mirrors/prometheus-operator
mirrors/prometheus-operator
1
0
Fork 0
mirror of https://github.com/prometheus-operator/prometheus-operator.git synced 2025-04-21 03:38:43 +00:00
Code Activity

thanos: add support for web configuration to the ThanosRuler CRD ()

Browse source 
* thanos: add support for web configuration to the ThanosRuler CRD

This enable us to set tls for thanos ruler

Fixes
This commit is contained in:
Mohammad 2024-03-13 20:01:07 +03:30 committed by GitHub
parent ed3aede934
commit b64f254b95
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 1144 additions and 36 deletions

72
Documentation/api.md generated
View file

@ -4159,6 +4159,19 @@ operator itself) or when providing an invalid argument the reconciliation will
fail and an error will be logged.</p>
</td>
</tr>
<tr>
<td>
<code>web</code><br/>
<em>
<a href="#monitoring.coreos.com/v1.ThanosRulerWebSpec">
ThanosRulerWebSpec
</a>
</em>
</td>
<td>
<p>Defines the configuration of the ThanosRuler web server.</p>
</td>
</tr>
</table>
</td>
</tr>
@ -14862,6 +14875,19 @@ operator itself) or when providing an invalid argument the reconciliation will
fail and an error will be logged.</p>
</td>
</tr>
<tr>
<td>
<code>web</code><br/>
<em>
<a href="#monitoring.coreos.com/v1.ThanosRulerWebSpec">
ThanosRulerWebSpec
</a>
</em>
</td>
<td>
<p>Defines the configuration of the ThanosRuler web server.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="monitoring.coreos.com/v1.ThanosRulerStatus">ThanosRulerStatus
@ -14957,6 +14983,50 @@ int32
</tr>
</tbody>
</table>
<h3 id="monitoring.coreos.com/v1.ThanosRulerWebSpec">ThanosRulerWebSpec
</h3>
<p>
(<em>Appears on:</em><a href="#monitoring.coreos.com/v1.ThanosRulerSpec">ThanosRulerSpec</a>)
</p>
<div>
<p>ThanosRulerWebSpec defines the configuration of the ThanosRuler web server.</p>
</div>
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>tlsConfig</code><br/>
<em>
<a href="#monitoring.coreos.com/v1.WebTLSConfig">
WebTLSConfig
</a>
</em>
</td>
<td>
<p>Defines the TLS parameters for HTTPS.</p>
</td>
</tr>
<tr>
<td>
<code>httpConfig</code><br/>
<em>
<a href="#monitoring.coreos.com/v1.WebHTTPConfig">
WebHTTPConfig
</a>
</em>
</td>
<td>
<p>Defines HTTP parameters for web server.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="monitoring.coreos.com/v1.ThanosSpec">ThanosSpec
</h3>
<p>
@ -15520,7 +15590,7 @@ AdditionalLabelSelectors
<h3 id="monitoring.coreos.com/v1.WebConfigFileFields">WebConfigFileFields
</h3>
<p>
(<em>Appears on:</em><a href="#monitoring.coreos.com/v1.AlertmanagerWebSpec">AlertmanagerWebSpec</a>, <a href="#monitoring.coreos.com/v1.PrometheusWebSpec">PrometheusWebSpec</a>)
(<em>Appears on:</em><a href="#monitoring.coreos.com/v1.AlertmanagerWebSpec">AlertmanagerWebSpec</a>, <a href="#monitoring.coreos.com/v1.PrometheusWebSpec">PrometheusWebSpec</a>, <a href="#monitoring.coreos.com/v1.ThanosRulerWebSpec">ThanosRulerWebSpec</a>)
</p>
<div>
<p>WebConfigFileFields defines the file content for &ndash;web.config.file flag.</p>

