diff --git a/CHANGELOG.md b/CHANGELOG.md index d3c0f73358cd..2fe2fa910b85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,24 @@ This document contains a historical list of changes between releases. Only changes that impact end-user behavior are listed; changes to documentation or internal API changes are not present. + +v0.26.1 (2022-07-25) +------------------------- + +> **BREAKING CHANGES**: This release has breaking changes. Please read entries +> carefully and consult the [upgrade guide][] for specific instructions. + +### Breaking changes + +- Change windows certificate store so client certificate is no longer required in store. (@mattdurham) + +### Bugfixes + +- Operator: Fix issue where configured `targetPort` ServiceMonitors resulted in + generating an incorrect scrape_config. (@rfratto) + +- Build the Linux/AMD64 artifacts using the opt-out flag for the ebpf_exporter. (@tpaschalis) + v0.26.0 (2022-07-18) ------------------------- @@ -35,7 +53,7 @@ v0.26.0 (2022-07-18) ### Bugfixes - Relative symlinks for promtail now work as expected. (@RangerCD, @mukerjee) - + - Fix rate limiting implementation for the app agent receiver integration. (@domasx2) - Fix mongodb exporter so that it now collects all metrics. (@mattdurham) @@ -90,13 +108,11 @@ v0.25.0 (2022-06-06) - `extra-scrape-metrics` can now be enabled with the `--enable-features=extra-scrape-metrics` feature flag. See https://prometheus.io/docs/prometheus/2.31/feature_flags/#extra-scrape-metrics for details. (@rlankfo) - - Resolved issue in v2 integrations where if an instance name was a prefix of another the route handler would fail to match requests on the longer name (@mattdurham) - Set `include_metadata` to true by default for OTLP traces receivers (@mapno) - ### Bugfixes - Scraping service was not honoring the new server grpc flags `server.grpc.address`. (@mattdurham) diff --git a/Makefile b/Makefile index bfee428b8a1d..fb67f6a1591a 100644 --- a/Makefile +++ b/Makefile @@ -294,6 +294,9 @@ dist: dist-agent dist-agentctl dist-packages #################### dist-agent: seego dist/agent-linux-amd64 dist/agent-linux-arm64 dist/agent-linux-armv6 dist/agent-linux-armv7 dist/agent-linux-ppc64le dist/agent-darwin-amd64 dist/agent-darwin-arm64 dist/agent-windows-amd64.exe dist/agent-freebsd-amd64 dist/agent-windows-installer.exe + +# Override CGO_FLAGS to add the noebpf build tag in linux/amd64 builds +dist/agent-linux-amd64: CGO_FLAGS := -ldflags "-s -w $(GO_LDFLAGS)" -tags "netgo noebpf" $(GOFLAGS) dist/agent-linux-amd64: seego $(call SetBuildVarsConditional,linux/amd64) ; $(seego) build $(CGO_FLAGS) -o $@ ./cmd/agent @@ -341,6 +344,8 @@ dist/agent-freebsd-amd64: seego dist-agentctl: seego dist/agentctl-linux-amd64 dist/agentctl-linux-arm64 dist/agentctl-linux-armv6 dist/agentctl-linux-armv7 dist/agentctl-darwin-amd64 dist/agentctl-darwin-arm64 dist/agentctl-windows-amd64.exe dist/agentctl-freebsd-amd64 +# Override CGO_FLAGS to add the noebpf build tag in linux/amd64 builds +dist/agentctl-linux-amd64: CGO_FLAGS := -ldflags "-s -w $(GO_LDFLAGS)" -tags "netgo noebpf" $(GOFLAGS) dist/agentctl-linux-amd64: seego $(call SetBuildVarsConditional,linux/amd64); $(seego) build $(CGO_FLAGS) -o $@ ./cmd/agentctl diff --git a/docs/sources/configuration/integrations/node-exporter-config.md b/docs/sources/configuration/integrations/node-exporter-config.md index 3e06fbd5b5d3..10701baa866c 