{"id":24956694,"url":"https://github.com/doodlescheduling/prometheus-patch-controller","last_synced_at":"2025-03-28T20:37:45.859Z","repository":{"id":40387395,"uuid":"475810514","full_name":"DoodleScheduling/prometheus-patch-controller","owner":"DoodleScheduling","description":"Apply kubernetes resource patches based on prometheus rule evaluation","archived":false,"fork":false,"pushed_at":"2024-06-15T16:03:59.000Z","size":327,"stargazers_count":0,"open_issues_count":11,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-21T14:04:42.573Z","etag":null,"topics":["jsonpatch","kubernetes-controller","kubernetes-resource-patch","prometheus","prometheusrule"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DoodleScheduling.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-30T09:33:42.000Z","updated_at":"2024-06-21T14:04:47.305Z","dependencies_parsed_at":"2024-01-30T13:29:35.942Z","dependency_job_id":"bcfe0113-2d09-4d20-8dd0-349095d5cde7","html_url":"https://github.com/DoodleScheduling/prometheus-patch-controller","commit_stats":null,"previous_names":["doodlescheduling/prometheus-patch-controller","doodlescheduling/k8sprom-patch-controller"],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DoodleScheduling%2Fprometheus-patch-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DoodleScheduling%2Fprometheus-patch-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DoodleScheduling%2Fprometheus-patch-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DoodleScheduling%2Fprometheus-patch-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DoodleScheduling","download_url":"https://codeload.github.com/DoodleScheduling/prometheus-patch-controller/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246100386,"owners_count":20723466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jsonpatch","kubernetes-controller","kubernetes-resource-patch","prometheus","prometheusrule"],"created_at":"2025-02-03T06:40:47.868Z","updated_at":"2025-03-28T20:37:45.834Z","avatar_url":"https://github.com/DoodleScheduling.png","language":"Go","readme":"# Kubernetes resource patch controller using PromQL\n\n[![release](https://img.shields.io/github/release/DoodleScheduling/prometheus-patch-controller/all.svg)](https://github.com/DoodleScheduling/prometheus-patch-controller/releases)\n[![release](https://github.com/doodlescheduling/prometheus-patch-controller/actions/workflows/release.yaml/badge.svg)](https://github.com/doodlescheduling/prometheus-patch-controller/actions/workflows/release.yaml)\n[![report](https://goreportcard.com/badge/github.com/DoodleScheduling/prometheus-patch-controller)](https://goreportcard.com/report/github.com/DoodleScheduling/prometheus-patch-controller)\n[![Coverage Status](https://coveralls.io/repos/github/DoodleScheduling/prometheus-patch-controller/badge.svg?branch=master)](https://coveralls.io/github/DoodleScheduling/prometheus-patch-controller?branch=master)\n[![license](https://img.shields.io/github/license/DoodleScheduling/prometheus-patch-controller.svg)](https://github.com/DoodleScheduling/prometheus-patch-controller/blob/master/LICENSE)\n\nApply patches to kubernetes resources based on prometheus queries.\n\n## Example\n\n```yaml\napiVersion: metrics.infra.doodle.com/v1beta1\nkind: PrometheusPatchRule\nmetadata:\n  name: annotate-namespace\nspec:\n  prometheus:\n    address: http://prometheus-server.prometheus\n  expr: |\n    rate(nginx_ingress_controller_requests{exported_namespace=\"default\"}[5m]) == 0\n  for: 5m\n  interval: 2m\n  suspend: false\n  json6902Patches:\n  - target:\n      version: v1\n      resource: namespaces\n      name: default\n    patch:\n    - op: add\n      path: /metadata/annotations/has-ingress-traffic\"\n      value: \"false\"\n```\n\n## Details\n\n### Prometheus expression\nAs soon as the given rule spec.expr evaluates to `true` the patches spec.patches get applied to the defined target `spec.patches[].target`.\n\n### Pending state\nYou may define a window spec.for for which the rule will be in a pending condition similar to prometheus alerting rules.\nAs soon as the expression was `true` for the specified duration the patches get applied.\n\n### Patches\nDefine a list of patches which needs a target selector as well as a list of JSON 6902 patch operations.\nThe target select requires at least the api version `version` as well as the resource group `resource` which is usually the kind in plural lowercase.\n\n```yaml\njson6902Patches:\n- target:\n    version: v1\n    resource: namespaces\n    name: default\n  patch:\n  - op: add\n    path: /metadata/annotations/has-ingress-traffic\"\n    value: \"false\"\n```\nInstead selecting a single resource you may also select multiple ones by left out the name field.