200
bundle.yaml generated
View file

@ -45029,6 +45029,206 @@ spec:
- name
type: object
type: array
web:
description: Defines the configuration of the ThanosRuler web server.
properties:
httpConfig:
description: Defines HTTP parameters for web server.
properties:
headers:
description: List of headers that can be added to HTTP responses.
properties:
contentSecurityPolicy:
description: Set the Content-Security-Policy header to
HTTP responses. Unset if blank.
type: string
strictTransportSecurity:
description: Set the Strict-Transport-Security header
to HTTP responses. Unset if blank. Please make sure
that you use this with care as this header might force
browsers to load Prometheus and the other applications
hosted on the same domain and subdomains over HTTPS.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type: string
xContentTypeOptions:
description: Set the X-Content-Type-Options header to
HTTP responses. Unset if blank. Accepted value is nosniff.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
enum:
- ""
- NoSniff
type: string
xFrameOptions:
description: Set the X-Frame-Options header to HTTP responses.
Unset if blank. Accepted values are deny and sameorigin.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
enum:
- ""
- Deny
- SameOrigin
type: string
xXSSProtection:
description: Set the X-XSS-Protection header to all responses.
Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
type: string
type: object
http2:
description: Enable HTTP/2 support. Note that HTTP/2 is only
supported with TLS. When TLSConfig is not configured, HTTP/2
will be disabled. Whenever the value of the field changes,
a rolling update will be triggered.
type: boolean
type: object
tlsConfig:
description: Defines the TLS parameters for HTTPS.
properties:
cert:
description: Contains the TLS certificate for the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
cipherSuites:
description: 'List of supported cipher suites for TLS versions
up to TLS 1.2. If empty, Go default cipher suites are used.
Available cipher suites are documented in the go documentation:
https://golang.org/pkg/crypto/tls/#pkg-constants'
items:
type: string
type: array
client_ca:
description: Contains the CA certificate for client certificate
authentication to the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientAuthType:
description: 'Server policy for client authentication. Maps
to ClientAuth Policies. For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType'
type: string
curvePreferences:
description: 'Elliptic curves that will be used in an ECDHE
handshake, in preference order. Available curves are documented
in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
items:
type: string
type: array
keySecret:
description: Secret containing the TLS key for the server.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
maxVersion:
description: Maximum TLS version that is acceptable. Defaults
to TLS13.
type: string
minVersion:
description: Minimum TLS version that is acceptable. Defaults
to TLS12.
type: string
preferServerCipherSuites:
description: Controls whether the server selects the client's
most preferred cipher suite, or the server's most preferred
cipher suite. If true then the server's preference, as expressed
in the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
status:
description: 'Most recent observed status of the ThanosRuler cluster.

200
example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml generated
View file

@ -7152,6 +7152,206 @@ spec:
- name
type: object
type: array
web:
description: Defines the configuration of the ThanosRuler web server.
properties:
httpConfig:
description: Defines HTTP parameters for web server.
properties:
headers:
description: List of headers that can be added to HTTP responses.
properties:
contentSecurityPolicy:
description: Set the Content-Security-Policy header to
HTTP responses. Unset if blank.
type: string
strictTransportSecurity:
description: Set the Strict-Transport-Security header
to HTTP responses. Unset if blank. Please make sure
that you use this with care as this header might force
browsers to load Prometheus and the other applications
hosted on the same domain and subdomains over HTTPS.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type: string
xContentTypeOptions:
description: Set the X-Content-Type-Options header to
HTTP responses. Unset if blank. Accepted value is nosniff.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
enum:
- ""
- NoSniff
type: string
xFrameOptions:
description: Set the X-Frame-Options header to HTTP responses.
Unset if blank. Accepted values are deny and sameorigin.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
enum:
- ""
- Deny
- SameOrigin
type: string
xXSSProtection:
description: Set the X-XSS-Protection header to all responses.
Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
type: string
type: object
http2:
description: Enable HTTP/2 support. Note that HTTP/2 is only
supported with TLS. When TLSConfig is not configured, HTTP/2
will be disabled. Whenever the value of the field changes,
a rolling update will be triggered.
type: boolean
type: object
tlsConfig:
description: Defines the TLS parameters for HTTPS.
properties:
cert:
description: Contains the TLS certificate for the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
cipherSuites:
description: 'List of supported cipher suites for TLS versions
up to TLS 1.2. If empty, Go default cipher suites are used.
Available cipher suites are documented in the go documentation:
https://golang.org/pkg/crypto/tls/#pkg-constants'
items:
type: string
type: array
client_ca:
description: Contains the CA certificate for client certificate
authentication to the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientAuthType:
description: 'Server policy for client authentication. Maps
to ClientAuth Policies. For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType'
type: string
curvePreferences:
description: 'Elliptic curves that will be used in an ECDHE
handshake, in preference order. Available curves are documented
in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
items:
type: string
type: array
keySecret:
description: Secret containing the TLS key for the server.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
maxVersion:
description: Maximum TLS version that is acceptable. Defaults
to TLS13.
type: string
minVersion:
description: Minimum TLS version that is acceptable. Defaults
to TLS12.
type: string
preferServerCipherSuites:
description: Controls whether the server selects the client's
most preferred cipher suite, or the server's most preferred
cipher suite. If true then the server's preference, as expressed
in the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
status:
description: 'Most recent observed status of the ThanosRuler cluster.

