Merge pull request #54 from pgier/bump-v0.36.0

Bump v0.36.0

.gitignore

@@ -1,5 +1,5 @@
 /operator
-/lint
+/po-lint
 /prometheus-config-reloader
 .build/
 *~

.travis.yml

@@ -28,9 +28,11 @@ jobs:
   - name: "Run unit tests"
     script: make test-unit
   - name: "Run e2e tests (Alertmanager)"
-    script: EXCLUDE_PROMETHEUS_TESTS=true ./scripts/travis-e2e.sh
+    script: EXCLUDE_PROMETHEUS_TESTS=true EXCLUDE_THANOS_TESTS=true ./scripts/travis-e2e.sh
   - name: "Run e2e tests (Prometheus)"
-    script: EXCLUDE_ALERTMANAGER_TESTS=true ./scripts/travis-e2e.sh
+    script: EXCLUDE_ALERTMANAGER_TESTS=true EXCLUDE_THANOS_TESTS=true ./scripts/travis-e2e.sh
+  - name: "Run e2e tests (Thanos)"
+    script: EXCLUDE_PROMETHEUS_TESTS=true EXCLUDE_ALERTMANAGER_TESTS=true ./scripts/travis-e2e.sh
 
   - name: "Push Docker Image"
     stage: push-docker-image

CHANGELOG.md

@@ -1,9 +1,20 @@
 ## Next release
 
-## 0.35.1 / 2020-02-05
-
-* [CHANGE] Restrict api extension RBAC rules (#2981)
-* [BUGFIX] Fix statefulset crash loop on kubernetes v1.17.0 (#3002)
+## 0.36.0 / 2020-02-10
+
+* [CHANGE] Rename binary `lint` to `po-lint` (#2964)
+* [CHANGE] Restrict api extension RBAC rules (#2974)
+* [FEATURE] Add operator for Thanos Ruler resources (#2943)
+* [FEATURE] Thanos Ruler Improvements (#2986, #2991, #2993, #2994, #3018, #3019)
+* [FEATURE] Add additional printer columns for custom resources (#2922)
+* [ENHANCEMENT] Set config-reloader containers resources (#2958)
+* [ENHANCEMENT] Fix broken links and remove spec.version in examples (#2961)
+* [ENHANCEMENT] Reduce deprecation warning verbosity (#2978)
+* [ENHANCEMENT] Build tooling improvements (#2979, #2982, #2983)
+* [ENHANCEMENT] Update Prometheus compatible version list (#2998)
+* [ENHANCEMENT] Fix broken links in documentation (#3005)
+* [ENHANCEMENT] Update default container image versions (#3007)
+* [BUGFIX] Fix statefulset crash loop in Kube 1.17 (#2987)
 
 ## 0.35.0 / 2020-01-13
 

Documentation/additional-scrape-config.md

@@ -6,7 +6,7 @@ are appended to the configurations generated by the Prometheus Operator.
 
 Job configurations specified must have the form as specified in the official
 [Prometheus documentation](
-https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<scrape_config>).
+https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config).
 As scrape configs are appended, the user is responsible to make sure it is
 valid. *Note* that using this feature may expose the possibility to break
 upgrades of Prometheus.

Documentation/api.md

@@ -48,6 +48,10 @@ This Document documents the types introduced by the Prometheus Operator to be co
 * [StorageSpec](#storagespec)
 * [TLSConfig](#tlsconfig)
 * [ThanosSpec](#thanosspec)
+* [ThanosRuler](#thanosruler)
+* [ThanosRulerList](#thanosrulerlist)
+* [ThanosRulerSpec](#thanosrulerspec)
+* [ThanosRulerStatus](#thanosrulerstatus)
 
 ## APIServerConfig
 
@@ -519,13 +523,14 @@ Rule describes an alerting or recording rule.
 
 ## RuleGroup
 
-RuleGroup is a list of sequentially evaluated recording and alerting rules.
+RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances.  Valid values for this field are 'warn' or 'abort'.  More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response
 
 | Field | Description | Scheme | Required |
 | ----- | ----------- | ------ | -------- |
 | name |  | string | true |
 | interval |  | string | false |
 | rules |  | [][Rule](#rule) | true |
+| partial_response_strategy |  | string | false |
 
 [Back to TOC](#table-of-contents)
 
