },
     {
@@ -158,7 +158,7 @@
           "subdir": "jsonnet/mixin"
         }
       },
-      "version": "1f36a6778f8e4b08799c43f3e2f9ba624feac416",
+      "version": "7fc97ea10dc1958e93bac0e066f5ec111c5ff193",
       "sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
       "name": "prometheus-operator-mixin"
     },
@@ -169,8 +169,8 @@
           "subdir": "jsonnet/prometheus-operator"
         }
       },
-      "version": "1f36a6778f8e4b08799c43f3e2f9ba624feac416",
-      "sum": "IYa+0bUT25fTKjjDyZw9gV8DAi1BgfmLE1ucouoxKCs="
+      "version": "7fc97ea10dc1958e93bac0e066f5ec111c5ff193",
+      "sum": "f2tfHUdjLBQOev2ernkHs0CLSUFap4zjH31swdTx+Bk="
     },
     {
       "source": {
@@ -200,7 +200,7 @@
           "subdir": "documentation/prometheus-mixin"
         }
       },
-      "version": "e8fa1312a7a8934fd2928fab1bb8d7e5f2ea0a1a",
+      "version": "c328d5fc8820ec7fe45296cfd4de8036b58f4a3a",
       "sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
       "name": "prometheus"
     },

manifests/prometheusOperator-clusterRole.yaml

@@ -56,7 +56,6 @@ rules:
   resources:
   - services
   - services/finalizers
-  - endpoints
   verbs:
   - get
   - create
@@ -98,6 +97,15 @@ rules:
   - storageclasses
   verbs:
   - get
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+  - create
+  - update
+  - delete
 - apiGroups:
   - authentication.k8s.io
   resources:

manifests/prometheusOperator-deployment.yaml

@@ -30,6 +30,8 @@ spec:
       - args:
         - --kubelet-service=kube-system/kubelet
         - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.76.2
+        - --kubelet-endpoints=true
+        - --kubelet-endpointslice=false
         env:
         - name: GOGC
           value: "30"

manifests/setup/0alertmanagerCustomResourceDefinition.yaml

@@ -7910,6 +7910,11 @@ spec:
                             type: object
                             x-kubernetes-map-type: atomic
                         type: object
+                      certFile:
+                        description: |-
+                          Path to the TLS certificate file in the Prometheus container for the server.
+                          Mutually exclusive with `cert`.
+                        type: string
                       cipherSuites:
                         description: |-
                           List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -7972,6 +7977,11 @@ spec:
                           For more detail on clientAuth options:
                           https://golang.org/pkg/crypto/tls/#ClientAuthType
                         type: string
+                      clientCAFile:
+                        description: |-
+                          Path to the CA certificate file for client certificate authentication to the server.
+                          Mutually exclusive with `client_ca`.
+                        type: string
                       curvePreferences:
                         description: |-
                           Elliptic curves that will be used in an ECDHE handshake, in preference
@@ -7980,6 +7990,11 @@ spec:
                         items:
                           type: string
                         type: array
+                      keyFile:
+                        description: |-
+                          Path to the TLS key file in the Prometheus container for the server.
+                          Mutually exclusive with `keySecret`.
+                        type: string
                       keySecret:
                         description: Secret containing the TLS key for the server.
                         properties:
@@ -8015,9 +8030,6 @@ spec:
                           cipher suite. If true then the server's preference, as expressed in
                           the order of elements in cipherSuites, is used.
                         type: boolean
-                    required:
-                    - cert
-                    - keySecret
                     type: object
                 type: object
             type: object