200
example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml generated
View file

@ -7153,6 +7153,206 @@ spec:
- name
type: object
type: array
web:
description: Defines the configuration of the ThanosRuler web server.
properties:
httpConfig:
description: Defines HTTP parameters for web server.
properties:
headers:
description: List of headers that can be added to HTTP responses.
properties:
contentSecurityPolicy:
description: Set the Content-Security-Policy header to
HTTP responses. Unset if blank.
type: string
strictTransportSecurity:
description: Set the Strict-Transport-Security header
to HTTP responses. Unset if blank. Please make sure
that you use this with care as this header might force
browsers to load Prometheus and the other applications
hosted on the same domain and subdomains over HTTPS.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type: string
xContentTypeOptions:
description: Set the X-Content-Type-Options header to
HTTP responses. Unset if blank. Accepted value is nosniff.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
enum:
- ""
- NoSniff
type: string
xFrameOptions:
description: Set the X-Frame-Options header to HTTP responses.
Unset if blank. Accepted values are deny and sameorigin.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
enum:
- ""
- Deny
- SameOrigin
type: string
xXSSProtection:
description: Set the X-XSS-Protection header to all responses.
Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
type: string
type: object
http2:
description: Enable HTTP/2 support. Note that HTTP/2 is only
supported with TLS. When TLSConfig is not configured, HTTP/2
will be disabled. Whenever the value of the field changes,
a rolling update will be triggered.
type: boolean
type: object
tlsConfig:
description: Defines the TLS parameters for HTTPS.
properties:
cert:
description: Contains the TLS certificate for the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
cipherSuites:
description: 'List of supported cipher suites for TLS versions
up to TLS 1.2. If empty, Go default cipher suites are used.
Available cipher suites are documented in the go documentation:
https://golang.org/pkg/crypto/tls/#pkg-constants'
items:
type: string
type: array
client_ca:
description: Contains the CA certificate for client certificate
authentication to the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientAuthType:
description: 'Server policy for client authentication. Maps
to ClientAuth Policies. For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType'
type: string
curvePreferences:
description: 'Elliptic curves that will be used in an ECDHE
handshake, in preference order. Available curves are documented
in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
items:
type: string
type: array
keySecret:
description: Secret containing the TLS key for the server.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
maxVersion:
description: Maximum TLS version that is acceptable. Defaults
to TLS13.
type: string
minVersion:
description: Minimum TLS version that is acceptable. Defaults
to TLS12.
type: string
preferServerCipherSuites:
description: Controls whether the server selects the client's
most preferred cipher suite, or the server's most preferred
cipher suite. If true then the server's preference, as expressed
in the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
status:
description: 'Most recent observed status of the ThanosRuler cluster.

213
jsonnet/prometheus-operator/thanosrulers-crd.json
View file

@ -6104,6 +6104,219 @@
"type": "object"
},
"type": "array"
},
"web": {
"description": "Defines the configuration of the ThanosRuler web server.",
"properties": {
"httpConfig": {
"description": "Defines HTTP parameters for web server.",
"properties": {
"headers": {
"description": "List of headers that can be added to HTTP responses.",
"properties": {
"contentSecurityPolicy": {
"description": "Set the Content-Security-Policy header to HTTP responses. Unset if blank.",
"type": "string"
},
"strictTransportSecurity": {
"description": "Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"type": "string"
},
"xContentTypeOptions": {
"description": "Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options",
"enum": [
"",
"NoSniff"
],
"type": "string"
},
"xFrameOptions": {
"description": "Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options",
"enum": [
"",
"Deny",
"SameOrigin"
],
"type": "string"
},
"xXSSProtection": {
"description": "Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection",
"type": "string"
}
},
"type": "object"
},
"http2": {
"description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered.",
"type": "boolean"
}
},
"type": "object"
},
"tlsConfig": {
"description": "Defines the TLS parameters for HTTPS.",
"properties": {
"cert": {
"description": "Contains the TLS certificate for the server.",
"properties": {
"configMap": {
"description": "ConfigMap containing data to use for the targets.",
"properties": {
"key": {
"description": "The key to select.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secret": {
"description": "Secret containing data to use for the targets.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
},
"cipherSuites": {
"description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants",
"items": {
"type": "string"
},
"type": "array"
},
"clientAuthType": {
"description": "Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType",
"type": "string"
},
"client_ca": {
"description": "Contains the CA certificate for client certificate authentication to the server.",
"properties": {
"configMap": {
"description": "ConfigMap containing data to use for the targets.",
"properties": {
"key": {
"description": "The key to select.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"secret": {
"description": "Secret containing data to use for the targets.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
}
},
"type": "object"
},
"curvePreferences": {
"description": "Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID",
"items": {
"type": "string"
},
"type": "array"
},
"keySecret": {
"description": "Secret containing the TLS key for the server.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"maxVersion": {
"description": "Maximum TLS version that is acceptable. Defaults to TLS13.",
"type": "string"
},
"minVersion": {
"description": "Minimum TLS version that is acceptable. Defaults to TLS12.",
"type": "string"
},
"preferServerCipherSuites": {
"description": "Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used.",
"type": "boolean"
}
},
"required": [
"cert",
"keySecret"
],
"type": "object"
}
},
"type": "object"
}
},
"type": "object"

8
pkg/apis/monitoring/v1/thanos_types.go
View file

@ -250,6 +250,14 @@ type ThanosRulerSpec struct {
// operator itself) or when providing an invalid argument the reconciliation will
// fail and an error will be logged.
AdditionalArgs []Argument `json:"additionalArgs,omitempty"`
// Defines the configuration of the ThanosRuler web server.
Web *ThanosRulerWebSpec `json:"web,omitempty"`
}
// ThanosRulerWebSpec defines the configuration of the ThanosRuler web server.
// +k8s:openapi-gen=true
type ThanosRulerWebSpec struct {
WebConfigFileFields `json:",inline"`
}
// ThanosRulerStatus is the most recent observed status of the ThanosRuler. Read-only.