100644 --- a/docs/sources/configuration/integrations/node-exporter-config.md +++ b/docs/sources/configuration/integrations/node-exporter-config.md @@ -28,7 +28,7 @@ docker run \ -v "/proc:/host/proc:ro,rslave" \ -v /tmp/agent:/etc/agent \ -v /path/to/config.yaml:/etc/agent-config/agent.yaml \ - grafana/agent:v0.26.0 \ + grafana/agent:v0.26.1 \ --config.file=/etc/agent-config/agent.yaml ``` @@ -67,7 +67,7 @@ metadata: name: agent spec: containers: - - image: grafana/agent:v0.26.0 + - image: grafana/agent:v0.26.1 name: agent args: - --config.file=/etc/agent-config/agent.yaml diff --git a/docs/sources/configuration/integrations/process-exporter-config.md b/docs/sources/configuration/integrations/process-exporter-config.md index 2c19f89df01b..1cf50e05cdcc 100644 --- a/docs/sources/configuration/integrations/process-exporter-config.md +++ b/docs/sources/configuration/integrations/process-exporter-config.md @@ -20,7 +20,7 @@ docker run \ -v "/proc:/proc:ro" \ -v /tmp/agent:/etc/agent \ -v /path/to/config.yaml:/etc/agent-config/agent.yaml \ - grafana/agent:v0.26.0 \ + grafana/agent:v0.26.1 \ --config.file=/etc/agent-config/agent.yaml ``` @@ -37,7 +37,7 @@ metadata: name: agent spec: containers: - - image: grafana/agent:v0.26.0 + - image: grafana/agent:v0.26.1 name: agent args: - --config.file=/etc/agent-config/agent.yaml diff --git a/docs/sources/configuration/server-config.md b/docs/sources/configuration/server-config.md index 2c55cc5a22b8..8e5c38008265 100644 --- a/docs/sources/configuration/server-config.md +++ b/docs/sources/configuration/server-config.md @@ -76,12 +76,6 @@ server: ### windows_client_config ```yaml -# Name of the system store to look for the Client Certificate ex LocalMachine, CurrentUser -system_store: - -# Name of the store to look for the Client Certificate ex My, CA -store: - # Array of issuer common names to check against issuer_common_names: [- ... ] diff --git a/docs/sources/operator/custom-resource-quickstart.md b/docs/sources/operator/custom-resource-quickstart.md index 32eaa803bbc9..ae8627645ba2 100644 --- a/docs/sources/operator/custom-resource-quickstart.md +++ b/docs/sources/operator/custom-resource-quickstart.md @@ -45,7 +45,7 @@ metadata: labels: app: grafana-agent spec: - image: grafana/agent:v0.26.0 + image: grafana/agent:v0.26.1 logLevel: info serviceAccountName: grafana-agent metrics: diff --git a/docs/sources/operator/getting-started.md b/docs/sources/operator/getting-started.md index 5463a0f7029b..33bbbb79822c 100644 --- a/docs/sources/operator/getting-started.md +++ b/docs/sources/operator/getting-started.md @@ -74,7 +74,7 @@ spec: serviceAccountName: grafana-agent-operator containers: - name: operator - image: grafana/agent-operator:v0.26.0 + image: grafana/agent-operator:v0.26.1 args: - --kubelet-service=default/kubelet --- diff --git a/docs/sources/set-up/install-agent-docker.md b/docs/sources/set-up/install-agent-docker.md index b1d79f1b4513..646b0ee4fbae 100644 --- a/docs/sources/set-up/install-agent-docker.md +++ b/docs/sources/set-up/install-agent-docker.md @@ -21,7 +21,7 @@ Install Grafana Agent and get it up and running on Docker. docker run \ -v /tmp/agent:/etc/agent/data \ -v /path/to/config.yaml:/etc/agent/agent.yaml \ - grafana/agent:v0.26.0 + grafana/agent:v0.26.1 ``` 2. Replace `/tmp/agent` with the folder you want to store WAL data in. diff --git