This commit adds the option to reload Prometheus configuration using
signal instead of the /-/reload endpoint.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
add service, pod, endpoints, endpointslice and ingress roles
to KubernetesSDConfigs in ScrapeConfig CRD
Fixes #6086
Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
This change implements a poll-based namespace lister/watcher when the
operator's service account isn't granted the list & watch permissions on
all namespaces. Instead of sending a watch request, the controller will
get every configured namespace every 15 seconds and sends the expected
watch events when a namespace is added/updated/deleted.
It still requires the service account to be granted the get permission
on the configured namespaces.
Closes #3847
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
When the operator was configured to select only a limited number of
namespaces, it would not watch for namespace changes. It means that the
operator may not reconcile when a namespace label is added/removed
(affecting which objects should be selected or not).
This change enables the operator to use a privileged namespace
lister/watcher whenever the service account has the needed permissions.
**IMPORTANT:** it also requires Kubernetes >= 1.22 to be effective but
the operator will degrade to the suboptimal implementation without watch
if this condition isn't met.
Closes #3847
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
The controllers aren't able to create the statefulsets if the input spec
contains invalid fields (like missing secret/configmap key references).
In this case, they should still update the object's status to reflect
the issue to the end-users.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
As our compatibility matrix grows, the tests assuring we can upgrade one Prometheus version to the next are taking up to 1~2h to complete. We aim to accelerate our e2e tests that are required to pass on Pull Requests by moving this test to a separate CI, that runs once a day.
Signed-off-by: Arthur Silva Sens <arthur.sens@coralogix.com>
The webhook URL is now a secret field and can't be used to verify that
the loaded Alertmanager configuration is up-to-date.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
* ci: Update to kube 1.27.3 and remove feature gate on minReadySeconds for sts
* test:e2e: Remove gate for minReadySeconds tests
* Bubble up Pod Phase in error for running and ready check
* test: Add retry to WaitForPodsReady if Phase is Completed
* feat(alertmanager): support smtp config in alertmanagerConfiguration
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
* docs: generated files changes of smtp config of alertmanagerConfiguration
---------
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
The new ScrapeConfig e2e tests (#5575) deployed the operator + admission
webhook + webhook configurations without cleaning the wehhook
configurations after the tests completed. The end result was that some
of the following tests were failing because the admission service wasn't
present anymore (e.g. the creation of PrometheusRules failed).
In practice, the admission webhook is not required for the ScrapeConfig
tests, hence this change deploys only the operator.
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