21
pkg/apis/monitoring/v1/zz_generated.deepcopy.go generated
View file

@ -3166,6 +3166,11 @@ func (in *ThanosRulerSpec) DeepCopyInto(out *ThanosRulerSpec) {
*out = make([]Argument, len(*in))
copy(*out, *in)
}
if in.Web != nil {
in, out := &in.Web, &out.Web
*out = new(ThanosRulerWebSpec)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThanosRulerSpec.
@ -3200,6 +3205,22 @@ func (in *ThanosRulerStatus) DeepCopy() *ThanosRulerStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ThanosRulerWebSpec) DeepCopyInto(out *ThanosRulerWebSpec) {
*out = *in
in.WebConfigFileFields.DeepCopyInto(&out.WebConfigFileFields)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThanosRulerWebSpec.
func (in *ThanosRulerWebSpec) DeepCopy() *ThanosRulerWebSpec {
if in == nil {
return nil
}
out := new(ThanosRulerWebSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ThanosSpec) DeepCopyInto(out *ThanosSpec) {
*out = *in

9
pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go
View file

@ -75,6 +75,7 @@ type ThanosRulerSpecApplyConfiguration struct {
AlertRelabelConfigFile *string `json:"alertRelabelConfigFile,omitempty"`
HostAliases []HostAliasApplyConfiguration `json:"hostAliases,omitempty"`
AdditionalArgs []ArgumentApplyConfiguration `json:"additionalArgs,omitempty"`
Web *ThanosRulerWebSpecApplyConfiguration `json:"web,omitempty"`
}
// ThanosRulerSpecApplyConfiguration constructs an declarative configuration of the ThanosRulerSpec type for use with
@ -534,3 +535,11 @@ func (b *ThanosRulerSpecApplyConfiguration) WithAdditionalArgs(values ...*Argume
}
return b
}
// WithWeb sets the Web field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Web field is set to the value of the last call.
func (b *ThanosRulerSpecApplyConfiguration) WithWeb(value *ThanosRulerWebSpecApplyConfiguration) *ThanosRulerSpecApplyConfiguration {
b.Web = value
return b
}

45
pkg/client/applyconfiguration/monitoring/v1/thanosrulerwebspec.go Normal file
View file

@ -0,0 +1,45 @@
// Copyright The prometheus-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1
// ThanosRulerWebSpecApplyConfiguration represents an declarative configuration of the ThanosRulerWebSpec type for use
// with apply.
type ThanosRulerWebSpecApplyConfiguration struct {
WebConfigFileFieldsApplyConfiguration `json:",inline"`
}
// ThanosRulerWebSpecApplyConfiguration constructs an declarative configuration of the ThanosRulerWebSpec type for use with
// apply.
func ThanosRulerWebSpec() *ThanosRulerWebSpecApplyConfiguration {
return &ThanosRulerWebSpecApplyConfiguration{}
}
// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the TLSConfig field is set to the value of the last call.
func (b *ThanosRulerWebSpecApplyConfiguration) WithTLSConfig(value *WebTLSConfigApplyConfiguration) *ThanosRulerWebSpecApplyConfiguration {
b.TLSConfig = value
return b
}
// WithHTTPConfig sets the HTTPConfig field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the HTTPConfig field is set to the value of the last call.
func (b *ThanosRulerWebSpecApplyConfiguration) WithHTTPConfig(value *WebHTTPConfigApplyConfiguration) *ThanosRulerWebSpecApplyConfiguration {
b.HTTPConfig = value
return b
}

2
pkg/client/applyconfiguration/utils.go
View file

@ -179,6 +179,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &monitoringv1.ThanosRulerSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ThanosRulerStatus"):
return &monitoringv1.ThanosRulerStatusApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ThanosRulerWebSpec"):
return &monitoringv1.ThanosRulerWebSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ThanosSpec"):
return &monitoringv1.ThanosSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("TLSConfig"):