manifests/setup/0prometheusCustomResourceDefinition.yaml

@@ -11757,6 +11757,11 @@ spec:
                             type: object
                             x-kubernetes-map-type: atomic
                         type: object
+                      certFile:
+                        description: |-
+                          Path to the TLS certificate file in the Prometheus container for the server.
+                          Mutually exclusive with `cert`.
+                        type: string
                       cipherSuites:
                         description: |-
                           List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -11819,6 +11824,11 @@ spec:
                           For more detail on clientAuth options:
                           https://golang.org/pkg/crypto/tls/#ClientAuthType
                         type: string
+                      clientCAFile:
+                        description: |-
+                          Path to the CA certificate file for client certificate authentication to the server.
+                          Mutually exclusive with `client_ca`.
+                        type: string
                       curvePreferences:
                         description: |-
                           Elliptic curves that will be used in an ECDHE handshake, in preference
@@ -11827,6 +11837,11 @@ spec:
                         items:
                           type: string
                         type: array
+                      keyFile:
+                        description: |-
+                          Path to the TLS key file in the Prometheus container for the server.
+                          Mutually exclusive with `keySecret`.
+                        type: string
                       keySecret:
                         description: Secret containing the TLS key for the server.
                         properties:
@@ -11862,9 +11877,6 @@ spec:
                           cipher suite. If true then the server's preference, as expressed in
                           the order of elements in cipherSuites, is used.
                         type: boolean
-                    required:
-                    - cert
-                    - keySecret
                     type: object
                 type: object
             type: object

manifests/setup/0prometheusagentCustomResourceDefinition.yaml

@@ -9723,6 +9723,11 @@ spec:
                             type: object
                             x-kubernetes-map-type: atomic
                         type: object
+                      certFile:
+                        description: |-
+                          Path to the TLS certificate file in the Prometheus container for the server.
+                          Mutually exclusive with `cert`.
+                        type: string
                       cipherSuites:
                         description: |-
                           List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -9785,6 +9790,11 @@ spec:
                           For more detail on clientAuth options:
                           https://golang.org/pkg/crypto/tls/#ClientAuthType
                         type: string
+                      clientCAFile:
+                        description: |-
+                          Path to the CA certificate file for client certificate authentication to the server.
+                          Mutually exclusive with `client_ca`.
+                        type: string
                       curvePreferences:
                         description: |-
                           Elliptic curves that will be used in an ECDHE handshake, in preference
@@ -9793,6 +9803,11 @@ spec:
                         items:
                           type: string
                         type: array
+                      keyFile:
+                        description: |-
+                          Path to the TLS key file in the Prometheus container for the server.
+                          Mutually exclusive with `keySecret`.
+                        type: string
                       keySecret:
                         description: Secret containing the TLS key for the server.
                         properties:
@@ -9828,9 +9843,6 @@ spec:
                           cipher suite. If true then the server's preference, as expressed in
                           the order of elements in cipherSuites, is used.
                         type: boolean
-                    required:
-                    - cert
-                    - keySecret
                     type: object
                 type: object
             type: object

manifests/setup/0thanosrulerCustomResourceDefinition.yaml

@@ -7355,6 +7355,11 @@ spec:
                             type: object
                             x-kubernetes-map-type: atomic
                         type: object
+                      certFile:
+                        description: |-
+                          Path to the TLS certificate file in the Prometheus container for the server.
+                          Mutually exclusive with `cert`.
+                        type: string
                       cipherSuites:
                         description: |-
                           List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
@@ -7417,6 +7422,11 @@ spec:
                           For more detail on clientAuth options:
                           https://golang.org/pkg/crypto/tls/#ClientAuthType
                         type: string
+                      clientCAFile:
+                        description: |-
+                          Path to the CA certificate file for client certificate authentication to the server.
+                          Mutually exclusive with `client_ca`.
+                        type: string
                       curvePreferences:
                         description: |-
                           Elliptic curves that will be used in an ECDHE handshake, in preference
@@ -7425,6 +7435,11 @@ spec:
                         items:
                           type: string
                         type: array
+                      keyFile:
+                        description: |-
+                          Path to the TLS key file in the Prometheus container for the server.
+                          Mutually exclusive with `keySecret`.
+                        type: string
                       keySecret:
                         description: Secret containing the TLS key for the server.
                         properties:
@@ -7460,9 +7475,6 @@ spec:
                           cipher suite. If true then the server's preference, as expressed in
                           the order of elements in cipherSuites, is used.
                         type: boolean
-                    required:
-                    - cert
-                    - keySecret
                     type: object
                 type: object
             type: object