a/pkg/operator/config/templates/component/metrics/service_monitor.libsonnet b/pkg/operator/config/templates/component/metrics/service_monitor.libsonnet index 02421eb9e505..3b7872726526 100644 --- a/pkg/operator/config/templates/component/metrics/service_monitor.libsonnet +++ b/pkg/operator/config/templates/component/metrics/service_monitor.libsonnet @@ -131,7 +131,7 @@ function( action: 'keep', } else if endpoint.TargetPort != null then ( if endpoint.TargetPort.StrVal != '' then { - source_labels: ['__meta_kubernetes_pod_container_name'], + source_labels: ['__meta_kubernetes_pod_container_port_name'], regex: endpoint.TargetPort.StrVal, action: 'keep', } else if endpoint.TargetPort.IntVal != 0 then { diff --git a/pkg/operator/defaults.go b/pkg/operator/defaults.go index ff2cf9cd5513..ddf2fa51f440 100644 --- a/pkg/operator/defaults.go +++ b/pkg/operator/defaults.go @@ -27,6 +27,7 @@ var ( "v0.25.0", "v0.25.1", "v0.26.0", + "v0.26.1", // NOTE(rfratto): when performing an upgrade, add the newest version above instead of changing the existing reference. } diff --git a/pkg/server/tls.go b/pkg/server/tls.go index c2afa4bb20a0..fc92db8bc9a8 100644 --- a/pkg/server/tls.go +++ b/pkg/server/tls.go @@ -36,8 +36,6 @@ type WindowsCertificateFilter struct { // WindowsClientFilter is used to select a client root CA certificate type WindowsClientFilter struct { - Store string `yaml:"store,omitempty"` - SystemStore string `yaml:"system_store,omitempty"` IssuerCommonNames []string `yaml:"issuer_common_names,omitempty"` SubjectRegEx string `yaml:"subject_regex,omitempty"` TemplateID string `yaml:"template_id,omitempty"` diff --git a/pkg/server/tls_certstore_windows.go b/pkg/server/tls_certstore_windows.go index 055ed1760853..23a35df4e6a4 100644 --- a/pkg/server/tls_certstore_windows.go +++ b/pkg/server/tls_certstore_windows.go @@ -7,16 +7,32 @@ import ( "crypto/x509" "encoding/asn1" "fmt" + "github.com/github/smimesign/certstore" + "github.com/go-kit/log" + "github.com/go-kit/log/level" "regexp" "sort" "sync" "time" +) - "github.com/go-kit/log" - "github.com/go-kit/log/level" +// winCertStoreHandler handles the finding of certificates, validating them and injecting into the default TLS pipeline +type winCertStoreHandler struct { + cfg WindowsCertificateFilter + subjectRegEx *regexp.Regexp + log log.Logger - "github.com/github/smimesign/certstore" -) + winMut sync.Mutex + serverCert *x509.Certificate + serverSigner crypto.PrivateKey + // We have to store the identity to access the signer (it's a win32 api call), if we close the identity + // we lose access to the signer + // the client does NOT need the signer + serverIdentity certstore.Identity + clientAuth tls.ClientAuthType + + cancelContext context.Context +} func (l *tlsListener) applyWindowsCertificateStore(c TLSConfig) error { @@ -58,15 +74,8 @@ func (l *tlsListener) applyWindowsCertificateStore(c TLSConfig) error { if err != nil { return err } - // CertPool, if there is a clientrootca use it, else pass in nil which will use the default certs - var certPool *x509.CertPool - if cn.clientRootCA != nil { - certPool = x509.NewCertPool() - certPool.AddCert(cn.clientRootCA) - } config := &tls.Config{ - ClientCAs: certPool, VerifyPeerCertificate: cn.VerifyPeer, GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { cn.winMut.Lock() @@ -102,25 +111,55 @@ func (l *tlsListener) applyWindowsCertificateStore(c TLSConfig) error { return nil } -// this is the ASN1 Object Identifier for TemplateID -var asnTemplateOID = "1.3.6.1.4.1.311.21.7" +// VerifyPeer is called by the TLS pipeline, and specified in tls.config, this is where any custom verification happens +func (c *winCertStoreHandler) VerifyPeer(_ [][]byte, verifiedChains [][]*x509.Certificate) error { + opts := x509.VerifyOptions{} + clientCert := verifiedChains[0][0] -type winCertStoreHandler struct { - cfg WindowsCertificateFilter - subjectRegEx *regexp.Regexp - log log.Logger + // Check for issuer + issuerMatches := len(c.cfg.Client.IssuerCommonNames) == 0 + for _, cn := range c.cfg.Client.IssuerCommonNames { + if cn == clientCert.Issuer.CommonName { + issuerMatches = true + break + } + } + if !issuerMatches { + return fmt.Errorf("unable to match client issuer") + } - winMut sync.Mutex - serverCert *x509.Certificate - serverSigner crypto.PrivateKey - // We have to store the identity to access the signer (it's a win32 api call), if we close the identity - // we lose access to the signer - // the client does NOT need the signer - serverIdentity certstore.Identity - clientRootCA *x509.Certificate - clientAuth tls.ClientAuthType + // Check for subject + subjectMatches := true + if c.subjectRegEx != nil { + if !c.subjectRegEx.MatchString(clientCert.Subject.CommonName) { + subjectMatches = false + } + } + if !subjectMatches { + return fmt.Errorf("unable to match client subject") + } + + // Check for template id + if c.cfg.Client.TemplateID != "" { + templateid := getTemplateID(clientCert) + if templateid != c.cfg.Client.TemplateID { + return fmt.Errorf("unable to match client template id") + } + } + + // call the normal pipeline + _, err := clientCert.Verify(opts) + return err - cancelContext context.Context +} + +// this is the ASN1 Object Identifier for TemplateID +var asnTemplateOID = "1.3.6.1.4.1.311.21.7" + +type templateInformation struct { + Template asn1.ObjectIdentifier + MajorVersion int + MinorVersion int } func (c *winCertStoreHandler) startUpdateTimer() { @@ -159,8 +198,6 @@ func (c *winCertStoreHandler) refreshCerts() (err error) { c.serverIdentity.Close() } var serverIdentity certstore.Identity - var clientIdentity certstore.Identity - var clientCertificate *x509.Certificate // This handles closing all our various handles defer func() { // we have to keep the server identity open if we want to use it, BUT only if an error occurred, else we need it @@ -168,10 +205,6 @@ func (c *winCertStoreHandler) refreshCerts() (err error) { if serverIdentity != nil && err != nil { serverIdentity.Close() } - // Client identity does NOT need to be open since we dont need to sign - if clientIdentity != nil { - clientIdentity.Close() - } }() serverIdentity, err = c.findServerIdentity() if err != nil { @@ -186,23 +219,9 @@ func (c *winCertStoreHandler) refreshCerts() (err error) { return fmt.Errorf("failed getting server signer %w", err) } - clientIdentity, err = c.findClientIdentity() - if err != nil { - return fmt.Errorf("failed getting client identity %w", err) - } - if clientIdentity == nil && (c.clientAuth == tls.RequireAndVerifyClientCert || c.clientAuth == tls.RequestClientCert) { - return fmt.Errorf("client auth requires a certificate (RequireAndVerifyClientCert or RequestClientCert) and failed getting client identity") - } - if clientIdentity != nil { - clientCertificate, err = clientIdentity.Certificate() - if