@@ -642,5 +647,78 @@ ThanosSpec defines parameters for a Prometheus server within a Thanos deployment
 | resources | Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) | false |
 | objectStorageConfig | ObjectStorageConfig configures object storage in Thanos. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#secretkeyselector-v1-core) | false |
 | listenLocal | ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. | bool | false |
+| tracingConfig | TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#secretkeyselector-v1-core) | false |
+
+[Back to TOC](#table-of-contents)
+
+## ThanosRuler
+
+ThanosRuler defines a ThanosRuler deployment.
+
+| Field | Description | Scheme | Required |
+| ----- | ----------- | ------ | -------- |
+| metadata |  | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#objectmeta-v1-meta) | false |
+| spec | Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | [ThanosRulerSpec](#thanosrulerspec) | true |
+| status | Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | *[ThanosRulerStatus](#thanosrulerstatus) | false |
+
+[Back to TOC](#table-of-contents)
+
+## ThanosRulerList
+
+ThanosRulerList is a list of ThanosRulers.
+
+| Field | Description | Scheme | Required |
+| ----- | ----------- | ------ | -------- |
+| metadata | Standard list metadata More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#listmeta-v1-meta) | false |
+| items | List of Prometheuses | []*[ThanosRuler](#thanosruler) | true |
+
+[Back to TOC](#table-of-contents)
+
+## ThanosRulerSpec
+
+ThanosRulerSpec is a specification of the desired behavior of the ThanosRuler. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+| Field | Description | Scheme | Required |
+| ----- | ----------- | ------ | -------- |
+| podMetadata | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | *[metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#objectmeta-v1-meta) | false |
+| image | Thanos container image URL. | string | false |
+| imagePullSecrets | An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#localobjectreference-v1-core) | false |
+| paused | When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. | bool | false |
+| replicas | Number of thanos ruler instances to deploy. | *int32 | false |
+| resources | Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set | [v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) | false |
+| storage | Storage spec to specify how storage shall be used. | *[StorageSpec](#storagespec) | false |
+| volumes | Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. | []v1.Volume | false |
+| objectStorageConfig | ObjectStorageConfig configures object storage in Thanos. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#secretkeyselector-v1-core) | false |
+| listenLocal | ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. | bool | false |
+| queryEndpoints | QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. | []string | true |
+| alertmanagersUrl | Define URL to send alerts to alertmanager.  For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Maps to the `alertmanagers.url` arg. | string | false |
+| alertmanagersConfig | Define configuration for connecting to alertmanager.  Only available with thanos v0.10.0 and higher.  Maps to the `alertmanagers.config` arg. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#secretkeyselector-v1-core) | false |
+| ruleSelector | A label selector to select which PrometheusRules to mount for alerting and recording. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#labelselector-v1-meta) | false |
+| ruleNamespaceSelector | Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. | *[metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#labelselector-v1-meta) | false |
+| enforcedNamespaceLabel | EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. | string | false |
+| logLevel | Log level for ThanosRuler to be configured with. | string | false |
+| logFormat | Log format for ThanosRuler to be configured with. | string | false |
+| portName | Port name used for the pods and governing service. This defaults to web | string | false |
+| evaluationInterval | Interval between consecutive evaluations. | string | false |
+| retention | Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (milliseconds seconds minutes hours days weeks years). | string | false |
+| containers | Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | []v1.Container | false |
+| initContainers | InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. | []v1.Container | false |
+| tracingConfig | TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. | *[v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#secretkeyselector-v1-core) | false |
+| labels | Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. | map[string]string | false |
+| alertDropLabels | AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. | []string | false |
+
+[Back to TOC](#table-of-contents)
+
+## ThanosRulerStatus
+
+ThanosRulerStatus is the most recent observed status of the ThanosRuler. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+| Field | Description | Scheme | Required |
+| ----- | ----------- | ------ | -------- |
+| paused | Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. | bool | true |
+| replicas | Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). | int32 | true |
+| updatedReplicas | Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. | int32 | true |
+| availableReplicas | Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. | int32 | true |
+| unavailableReplicas | Total number of unavailable pods targeted by this ThanosRuler deployment. | int32 | true |
 
 [Back to TOC](#table-of-contents)

Documentation/compatibility.md

@@ -49,6 +49,8 @@ The versions of Prometheus compatible to be run with the Prometheus Operator are
 * v2.9.2
 * v2.10.0
 * v2.11.0
+* v2.14.0
+* v2.15.2
 
 ## Alertmanager
 

Documentation/network-policies.md

@@ -5,7 +5,7 @@
 
 # Network policies
 
-[Network policies](https://kubernetes.io/docs/user-guide/networkpolicies/) allow you easily restrict the ingress traffic between pods using [k8s labels](https://kubernetes.io/docs/user-guide/labels/).
+[Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) allow you easily restrict the ingress traffic between pods using [k8s labels](https://kubernetes.io/docs/user-guide/labels/).
 To keep your cluster safer, it's strongly recommended to enable network policies into prometheus namespace.
 
 # Example

Documentation/rbac.md

@@ -21,7 +21,7 @@ metadata:
   labels:
     app.kubernetes.io/component: controller
     app.kubernetes.io/name: prometheus-operator
-    app.kubernetes.io/version: v0.35.1
+    app.kubernetes.io/version: v0.36.0
   name: prometheus-operator
 rules:
 - apiGroups:
@@ -38,6 +38,7 @@ rules:
   - prometheuses.monitoring.coreos.com
   - prometheusrules.monitoring.coreos.com
   - servicemonitors.monitoring.coreos.com
+  - thanosrulers.monitoring.coreos.com
   resources:
   - customresourcedefinitions
   verbs:
@@ -47,9 +48,11 @@ rules:
   - monitoring.coreos.com
   resources:
   - alertmanagers
+  - alertmanagers/finalizers
   - prometheuses
   - prometheuses/finalizers
-  - alertmanagers/finalizers
+  - thanosrulers
+  - thanosrulers/finalizers
   - servicemonitors
   - podmonitors
   - prometheusrules
@@ -169,7 +172,7 @@ metadata:
   labels:
     app.kubernetes.io/component: controller
     app.kubernetes.io/name: prometheus-operator
-    app.kubernetes.io/version: v0.35.1
+    app.kubernetes.io/version: v0.36.0
   name: prometheus-operator
   namespace: default
 ```
@@ -186,7 +189,7 @@ metadata:
   labels:
     app.kubernetes.io/component: controller
     app.kubernetes.io/name: prometheus-operator
-    app.kubernetes.io/version: v0.35.1
+    app.kubernetes.io/version: v0.36.0
   name: prometheus-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -228,4 +231,4 @@ subjects:
   namespace: default
 ```
 
-> See [Using Authorization Plugins](https://kubernetes.io/docs/admin/authorization/) for further usage information on RBAC components.
+> See [Using Authorization Plugins](https://kubernetes.io/docs/reference/access-authn-authz/authorization/) for further usage information on RBAC components.