70
pkg/thanos/operator.go
View file

@ -37,12 +37,14 @@ import (
"k8s.io/client-go/tools/record"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
"github.com/prometheus-operator/prometheus-operator/pkg/assets"
monitoringv1ac "github.com/prometheus-operator/prometheus-operator/pkg/client/applyconfiguration/monitoring/v1"
monitoringclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned"
"github.com/prometheus-operator/prometheus-operator/pkg/informers"
"github.com/prometheus-operator/prometheus-operator/pkg/k8sutil"
"github.com/prometheus-operator/prometheus-operator/pkg/listwatch"
"github.com/prometheus-operator/prometheus-operator/pkg/operator"
"github.com/prometheus-operator/prometheus-operator/pkg/webconfig"
)
const (
@ -547,6 +549,17 @@ func (o *Operator) sync(ctx context.Context, key string) error {
return err
}
assetStore := assets.NewStore(o.kclient.CoreV1(), o.kclient.CoreV1())
tlsAssets, err := operator.ReconcileShardedSecretForTLSAssets(ctx, assetStore, o.kclient, newTLSAssetSecret(tr, o.config))
if err != nil {
return fmt.Errorf("failed to reconcile the TLS secrets: %w", err)
}
if err := o.createOrUpdateWebConfigSecret(ctx, tr); err != nil {
return fmt.Errorf("failed to synchronize web config secret: %w", err)
}
// Create governing service if it doesn't exist.
svcClient := o.kclient.CoreV1().Services(tr.Namespace)
if err = k8sutil.CreateOrUpdateService(ctx, svcClient, makeStatefulSetService(tr, o.config)); err != nil {
@ -561,7 +574,7 @@ func (o *Operator) sync(ctx context.Context, key string) error {
if existingStatefulSet == nil {
ssetClient := o.kclient.AppsV1().StatefulSets(tr.Namespace)
sset, err := makeStatefulSet(tr, o.config, ruleConfigMapNames, "")
sset, err := makeStatefulSet(tr, o.config, ruleConfigMapNames, "", tlsAssets)
if err != nil {
return fmt.Errorf("making thanos statefulset config failed: %w", err)
}
@ -578,12 +591,12 @@ func (o *Operator) sync(ctx context.Context, key string) error {
return nil
}
newSSetInputHash, err := createSSetInputHash(*tr, o.config, ruleConfigMapNames, existingStatefulSet.Spec)
newSSetInputHash, err := createSSetInputHash(*tr, o.config, tlsAssets, ruleConfigMapNames, existingStatefulSet.Spec)
if err != nil {
return err
}
sset, err := makeStatefulSet(tr, o.config, ruleConfigMapNames, newSSetInputHash)
sset, err := makeStatefulSet(tr, o.config, ruleConfigMapNames, newSSetInputHash, tlsAssets)
if err != nil {
return fmt.Errorf("failed to generate statefulset: %w", err)
}
@ -693,7 +706,7 @@ func (o *Operator) UpdateStatus(ctx context.Context, key string) error {
return nil
}
func createSSetInputHash(tr monitoringv1.ThanosRuler, c Config, ruleConfigMapNames []string, ss appsv1.StatefulSetSpec) (string, error) {
func createSSetInputHash(tr monitoringv1.ThanosRuler, c Config, tlsAssets *operator.ShardedSecret, ruleConfigMapNames []string, ss appsv1.StatefulSetSpec) (string, error) {
// The controller should ignore any changes to RevisionHistoryLimit field because
// it may be modified by external actors.
@ -707,6 +720,7 @@ func createSSetInputHash(tr monitoringv1.ThanosRuler, c Config, ruleConfigMapNam
Config Config
StatefulSetSpec appsv1.StatefulSetSpec
RuleConfigMaps []string `hash:"set"`
ShardedSecret *operator.ShardedSecret
}{
ThanosRulerLabels: tr.Labels,
ThanosRulerAnnotations: tr.Annotations,
@ -714,6 +728,7 @@ func createSSetInputHash(tr monitoringv1.ThanosRuler, c Config, ruleConfigMapNam
Config: c,
StatefulSetSpec: ss,
RuleConfigMaps: ruleConfigMapNames,
ShardedSecret: tlsAssets,
},
nil,
)
@ -795,6 +810,36 @@ func (o *Operator) enqueueForNamespace(store cache.Store, nsName string) {
}
}
func (o *Operator) createOrUpdateWebConfigSecret(ctx context.Context, tr *monitoringv1.ThanosRuler) error {
var fields monitoringv1.WebConfigFileFields
if tr.Spec.Web != nil {
fields = tr.Spec.Web.WebConfigFileFields
}
webConfig, err := webconfig.New(
webConfigDir,
webConfigSecretName(tr.Name),
fields,
)
if err != nil {
return fmt.Errorf("failed to initialize the web config: %w", err)
}
s := &v1.Secret{}
operator.UpdateObject(
s,
operator.WithLabels(o.config.Labels),
operator.WithAnnotations(o.config.Annotations),
operator.WithManagingOwner(tr),
)
if err := webConfig.CreateOrUpdateWebConfigSecret(ctx, o.kclient.CoreV1().Secrets(tr.Namespace), s); err != nil {
return fmt.Errorf("failed to update the web config secret: %w", err)
}
return nil
}
func applyConfigurationFromThanosRuler(a *monitoringv1.ThanosRuler) *monitoringv1ac.ThanosRulerApplyConfiguration {
trac := monitoringv1ac.ThanosRulerStatus().
WithPaused(a.Status.Paused).
@ -817,3 +862,20 @@ func applyConfigurationFromThanosRuler(a *monitoringv1.ThanosRuler) *monitoringv
return monitoringv1ac.ThanosRuler(a.Name, a.Namespace).WithStatus(trac)
}
func newTLSAssetSecret(tr *monitoringv1.ThanosRuler, config Config) *v1.Secret {
s := &v1.Secret{
Data: map[string][]byte{},
}
operator.UpdateObject(
s,
operator.WithLabels(config.Labels),
operator.WithAnnotations(config.Annotations),
operator.WithManagingOwner(tr),
operator.WithName(tlsAssetsSecretName(tr.Name)),
operator.WithNamespace(tr.GetObjectMeta().GetNamespace()),
)
return s
}

