Skip to content

Commit

Permalink
jsonnet: Add ownership labels to monitoring Kubernetes resources
Browse files Browse the repository at this point in the history 
Generalize the use of recommended "app.kubernetes.io/managed-by: cluster-monitoring-operator"
and "app.kubernetes.io/part-of: openshift-monitoring" labels on all Kube resources created and
managed by CMO.

See https://issues.redhat.com/browse/MON-3216 for the whys.

Signed-off-by: Ayoub Mrini <amrini@redhat.com>
  • Loading branch information
@machine424
machine424 committed Jun 8, 2023
1 parent b92687c commit 5386735
Show file tree
Hide file tree
Showing 213 changed files with 556 additions and 90 deletions.
2 changes: 2 additions & 0 deletions assets/admission-webhook/alertmanager-config-validating-webhook.yaml
View file
Expand Up @@ -5,7 +5,9 @@ metadata:
service.beta.openshift.io/inject-cabundle: "true"
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanagerconfigs.openshift.io
webhooks:
- admissionReviewVersions:
Expand Down
2 changes: 2 additions & 0 deletions assets/admission-webhook/deployment.yaml
View file
Expand Up @@ -12,6 +12,7 @@ spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
strategy:
Expand All @@ -33,6 +34,7 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
namespaces:
Expand Down
2 changes: 2 additions & 0 deletions assets/admission-webhook/pod-disruption-budget.yaml
View file
Expand Up @@ -2,6 +2,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.65.1
Expand All @@ -11,5 +12,6 @@ spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
2 changes: 2 additions & 0 deletions assets/admission-webhook/prometheus-rule-validating-webhook.yaml
View file
Expand Up @@ -5,7 +5,9 @@ metadata:
service.beta.openshift.io/inject-cabundle: "true"
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: openshift-monitoring
name: prometheusrules.openshift.io
webhooks:
- admissionReviewVersions:
Expand Down
1 change: 1 addition & 0 deletions assets/admission-webhook/service-account.yaml
View file
Expand Up @@ -3,6 +3,7 @@ automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.65.1
Expand Down
2 changes: 2 additions & 0 deletions assets/admission-webhook/service.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
annotations:
service.beta.openshift.io/serving-cert-secret-name: prometheus-operator-admission-webhook-tls
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.65.1
Expand All @@ -15,5 +16,6 @@ spec:
port: 8443
targetPort: https
selector:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: openshift-monitoring
3 changes: 3 additions & 0 deletions assets/alertmanager-user-workload/alertmanager.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -17,6 +18,7 @@ spec:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
namespaces:
Expand Down Expand Up @@ -138,6 +140,7 @@ spec:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
3 changes: 3 additions & 0 deletions assets/alertmanager-user-workload/cluster-role-binding.yaml
View file
@@ -1,6 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-user-workload
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down
3 changes: 3 additions & 0 deletions assets/alertmanager-user-workload/cluster-role.yaml
View file
@@ -1,6 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-user-workload
rules:
- apiGroups:
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager-user-workload/kube-rbac-proxy-tenancy-secret.yaml
View file
Expand Up @@ -2,7 +2,9 @@ apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager-user-workload
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-kube-rbac-proxy-tenancy
namespace: openshift-user-workload-monitoring
stringData:
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager-user-workload/pod-disruption-budget.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -15,5 +16,6 @@ spec:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
1 change: 1 addition & 0 deletions assets/alertmanager-user-workload/secret.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
1 change: 1 addition & 0 deletions assets/alertmanager-user-workload/service-account.yaml
View file
Expand Up @@ -5,6 +5,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager-user-workload/service-monitor.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -25,5 +26,6 @@ spec:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
2 changes: 2 additions & 0 deletions assets/alertmanager-user-workload/service.yaml
View file
Expand Up @@ -6,6 +6,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -25,6 +26,7 @@ spec:
selector:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: user-workload
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