\nYou can filter multiple onse by specifying a comma separated label select: `labelSelector: label=value,label2=value`.\n\n### Interval\nDefines in what interval the rule is evaluated.\n\n### Suspend\nThe PrometheusPatchRule may be suspended setting spec.suspend to `true`. A suspended rule does not get reconciled, meaning no patches will be applied as long as the rule is suspended.\n\n### Remove patches\nBy design patches are **not** removed if the defined expression evaluates to `false` and if the patches have been added before.\nThe way to achieve this is to create another PrometheusPatchRule which expression does the opposite as well as reverse patches.\n\n## Installation\n\n### Requirements\nYou need a running prometheus [prometheus](https://prometheus.io/) (or any compatible prometheus service like [thanos](https://thanos.io/)).\n\n### Permission\nBy default both the helm chart and the kustomize default base have a cluster rolebinding to cluster-admin.\nMeaning the controller is granted full admin permission on the cluster.\nThis is needed as patch rules can target any kind of resources.\nYou may disable the binding and define fine grained cluster roles accordingly.\n\n### Helm\n\nPlease see [chart/prometheus-patch-controller](https://github.com/DoodleScheduling/prometheus-patch-controller/tree/master/chart/prometheus-patch-controller) for the helm chart docs.\n\n### Manifests/kustomize\n\nAlternatively you may get the bundled manifests in each release to deploy it using kustomize or use them directly.\n\n## Configure the controller\n\nThe controller can be configured using cmd args:\n```\n--concurrent int                            The number of concurrent Pod reconciles. (default 4)\n--enable-leader-election                    Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.\n--field-manager string                      The name of the field maanger used for server side apply https://kubernetes.io/docs/reference/using-api/server-side-apply/. (default \"prometheus-patch-controller\")\n--graceful-shutdown-timeout duration        The duration given to the reconciler to finish before forcibly stopping. (default 10m0s)\n--health-addr string                        The address the health endpoint binds to. (default \":9557\")\n--insecure-kubeconfig-exec                  Allow use of the user.exec section in kubeconfigs provided for remote apply.\n--insecure-kubeconfig-tls                   Allow that kubeconfigs provided for remote apply can disable TLS verification.\n--kube-api-burst int                        The maximum burst queries-per-second of requests sent to the Kubernetes API. (default 300)\n--kube-api-qps float32                      The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)\n--leader-election-lease-duration duration   Interval at which non-leader candidates will wait to force acquire leadership (duration string). (default 35s)\n--leader-election-release-on-cancel         Defines if the leader should step down voluntarily on controller manager shutdown. (default true)\n--leader-election-renew-deadline duration   Duration that the leading controller manager will retry refreshing leadership before giving up (duration string). (default 30s)\n--leader-election-retry-period duration     Duration the LeaderElector clients should wait between tries of actions (duration string). (default 5s)\n--log-encoding string                       Log encoding format. Can be 'json' or 'console'. (default \"json\")\n--log-level string                          Log verbosity level. Can be one of 'trace', 'debug', 'info', 'error'. (default \"info\")\n--max-retry-delay duration                  The maximum amount of time for which an object being reconciled will have to wait before a retry. (default 15m0s)\n--metrics-addr string                       The address the metric endpoint binds to. (default \":9556\")\n--min-retry-delay duration                  The minimum amount of time for which an object being reconciled will have to wait before a retry. (default 750ms)\n--watch-all-namespaces                      Watch for resources in all namespaces, if set to false it will only watch the runtime namespace. (default true)\n--watch-label-selector string               Watch for resources with matching labels e.g. 'sharding.fluxcd.io/shard=shard1'.\n\n``","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoodlescheduling%2Fprometheus-patch-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoodlescheduling%2Fprometheus-patch-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoodlescheduling%2Fprometheus-patch-controller/lists"}