63
pkg/thanos/statefulset.go
View file

@ -32,12 +32,15 @@ import (
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
"github.com/prometheus-operator/prometheus-operator/pkg/k8sutil"
"github.com/prometheus-operator/prometheus-operator/pkg/operator"
"github.com/prometheus-operator/prometheus-operator/pkg/webconfig"
)
const (
rulesDir = "/etc/thanos/rules"
configDir = "/etc/thanos/config"
storageDir = "/thanos/data"
webConfigDir = "/etc/thanos/web_config"
tlsAssetsDir = "/etc/thanos/certs"
governingServiceName = "thanos-ruler-operated"
defaultPortName = "web"
defaultRetention = "24h"
@ -50,7 +53,7 @@ var (
minReplicas int32 = 1
)
func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapNames []string, inputHash string) (*appsv1.StatefulSet, error) {
func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapNames []string, inputHash string, tlsSecrets *operator.ShardedSecret) (*appsv1.StatefulSet, error) {
if tr.Spec.Resources.Requests == nil {
tr.Spec.Resources.Requests = v1.ResourceList{}
@ -59,7 +62,7 @@ func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapN
tr.Spec.Resources.Requests[v1.ResourceMemory] = resource.MustParse("200Mi")
}
spec, err := makeStatefulSetSpec(tr, config, ruleConfigMapNames)
spec, err := makeStatefulSetSpec(tr, config, ruleConfigMapNames, tlsSecrets)
if err != nil {
return nil, err
}
@ -136,15 +139,16 @@ func makeStatefulSet(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapN
return statefulset, nil
}
func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapNames []string) (*appsv1.StatefulSetSpec, error) {
func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfigMapNames []string, tlsSecrets *operator.ShardedSecret) (*appsv1.StatefulSetSpec, error) {
if tr.Spec.QueryConfig == nil && len(tr.Spec.QueryEndpoints) < 1 {
return nil, errors.New(tr.GetName() + ": thanos ruler requires query config or at least one query endpoint to be specified")
}
thanosVersion := operator.StringValOrDefault(tr.Spec.Version, operator.DefaultThanosVersion)
if _, err := semver.ParseTolerant(thanosVersion); err != nil {
return nil, fmt.Errorf("failed to parse Thanos version: %w", err)
version, err := semver.ParseTolerant(thanosVersion)
if err != nil {
return nil, fmt.Errorf("failed to parse thanos ruler version: %w", err)
}
trImagePath, err := operator.BuildImagePath(
@ -254,6 +258,20 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
trCLIArgs = append(trCLIArgs, monitoringv1.Argument{Name: "alert.relabel-config-file", Value: fullPath})
}
trVolumes = append(trVolumes, tlsSecrets.Volume("tls-assets"))
trVolumeMounts = append(trVolumeMounts, v1.VolumeMount{
Name: "tls-assets",
ReadOnly: true,
MountPath: tlsAssetsDir,
})
isHTTPS := tr.Spec.Web != nil && tr.Spec.Web.TLSConfig != nil && version.GTE(semver.MustParse("0.21.0"))
thanosrulerURIScheme := "http"
if isHTTPS {
thanosrulerURIScheme = "https"
}
if tr.Spec.GRPCServerTLSConfig != nil {
tls := tr.Spec.GRPCServerTLSConfig
if tls.CertFile != "" {
@ -287,6 +305,7 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
// The first argument to thanos must be "rule" to start thanos ruler, e.g. "thanos rule --data-dir..."
containerArgs = append([]string{"rule"}, containerArgs...)
var configReloaderWebConfigFile string
var additionalContainers []v1.Container
if len(ruleConfigMapNames) != 0 {
var (
@ -303,13 +322,37 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
watchedDirectories = append(watchedDirectories, mountPath)
}
if version.GTE(semver.MustParse("0.21.0")) {
var fields monitoringv1.WebConfigFileFields
if tr.Spec.Web != nil {
fields = tr.Spec.Web.WebConfigFileFields
}
webConfig, err := webconfig.New(webConfigDir, webConfigSecretName(tr.Name), fields)
if err != nil {
return nil, err
}
confArg, configVol, configMount, err := webConfig.GetMountParameters()
if err != nil {
return nil, err
}
containerArgs = append(containerArgs, fmt.Sprintf("--http.config=%s", confArg.Value))
trVolumes = append(trVolumes, configVol...)
trVolumeMounts = append(trVolumeMounts, configMount...)
configReloaderWebConfigFile = confArg.Value
configReloaderVolumeMounts = append(configReloaderVolumeMounts, configMount...)
}
additionalContainers = append(
additionalContainers,
operator.CreateConfigReloader(
"config-reloader",
operator.ReloaderConfig(config.ReloaderConfig),
operator.WebConfigFile(configReloaderWebConfigFile),
operator.ReloaderURL(url.URL{
Scheme: "http",
Scheme: thanosrulerURIScheme,
Host: config.LocalHost + ":10902",
Path: path.Clean(tr.Spec.RoutePrefix + "/-/reload"),
}),
@ -491,6 +534,14 @@ func volumeName(name string) string {
return fmt.Sprintf("%s-data", prefixedName(name))
}
func tlsAssetsSecretName(name string) string {
return fmt.Sprintf("%s-tls-assets", prefixedName(name))
}
func webConfigSecretName(name string) string {
return fmt.Sprintf("%s-web-config", prefixedName(name))
}
func mountSecret(secretSelector *v1.SecretKeySelector, volumeName string, trVolumes *[]v1.Volume, trVolumeMounts *[]v1.VolumeMount) string {
path := secretSelector.Key
*trVolumes = append(*trVolumes, v1.Volume{

77
pkg/thanos/statefulset_test.go
View file

@ -65,7 +65,7 @@ func TestStatefulSetLabelingAndAnnotations(t *testing.T) {
Annotations: annotations,
},
Spec: monitoringv1.ThanosRulerSpec{QueryEndpoints: emptyQueryEndpoints},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
@ -96,7 +96,7 @@ func TestPodLabelsAnnotations(t *testing.T) {
Labels: labels,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
if val, ok := sset.Spec.Template.ObjectMeta.Labels["testlabel"]; !ok || val != "testvalue" {
t.Fatal("Pod labels are not properly propagated")
@ -114,7 +114,7 @@ func TestThanosDefaultBaseImageFlag(t *testing.T) {
sset, err := makeStatefulSet(&monitoringv1.ThanosRuler{
Spec: monitoringv1.ThanosRulerSpec{QueryEndpoints: emptyQueryEndpoints},
}, thanosBaseImageConfig, nil, "")
}, thanosBaseImageConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
image := sset.Spec.Template.Spec.Containers[0].Image
@ -133,6 +133,17 @@ func TestStatefulSetVolumes(t *testing.T) {
Containers: []v1.Container{
{
VolumeMounts: []v1.VolumeMount{
{
Name: "tls-assets",
ReadOnly: true,
MountPath: "/etc/thanos/certs",
},
{
Name: "web-config",
ReadOnly: true,
MountPath: "/etc/thanos/web_config/web-config.yaml",
SubPath: "web-config.yaml",
},
{
Name: "thanos-ruler-foo-data",
ReadOnly: false,
@ -155,6 +166,22 @@ func TestStatefulSetVolumes(t *testing.T) {
},
},
Volumes: []v1.Volume{
{
Name: "tls-assets",
VolumeSource: v1.VolumeSource{
Projected: &v1.ProjectedVolumeSource{
Sources: []v1.VolumeProjection{},
},
},
},
{
Name: "web-config",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: "thanos-ruler-foo-web-config",
},
},
},
{
Name: "rules-configmap-one",
VolumeSource: v1.VolumeSource{
@ -211,7 +238,7 @@ func TestStatefulSetVolumes(t *testing.T) {
},
},
},
}, defaultTestConfig, []string{"rules-configmap-one"}, "")
}, defaultTestConfig, []string{"rules-configmap-one"}, "", &operator.ShardedSecret{})
require.NoError(t, err)
if !reflect.DeepEqual(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes) {
fmt.Println(pretty.Compare(expected.Spec.Template.Spec.Volumes, sset.Spec.Template.Spec.Volumes))
@ -244,7 +271,7 @@ func TestTracing(t *testing.T) {
Key: secretKey,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -305,7 +332,7 @@ func TestTracingFile(t *testing.T) {
Key: testKey,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -355,7 +382,7 @@ func TestObjectStorage(t *testing.T) {
Key: secretKey,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -416,7 +443,7 @@ func TestObjectStorageFile(t *testing.T) {
Key: testKey,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -466,7 +493,7 @@ func TestAlertRelabel(t *testing.T) {
Key: secretKey,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -527,7 +554,7 @@ func TestAlertRelabelFile(t *testing.T) {
Key: testKey,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -628,7 +655,7 @@ func TestLabelsAndAlertDropLabels(t *testing.T) {
Labels: tc.Labels,
AlertDropLabels: tc.AlertDropLabels,
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -660,7 +687,7 @@ func TestAdditionalContainers(t *testing.T) {
// The base to compare everything against
baseSet, err := makeStatefulSet(&monitoringv1.ThanosRuler{
Spec: monitoringv1.ThanosRulerSpec{QueryEndpoints: emptyQueryEndpoints},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
// Add an extra container
@ -673,7 +700,7 @@ func TestAdditionalContainers(t *testing.T) {
},
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
if len(baseSet.Spec.Template.Spec.Containers)+1 != len(addSset.Spec.Template.Spec.Containers) {
@ -693,7 +720,7 @@ func TestAdditionalContainers(t *testing.T) {
},
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
if len(baseSet.Spec.Template.Spec.Containers) != len(modSset.Spec.Template.Spec.Containers) {
@ -721,7 +748,7 @@ func TestRetention(t *testing.T) {
Retention: tc.specRetention,
QueryEndpoints: emptyQueryEndpoints,
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("expecting no error but got %q", err)
@ -806,7 +833,7 @@ func TestPodTemplateConfig(t *testing.T) {
ImagePullPolicy: imagePullPolicy,
AdditionalArgs: additionalArgs,
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -861,7 +888,7 @@ func TestExternalQueryURL(t *testing.T) {
AlertQueryURL: "https://example.com/",
QueryEndpoints: emptyQueryEndpoints,
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if err != nil {
t.Fatalf("Unexpected error while making StatefulSet: %v", err)
}
@ -892,7 +919,7 @@ func TestSidecarResources(t *testing.T) {
}
// thanos-ruler sset will only have a configReloader side car
// if it has to mount a ConfigMap
sset, err := makeStatefulSet(tr, testConfig, []string{"my-configmap"}, "")
sset, err := makeStatefulSet(tr, testConfig, []string{"my-configmap"}, "", &operator.ShardedSecret{})
require.NoError(t, err)
return sset
})
@ -906,7 +933,7 @@ func TestStatefulSetMinReadySeconds(t *testing.T) {
},
}
statefulSet, err := makeStatefulSetSpec(&tr, defaultTestConfig, nil)
statefulSet, err := makeStatefulSetSpec(&tr, defaultTestConfig, nil, &operator.ShardedSecret{})
if err != nil {
t.Fatal(err)
}
@ -917,7 +944,7 @@ func TestStatefulSetMinReadySeconds(t *testing.T) {
// assert set correctly if not nil
var expect uint32 = 5
tr.Spec.MinReadySeconds = &expect
statefulSet, err = makeStatefulSetSpec(&tr, defaultTestConfig, nil)
statefulSet, err = makeStatefulSetSpec(&tr, defaultTestConfig, nil, &operator.ShardedSecret{})
if err != nil {
t.Fatal(err)
}
@ -935,7 +962,7 @@ func TestStatefulSetServiceName(t *testing.T) {
// assert set correctly
expect := governingServiceName
spec, err := makeStatefulSetSpec(&tr, defaultTestConfig, nil)
spec, err := makeStatefulSetSpec(&tr, defaultTestConfig, nil, &operator.ShardedSecret{})
if err != nil {
t.Fatal(err)
}
@ -975,7 +1002,7 @@ func TestStatefulSetPVC(t *testing.T) {
VolumeClaimTemplate: pvc,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
ssetPvc := sset.Spec.VolumeClaimTemplates[0]
@ -1007,7 +1034,7 @@ func TestStatefulEmptyDir(t *testing.T) {
EmptyDir: &emptyDir,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
ssetVolumes := sset.Spec.Template.Spec.Volumes
@ -1046,7 +1073,7 @@ func TestStatefulSetEphemeral(t *testing.T) {
Ephemeral: &ephemeral,
},
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
require.NoError(t, err)
ssetVolumes := sset.Spec.Template.Spec.Volumes
@ -1075,7 +1102,7 @@ func TestThanosVersion(t *testing.T) {
QueryEndpoints: emptyQueryEndpoints,
Version: tc.version,
},
}, defaultTestConfig, nil, "")
}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
if tc.expectedError && err == nil {
t.Fatal("expected error but got nil")