Pull requests #7867 and #7953 switched from the core Events API to the
new `events.k8s.io` API group but we forgot to update the RBAC
permissions of the prometheus-operator Service Account and the
verification which happens during the startup.
Closes #8076
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
This commit ensures that the operator's Service Account has the expected
permissions to manage status subresources when the
`StatusForConfigurationResources` feature gate is enabled.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
for admission webhook default is legacy validation
Assissted-By: Cursor
Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
* feat: add configurable sync period for kubelet endpoints controller
Add --kubelet-sync-period flag to allow customization of how often
the kubelet endpoints controller syncs with the Kubernetes API.
Default remains 3 minutes to maintain backward compatibility.
---------
Co-authored-by: Donghee Jeong <danny253@naver.com>
Co-authored-by: 정동희 <danny253@neowiz.com>
This is for GitHub issue #7494.
Adds startup probe to the config-reloader sidecar for Prometheus containers.
Only takes affect if the --enable-config-reloader-probes flag is set on the
prometheus-operator pod for the config-reloader container.
Afaiu the spec is unclear whether to quote this or not. In this case
here is certainly not requires and works fine without. Additionally,
there is some tooling which does not treat quotes values correctly and
generates image links like
`quay.io/prometheus/golang-builder:\"1.23\"-base`.
Signed-off-by: Jan Fajerski <jfajersk@redhat.com>
* feat: support EndpointSlice for the kubelet controller
This change adds support for managing `EndpointSlice` objects for the
kubelet service. The controller can manage either one of `Endpoints` and
`EndpointSlice` or both.
The migration path can be:
1. Configure the operator to manage both objects in the kubelet
controller.
2. Verify that the generated `EndpointSlice` objects are correct.
3. Configure the Prometheus object to use the `EndpointSlice` role
instead of `Endpoints`.
1. Configure the operator to manage only `Endpoints` objects in the
kubelet controller.
The removal of the legacy `Endpoints` object is left to the user.
---------
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
PR #6890 removed the final bits from go-kit/log in the operator code
base but forgot to redirect the klog logs to the new slog logger.
`ResourceReconciler` has a dependency on klog because it uses
`utilruntime.HandleError()` when it fails to sync a resource. As a
consequence, the operator didn't log reconciliation failures anymore.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
This change introduces functional options for all 4 controllers
(previously only Prometheus used them).
It also reduces code duplication regarding API version checks.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* cmd: Add secret label selector to filter secrets to watch
This commit adds a flag for secret label selector so user can use label to filter secrets that prometheus-operator watches. This reduces calls to kube-apiserver.
Fixes Exclude irrelevant certs/tls secrets watch in monitoring namespace #6610
This change also moves the feature gates to the operator config struct.
It means that after a feature gate is enabled/disabled, the operator
will reconcile the managed Prometheus resources which should be the
right thing to do.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* DELETE: removed the po-lint code and doc part as it is replaced by kubeconform #4099
Signed-off-by: Tushar Jain <jain0735@gmail.com>
* removed the po-lint part from the Readme
Signed-off-by: Tushar Jain <jain0735@gmail.com>
* removed po-lint from the makefile and dockerfile
Signed-off-by: Tushar Jain <jain0735@gmail.com>
---------
Signed-off-by: Tushar Jain <jain0735@gmail.com>