sessionAffinity: ClientIP
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager-user-workload/trusted-ca-bundle.yaml
View file
Expand Up @@ -3,6 +3,8 @@ data: {}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
config.openshift.io/inject-trusted-cabundle: "true"
name: alertmanager-trusted-ca-bundle
namespace: openshift-user-workload-monitoring
3 changes: 3 additions & 0 deletions assets/alertmanager/alertmanager.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -17,6 +18,7 @@ spec:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
namespaces:
Expand Down Expand Up @@ -139,6 +141,7 @@ spec:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
3 changes: 3 additions & 0 deletions assets/alertmanager/cluster-role-binding.yaml
View file
@@ -1,6 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-main
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down
3 changes: 3 additions & 0 deletions assets/alertmanager/cluster-role.yaml
View file
@@ -1,6 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-main
rules:
- apiGroups:
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager/kube-rbac-proxy-secret.yaml
View file
Expand Up @@ -2,7 +2,9 @@ apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager-main
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-kube-rbac-proxy
namespace: openshift-monitoring
stringData:
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager/pod-disruption-budget.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -15,5 +16,6 @@ spec:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
1 change: 1 addition & 0 deletions assets/alertmanager/prometheus-rule.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager/proxy-secret.yaml
View file
Expand Up @@ -3,7 +3,9 @@ data: {}
kind: Secret
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager-main
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-main-proxy
namespace: openshift-monitoring
type: Opaque
3 changes: 3 additions & 0 deletions assets/alertmanager/route.yaml
View file
@@ -1,6 +1,9 @@
apiVersion: v1
kind: Route
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alertmanager-main
namespace: openshift-monitoring
spec:
Expand Down
1 change: 1 addition & 0 deletions assets/alertmanager/secret.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
1 change: 1 addition & 0 deletions assets/alertmanager/service-account.yaml
View file
Expand Up @@ -7,6 +7,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager/service-monitor.yaml
View file
Expand Up @@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -25,5 +26,6 @@ spec:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
2 changes: 2 additions & 0 deletions assets/alertmanager/service.yaml
View file
Expand Up @@ -6,6 +6,7 @@ metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 0.25.0
Expand All @@ -25,6 +26,7 @@ spec:
selector:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: openshift-monitoring
sessionAffinity: ClientIP
Expand Down
2 changes: 2 additions & 0 deletions assets/alertmanager/trusted-ca-bundle.yaml
View file
Expand Up @@ -3,6 +3,8 @@ data: {}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
config.openshift.io/inject-trusted-cabundle: "true"
name: alertmanager-trusted-ca-bundle
namespace: openshift-monitoring
5 changes: 5 additions & 0 deletions assets/cluster-monitoring-operator/alerting-edit-cluster-role.yaml
View file
@@ -1,6 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
lqbels:
app.kubernetes.io/component: operator
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: alert-routing-edit
rules:
- apiGroups:
Expand Down
5 changes: 5 additions & 0 deletions assets/cluster-monitoring-operator/cluster-role-view.yaml
View file
@@ -1,6 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: operator
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: cluster-monitoring-view
rules:
- apiGroups:
Expand Down
5 changes: 5 additions & 0 deletions assets/cluster-monitoring-operator/grpc-tls-secret.yaml
View file
Expand Up @@ -8,6 +8,11 @@ data:
thanos-querier-client.key: ""
kind: Secret
metadata:
labels:
app.kubernetes.io/component: operator
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: grpc-tls
namespace: openshift-monitoring
type: Opaque
5 changes: 5 additions & 0 deletions assets/cluster-monitoring-operator/metrics-client-ca.yaml
View file
Expand Up @@ -2,5 +2,10 @@ apiVersion: v1
data: {}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: operator
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: cluster-monitoring-operator
app.kubernetes.io/part-of: openshift-monitoring
name: metrics-client-ca
namespace: openshift-monitoring

0 comments on commit 5386735

Please sign in to comment.