err != nil { - return fmt.Errorf("failed getting client certificate %w", err) - } - } c.serverCert = sc c.serverSigner = signer - c.clientRootCA = clientCertificate c.serverIdentity = serverIdentity return } @@ -210,15 +229,8 @@ func (c *winCertStoreHandler) refreshCerts() (err error) { func (c *winCertStoreHandler) findServerIdentity() (certstore.Identity, error) { return c.findCertificate(c.cfg.Server.SystemStore, c.cfg.Server.Store, c.cfg.Server.IssuerCommonNames, c.cfg.Server.TemplateID, nil, c.getStore) } -func (c *winCertStoreHandler) findClientIdentity() (certstore.Identity, error) { - // Client certificate is not required - // Valid configurations are checked further in findCertificate - if c.cfg.Client == nil { - return nil, nil - } - return c.findCertificate(c.cfg.Client.SystemStore, c.cfg.Client.Store, c.cfg.Client.IssuerCommonNames, c.cfg.Client.TemplateID, c.subjectRegEx, c.getStore) -} +// getStore converts the string representation to the enum representation func (c *winCertStoreHandler) getStore(systemStore string, storeName string) (certstore.Store, error) { st, err := certstore.StringToStoreType(systemStore) if err != nil { @@ -233,11 +245,12 @@ func (c *winCertStoreHandler) getStore(systemStore string, storeName string) (ce type getStoreFunc func(systemStore, storeName string) (certstore.Store, error) +// findCertificate applies the filters to get the server certificate func (c *winCertStoreHandler) findCertificate(systemStore string, storeName string, commonNames []string, templateID string, subjectRegEx *regexp.Regexp, getStore getStoreFunc) (certstore.Identity, error) { var store certstore.Store var validIdentity certstore.Identity var identities []certstore.Identity - // Lots of cleanup here that point to windows handles. + // Lots of cleanup here for pointers to windows handles. defer func() { if store != nil { store.Close() @@ -325,26 +338,26 @@ func (c *winCertStoreHandler) filterByTemplateID(input []certstore.Identity, id if err != nil { return nil, err } - for _, ext := range cert.Extensions { - if ext.Id.String() == asnTemplateOID { - templateInfo := &templateInformation{} - _, err := asn1.Unmarshal(ext.Value, templateInfo) - if err != nil { - return nil, err - } - if templateInfo.Template.String() == id { - returnIdentities = append(returnIdentities, identity) - } - } + templateid := getTemplateID(cert) + if templateid == id { + returnIdentities = append(returnIdentities, identity) } } return returnIdentities, nil } -type templateInformation struct { - Template asn1.ObjectIdentifier - MajorVersion int - MinorVersion int +func getTemplateID(cert *x509.Certificate) string { + for _, ext := range cert.Extensions { + if ext.Id.String() == asnTemplateOID { + templateInfo := &templateInformation{} + _, err := asn1.Unmarshal(ext.Value, templateInfo) + if err != nil { + return "" + } + return templateInfo.Template.String() + } + } + return "" } func (c *winCertStoreHandler) filterBySubjectRegularExpression(input []certstore.Identity, regEx *regexp.Regexp) ([]certstore.Identity, error) { @@ -364,11 +377,3 @@ func (c *winCertStoreHandler) filterBySubjectRegularExpression(input []certstore } return returnIdentities, nil } - -func (c *winCertStoreHandler) VerifyPeer(_ [][]byte, verifiedChains [][]*x509.Certificate) error { - opts := x509.VerifyOptions{} - clientCert := verifiedChains[0][0] - _, err := clientCert.Verify(opts) - return err - -} diff --git a/pkg/server/tls_certstore_windows_test.go b/pkg/server/tls_certstore_windows_test.go index b5350ea6bfd8..63fec454ad8c 100644 --- a/pkg/server/tls_certstore_windows_test.go +++ b/pkg/server/tls_certstore_windows_test.go @@ -6,7 +6,6 @@ import ( "crypto/x509/pkix" "encoding/asn1" "math/big" - "regexp" "testing" "time" @@ -154,64 +153,6 @@ func TestMatching2CertsGetMostRecent(t *testing.T) { require.Equal(t, foundCert, shouldFind) } -func TestRegularExpression(t *testing.T) { - c := &winCertStoreHandler{ - cfg: WindowsCertificateFilter{ - Client: &WindowsClientFilter{ - Store: "My", - SystemStore: "LocalMachine", - TemplateID: "1.2.3", - SubjectRegEx: "[Villa]", - }, - }, - } - var subjectRegEx *regexp.Regexp - subjectRegEx, err := regexp.Compile(c.cfg.Client.SubjectRegEx) - require.NoError(t, err) - c.subjectRegEx = subjectRegEx - serverSt := newFakeStore() - sc := makeCert(time.Now().Add(time.Duration(-5)*time.Minute), time.Now().Add(5*time.Minute), []int{1, 2, 3}, "BobVilla", "") - serverSt.identities = append(serverSt.identities, newFakeIdentity(sc)) - findCert := func(systemStore, _ string) (certstore.Store, error) { - return serverSt, nil - } - identity, err := c.findCertificate(c.cfg.Client.SystemStore, c.cfg.Client.Store, c.cfg.Client.IssuerCommonNames, c.cfg.Client.TemplateID, c.subjectRegEx, findCert) - - require.NoError(t, err) - foundCert, err := identity.Certificate() - require.NoError(t, err) - require.Equal(t, foundCert, sc) -} - -func TestRegularExpression_Fail(t *testing.T) { - c := &winCertStoreHandler{ - cfg: WindowsCertificateFilter{ - Client: &WindowsClientFilter{ - Store: "My", - SystemStore: "LocalMachine", - TemplateID: "1.2.3", - SubjectRegEx: "[Villa]", - }, - }, - } - var subjectRegEx *regexp.Regexp - subjectRegEx, err := regexp.Compile(c.cfg.Client.SubjectRegEx) - require.NoError(t, err) - c.subjectRegEx = subjectRegEx - serverSt := newFakeStore() - sc := makeCert(time.Now().Add(time.Duration(-5)*time.Minute), time.Now().Add(5*time.Minute), []int{1, 2, 3}, "BAD_EXAMPLE", "") - serverSt.identities = append(serverSt.identities, newFakeIdentity(sc)) - - findCert := func(systemStore, _ string) (certstore.Store, error) { - return serverSt, nil - } - identity, err := c.findCertificate(c.cfg.Client.SystemStore, c.cfg.Client.Store, c.cfg.Client.IssuerCommonNames, c.cfg.Client.TemplateID, c.subjectRegEx, findCert) - - require.Error(t, err) - require.Nil(t, identity) - -} - type fakeStore struct { identities []fakeIdentity closed bool diff --git a/production/grafanacloud-install.sh b/production/grafanacloud-install.sh index a00e92b752fb..5014e381a41e 100755 --- a/production/grafanacloud-install.sh +++ b/production/grafanacloud-install.sh @@ -50,7 +50,7 @@ PACKAGE_SYSTEM=${PACKAGE_SYSTEM:=} # # Global constants. # -RELEASE_VERSION="0.26.0" +RELEASE_VERSION="0.26.1" RELEASE_URL="https://github.com/grafana/agent/releases/download/v${RELEASE_VERSION}" DEB_URL="${RELEASE_URL}/grafana-agent-${RELEASE_VERSION}-1.