Synchronize from upstream

templates/grafana/deployment.yaml

@@ -18,9 +18,10 @@ spec:
       labels:
         name: grafana
         phase: prod
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: grafana
           image: docker.io/grafana/grafana:7.1.5

templates/prometheus/config.yaml

@@ -34,7 +34,7 @@ data:
     - job_name: 'kubernetes-apiservers'
       kubernetes_sd_configs:
       - role: endpoints
-      
+
       scheme: https
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
@@ -74,7 +74,7 @@ data:
     - job_name: 'kubelet'
       kubernetes_sd_configs:
       - role: node
-      
+
       scheme: https
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
@@ -82,10 +82,6 @@ data:
         insecure_skip_verify: true
       bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
 
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_name
-
     # Scrape config for Kubelet cAdvisor. Explore metrics from a node by
     # scraping kubelet (127.0.0.1:10250/metrics/cadvisor).
     - job_name: 'kubernetes-cadvisor'
@@ -100,9 +96,6 @@ data:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
       bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
 
-      relabel_configs:
-      - action: labelmap
-        regex: __meta_kubernetes_node_name
       metric_relabel_configs:
       - source_labels: [__name__, image]
         action: drop
@@ -121,13 +114,11 @@ data:
       - source_labels: [__meta_kubernetes_node_label_node_kubernetes_io_controller]
         action: keep
         regex: 'true'
-      - action: labelmap
-        regex: __meta_kubernetes_node_name
       - source_labels: [__meta_kubernetes_node_address_InternalIP]
         action: replace
         target_label: __address__
         replacement: '${1}:2381'
-    
+
     # Scrape config for service endpoints.
     #
     # The relabeling allows the actual service scrape endpoint to be configured
@@ -172,7 +163,7 @@ data:
       - source_labels: [__meta_kubernetes_service_name]
         action: replace
         target_label: job
-      
+
       metric_relabel_configs:
       - source_labels: [__name__]
         action: drop

templates/prometheus/deployment.yaml

@@ -14,13 +14,14 @@ spec:
       labels:
         name: prometheus
         phase: prod
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: prometheus
       containers:
         - name: prometheus
-          image: quay.io/prometheus/prometheus:v2.20.0
+          image: quay.io/prometheus/prometheus:v2.21.0
           args:
             - --web.listen-address=0.0.0.0:9090
             - --config.file=/etc/prometheus/prometheus.yaml

templates/prometheus/exporters/kube-state-metrics/deployment.yaml

@@ -18,9 +18,10 @@ spec:
       labels:
         name: kube-state-metrics
         phase: prod
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: kube-state-metrics
       containers:
       - name: kube-state-metrics

templates/prometheus/exporters/node-exporter/daemonset.yaml

@@ -17,13 +17,13 @@ spec:
       labels:
         name: node-exporter
         phase: prod
-      annotations:
-        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
       serviceAccountName: node-exporter
       securityContext:
         runAsNonRoot: true
         runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
       hostNetwork: true
       hostPID: true
       containers: