diff --git a/Makefile b/Makefile index d355c69..364efb8 100644 --- a/Makefile +++ b/Makefile @@ -92,13 +92,13 @@ release-helm: release: release-docker release-helm helm-docs # Prod release - # ex. make VERSION=1.12.1 release + # ex. make VERSION=1.12.2 release # Prerelease Candidate # ex. make VERSION=1.11.2-rc01 release release-github: # Prod release - # ex. make VERSION=1.12.1 release-github + # ex. make VERSION=1.12.2 release-github gh repo set-default jmcgrath207/k8s-ephemeral-storage-metrics gh release create ${VERSION} --generate-notes gh release upload ${VERSION} "chart/k8s-ephemeral-storage-metrics-${VERSION}.tgz" diff --git a/README.md b/README.md index c50294d..71a84b3 100644 --- a/README.md +++ b/README.md @@ -28,12 +28,17 @@ helm upgrade --install my-deployment k8s-ephemeral-storage-metrics/k8s-ephemeral | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | +| containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | +| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| containerSecurityContext.privileged | bool | `false` | | +| containerSecurityContext.readOnlyRootFilesystem | bool | `false` | | +| containerSecurityContext.runAsNonRoot | bool | `true` | | | deploy_type | string | `"Deployment"` | Set as Deployment for single controller to query all nodes or Daemonset | | dev | object | `{"enabled":false,"grow":{"image":"ghcr.io/jmcgrath207/k8s-ephemeral-storage-grow-test:latest","imagePullPolicy":"IfNotPresent"},"shrink":{"image":"ghcr.io/jmcgrath207/k8s-ephemeral-storage-shrink-test:latest","imagePullPolicy":"IfNotPresent"}}` | For local development or testing that will deploy grow and shrink pods and debug service | | image.imagePullPolicy | string | `"IfNotPresent"` | | | image.imagePullSecrets | list | `[]` | | | image.repository | string | `"ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics"` | | -| image.tag | string | `"1.12.1"` | | +| image.tag | string | `"1.12.2"` | | | interval | int | `15` | Polling node rate for exporter | | kubelet | object | `{"insecure":false,"readOnlyPort":0,"scrape":false}` | Scrape metrics through kubelet instead of kube api | | log_level | string | `"info"` | | @@ -49,6 +54,8 @@ helm upgrade --install my-deployment k8s-ephemeral-storage-metrics/k8s-ephemeral | metrics.ephemeral_storage_pod_usage | bool | `true` | Current ephemeral byte usage of pod | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | +| podSecurityContext.runAsNonRoot | bool | `true` | | +| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | pprof | bool | `false` | Enable Pprof | | prometheus.enable | bool | `true` | | | prometheus.release | string | `"kube-prometheus-stack"` | | diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 2386881..156aa4b 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: k8s-ephemeral-storage-metrics -version: 1.12.1 -appVersion: 1.12.1 +version: 1.12.2 +appVersion: 1.12.2 kubeVersion: ">=1.21.0-0" description: Ephemeral storage metrics for prometheus operator. home: https://github.com/jmcgrath207/k8s-ephemeral-storage-metrics diff --git a/chart/README.md b/chart/README.md index 1bf5765..389ae2f 100644 --- a/chart/README.md +++ b/chart/README.md @@ -11,12 +11,17 @@ helm upgrade --install my-deployment k8s-ephemeral-storage-metrics/k8s-ephemeral | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | +| containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | +| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| containerSecurityContext.privileged | bool | `false` | | +| containerSecurityContext.readOnlyRootFilesystem | bool | `false` | | +| containerSecurityContext.runAsNonRoot | bool | `true` | | | deploy_type | string | `"Deployment"` | Set as Deployment for single controller to query all nodes or Daemonset | | dev | object | `{"enabled":false,"grow":{"image":"ghcr.io/jmcgrath207/k8s-ephemeral-storage-grow-test:latest","imagePullPolicy":"IfNotPresent"},"shrink":{"image":"ghcr.io/jmcgrath207/k8s-ephemeral-storage-shrink-test:latest","imagePullPolicy":"IfNotPresent"}}` | For local development or testing that will deploy grow and shrink pods and debug service | | image.imagePullPolicy | string | `"IfNotPresent"` | | | image.imagePullSecrets | list | `[]` | | | image.repository | string | `"ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics"` | | -| image.tag | string | `"1.12.1"` | | +| image.tag | string | `"1.12.2"` | | | interval | int | `15` | Polling node rate for exporter | | kubelet | object | `{"insecure":false,"readOnlyPort":0,"scrape":false}` | Scrape metrics through kubelet instead of kube api | | log_level | string | `"info"` | | @@ -32,6 +37,8 @@ helm upgrade --install my-deployment k8s-ephemeral-storage-metrics/k8s-ephemeral | metrics.ephemeral_storage_pod_usage | bool | `true` | Current ephemeral byte usage of pod | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | +| podSecurityContext.runAsNonRoot | bool | `true` | | +| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | pprof | bool | `false` | Enable Pprof | | prometheus.enable | bool | `true` | | | prometheus.release | string | `"kube-prometheus-stack"` | | @@ -44,8 +51,6 @@ helm upgrade --install my-deployment k8s-ephemeral-storage-metrics/k8s-ephemeral | serviceMonitor.relabelings | list | `[]` | Set relabelings as per https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.RelabelConfig | | serviceMonitor.targetLabels | list | `[]` | Set targetLabels as per https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitorSpec | | tolerations | list | `[]` | | -| podSecurityContext | Pod security context |`"runAsNonRoot:" "true", "seccompProfile:" "{type: RuntimeDefault}"`| -| containerSecurityContext | Container security context |`"allowPrivilegeEscalation:" "false", "capabilities:" "drop:" "ALL", "privileged:" "false", "readOnlyRootFilesystem:" "false", "runAsNonRoot:" "true"`| ## Prometheus alert rules diff --git a/chart/index.yaml b/chart/index.yaml index 99677fa..5e469d2 100644 --- a/chart/index.yaml +++ b/chart/index.yaml @@ -1,6 +1,28 @@ apiVersion: v1 entries: k8s-ephemeral-storage-metrics: + - annotations: + artifacthub.io/license: MIT + artifacthub.io/links: | + - name: Documentation + url: https://github.com/jmcgrath207/k8s-ephemeral-storage-metrics + artifacthub.io/prerelease: "false" + apiVersion: v2 + appVersion: 1.12.2 + created: "2024-08-09T09:09:32.441179662-05:00" + description: Ephemeral storage metrics for prometheus operator. + digest: f51c0af4af85bf3c1c4458e90d1ab78550a56b970adb82a11e4d9d9bd6800227 + home: https://github.com/jmcgrath207/k8s-ephemeral-storage-metrics + keywords: + - kubernetes + - metrics + kubeVersion: '>=1.21.0-0' + name: k8s-ephemeral-storage-metrics + sources: + - https://github.com/jmcgrath207/k8s-ephemeral-storage-metrics + urls: + - https://github.com/jmcgrath207/k8s-ephemeral-storage-metrics/releases/download/1.12.2/k8s-ephemeral-storage-metrics-1.12.2.tgz + version: 1.12.2 - annotations: artifacthub.io/license: MIT artifacthub.io/links: | @@ -727,4 +749,4 @@ entries: urls: - https://github.com/jmcgrath207/k8s-ephemeral-storage-metrics/releases/download/1.0.0/k8s-ephemeral-storage-metrics-1.0.0.tgz version: 1.0.0 -generated: "2024-08-07T22:15:00.338009027-05:00" +generated: "2024-08-09T09:09:32.440135718-05:00" diff --git a/chart/values.yaml b/chart/values.yaml index 89cc35e..13b9237 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,6 +1,6 @@ image: repository: ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics - tag: 1.12.1 + tag: 1.12.2 imagePullPolicy: IfNotPresent imagePullSecrets: [] @@ -98,6 +98,4 @@ containerSecurityContext: - ALL privileged: false readOnlyRootFilesystem: false - runAsNonRoot: true - # readOnlyRootFilesystem: true - # runAsNonRoot: true + runAsNonRoot: true \ No newline at end of file