${ARCH}.deb" diff --git a/production/kubernetes/agent-bare.yaml b/production/kubernetes/agent-bare.yaml index bcc3e995d627..5df31b9ffa0c 100644 --- a/production/kubernetes/agent-bare.yaml +++ b/production/kubernetes/agent-bare.yaml @@ -84,7 +84,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: grafana/agent:v0.26.0 + image: grafana/agent:v0.26.1 imagePullPolicy: IfNotPresent name: grafana-agent ports: diff --git a/production/kubernetes/agent-loki.yaml b/production/kubernetes/agent-loki.yaml index 0b2aba137bf1..47e6372c1fd6 100644 --- a/production/kubernetes/agent-loki.yaml +++ b/production/kubernetes/agent-loki.yaml @@ -66,7 +66,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: grafana/agent:v0.26.0 + image: grafana/agent:v0.26.1 imagePullPolicy: IfNotPresent name: grafana-agent-logs ports: diff --git a/production/kubernetes/agent-traces.yaml b/production/kubernetes/agent-traces.yaml index 81588502c1c2..9642b4d2e34f 100644 --- a/production/kubernetes/agent-traces.yaml +++ b/production/kubernetes/agent-traces.yaml @@ -111,7 +111,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: grafana/agent:v0.26.0 + image: grafana/agent:v0.26.1 imagePullPolicy: IfNotPresent name: grafana-agent-traces ports: diff --git a/production/kubernetes/build/lib/version.libsonnet b/production/kubernetes/build/lib/version.libsonnet index 247f095f6774..c481fbd5a2cb 100644 --- a/production/kubernetes/build/lib/version.libsonnet +++ b/production/kubernetes/build/lib/version.libsonnet @@ -1 +1 @@ -'grafana/agent:v0.26.0' +'grafana/agent:v0.26.1' diff --git a/production/kubernetes/install-bare.sh b/production/kubernetes/install-bare.sh index 73865e5191dc..f1345eed9b89 100644 --- a/production/kubernetes/install-bare.sh +++ b/production/kubernetes/install-bare.sh @@ -25,7 +25,7 @@ check_installed() { check_installed curl check_installed envsubst -MANIFEST_BRANCH=v0.26.0 +MANIFEST_BRANCH=v0.26.1 MANIFEST_URL=${MANIFEST_URL:-https://raw.githubusercontent.com/grafana/agent/${MANIFEST_BRANCH}/production/kubernetes/agent-bare.yaml} NAMESPACE=${NAMESPACE:-default} diff --git a/production/tanka/grafana-agent/v1/main.libsonnet b/production/tanka/grafana-agent/v1/main.libsonnet index 54ab13c33942..c3ad50ddb643 100644 --- a/production/tanka/grafana-agent/v1/main.libsonnet +++ b/production/tanka/grafana-agent/v1/main.libsonnet @@ -15,8 +15,8 @@ local service = k.core.v1.service; (import './lib/traces.libsonnet') + { _images:: { - agent: 'grafana/agent:v0.26.0', - agentctl: 'grafana/agentctl:v0.26.0', + agent: 'grafana/agent:v0.26.1', + agentctl: 'grafana/agentctl:v0.26.1', }, // new creates a new DaemonSet deployment of the grafana-agent. By default, diff --git a/production/tanka/grafana-agent/v2/internal/base.libsonnet b/production/tanka/grafana-agent/v2/internal/base.libsonnet index 9e0a0eb64afe..36df3854ad66 100644 --- a/production/tanka/grafana-agent/v2/internal/base.libsonnet +++ b/production/tanka/grafana-agent/v2/internal/base.libsonnet @@ -11,8 +11,8 @@ function(name='grafana-agent', namespace='') { local this = self, _images:: { - agent: 'grafana/agent:v0.26.0', - agentctl: 'grafana/agentctl:v0.26.0', + agent: 'grafana/agent:v0.26.1', + agentctl: 'grafana/agentctl:v0.26.1', }, _config:: { name: name, diff --git a/production/tanka/grafana-agent/v2/internal/syncer.libsonnet b/production/tanka/grafana-agent/v2/internal/syncer.libsonnet index b4faffa1b931..aa5532d89cd0 100644 --- a/production/tanka/grafana-agent/v2/internal/syncer.libsonnet +++ b/production/tanka/grafana-agent/v2/internal/syncer.libsonnet @@ -14,7 +14,7 @@ function( ) { local _config = { api: error 'api must be set', - image: 'grafana/agentctl:v0.26.0', + image: 'grafana/agentctl:v0.26.1', schedule: '*/5 * * * *', configs: [], } + config,