Add Grafana container user. Cleanup.

This commit is contained in:
Carlos de Paula 2020-04-15 11:24:08 -03:00
parent 8c418b73bb
commit adc5d20086
3 changed files with 8 additions and 5 deletions

View File

@ -92,6 +92,11 @@ local vars = import 'vars.jsonnet';
spec+: { spec+: {
template+: { template+: {
spec+: { spec+: {
securityContext: {
runAsUser: 472,
fsGroup: 472,
runAsNonRoot: true,
},
volumes: volumes:
std.map( std.map(
function(v) function(v)

View File

@ -5,8 +5,6 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet')
+ (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') + (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet')
+ (import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet') + (import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet')
+ (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet')
// Use http Kubelet targets. Comment to revert to https
// + (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet')
// Additional modules are loaded dynamically from vars.jsonnet // Additional modules are loaded dynamically from vars.jsonnet
+ utils.join_objects([module.file for module in vars.modules if module.enabled]) + utils.join_objects([module.file for module in vars.modules if module.enabled])
// Load K3s customized modules // Load K3s customized modules
@ -19,12 +17,13 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet')
// Generate core modules // Generate core modules
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) }
// First generate operator resources except the serviceMonitors
{ {
['0prometheus-operator-' + name]: kp.prometheusOperator[name] ['0prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
} + }
// serviceMonitor is separated so that it can be created after the CRDs are ready // serviceMonitor is separated so that it can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor }
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) }
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) }

View File

@ -223,7 +223,6 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
}, },
}; };
std.mergePatch(s, t) std.mergePatch(s, t)
// s + t
), ),