chore(DEV-947): upgrade kube state metrics

2026-03-10 15:49:32 +00:00 · 2021-08-16 17:26:22 +02:00
parent e9bd83f5bd
commit d0cf347349
11 changed files with 144 additions and 194 deletions
--- a/lib/common/bootstrap/charts/kube-state-metrics/Chart.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 2.0.0
+appVersion: 2.1.1
 description: Install kube-state-metrics to generate and expose cluster-level metrics
 home: https://github.com/kubernetes/kube-state-metrics/
 keywords:
@@ -16,4 +16,4 @@ name: kube-state-metrics
 sources:
 - https://github.com/kubernetes/kube-state-metrics/
 type: application
-version: 3.2.0
+version: 3.4.2
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/clusterrolebinding.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/clusterrolebinding.yaml
@@ -18,6 +18,6 @@ roleRef:
 {{- end }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "kube-state-metrics.fullname" . }}
+  name: {{ template "kube-state-metrics.serviceAccountName" . }}
  namespace: {{ template "kube-state-metrics.namespace" . }}
 {{- end -}}
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/deployment.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/deployment.yaml
@@ -13,30 +13,30 @@ metadata:
    app.kubernetes.io/instance: "{{ .Release.Name }}"
    app.kubernetes.io/managed-by: "{{ .Release.Service }}"
    app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
-{{- if .Values.customLabels }}
+    {{- if .Values.customLabels }}
 {{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
+    {{- end }}
 spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
  replicas: {{ .Values.replicas }}
-{{- if .Values.autosharding.enabled }}
+  {{- if .Values.autosharding.enabled }}
  serviceName: {{ template "kube-state-metrics.fullname" . }}
  volumeClaimTemplates: []
-{{- end }}
+  {{- end }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
        app.kubernetes.io/instance: "{{ .Release.Name }}"
-{{- if .Values.customLabels }}
+        {{- if .Values.customLabels }}
 {{ toYaml .Values.customLabels | indent 8 }}
-{{- end }}
-{{- if .Values.podAnnotations }}
+        {{- end }}
+      {{- if .Values.podAnnotations }}
      annotations:
 {{ toYaml .Values.podAnnotations | indent 8 }}
-{{- end }}
+      {{- end }}
    spec:
      hostNetwork: {{ .Values.hostNetwork }}
      serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
@@ -51,7 +51,7 @@ spec:
    {{- end }}
      containers:
      - name: {{ .Chart.Name }}
-{{- if .Values.autosharding.enabled }}
+        {{- if .Values.autosharding.enabled }}
        env:
        - name: POD_NAME
          valueFrom:
@@ -61,137 +61,68 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-{{- end }}
+        {{- end }}
        args:
-{{  if .Values.extraArgs  }}
+        {{-  if .Values.extraArgs  }}
        {{- range .Values.extraArgs  }}
        - {{ . }}
        {{- end  }}
-{{  end  }}
-{{  if .Values.collectors.certificatesigningrequests  }}
-        - --resources=certificatesigningrequests
-{{  end  }}
-{{  if .Values.collectors.configmaps  }}
-        - --resources=configmaps
-{{  end  }}
-{{  if .Values.collectors.cronjobs  }}
-        - --resources=cronjobs
-{{  end  }}
-{{ if .Values.collectors.daemonsets  }}
-        - --resources=daemonsets
-{{  end  }}
-{{  if .Values.collectors.deployments  }}
-        - --resources=deployments
-{{  end  }}
-{{  if .Values.collectors.endpoints  }}
-        - --resources=endpoints
-{{  end  }}
-{{  if .Values.collectors.horizontalpodautoscalers  }}
-        - --resources=horizontalpodautoscalers
-{{  end  }}
-{{  if .Values.collectors.ingresses  }}
-        - --resources=ingresses
-{{  end  }}
-{{  if .Values.collectors.jobs  }}
-        - --resources=jobs
-{{  end  }}
-{{  if .Values.collectors.limitranges  }}
-        - --resources=limitranges
-{{  end  }}
-{{  if .Values.collectors.mutatingwebhookconfigurations  }}
-        - --resources=mutatingwebhookconfigurations
-{{  end  }}
-{{  if .Values.collectors.namespaces  }}
-        - --resources=namespaces
-{{  end  }}
-{{  if .Values.collectors.networkpolicies  }}
-        - --resources=networkpolicies
-{{  end  }}
-{{  if .Values.collectors.nodes  }}
-        - --resources=nodes
-{{  end  }}
-{{  if .Values.collectors.persistentvolumeclaims  }}
-        - --resources=persistentvolumeclaims
-{{  end  }}
-{{  if .Values.collectors.persistentvolumes  }}
-        - --resources=persistentvolumes
-{{  end  }}
-{{  if .Values.collectors.poddisruptionbudgets  }}
-        - --resources=poddisruptionbudgets
-{{  end  }}
-{{  if .Values.collectors.pods  }}
-        - --resources=pods
-{{  end  }}
-{{  if .Values.collectors.replicasets  }}
-        - --resources=replicasets
-{{  end  }}
-{{  if .Values.collectors.replicationcontrollers  }}
-        - --resources=replicationcontrollers
-{{  end  }}
-{{  if .Values.collectors.resourcequotas  }}
-        - --resources=resourcequotas
-{{  end  }}
-{{  if .Values.collectors.secrets  }}
-        - --resources=secrets
-{{  end  }}
-{{  if .Values.collectors.services  }}
-        - --resources=services
-{{  end  }}
-{{  if .Values.collectors.statefulsets  }}
-        - --resources=statefulsets
-{{  end  }}
-{{  if .Values.collectors.storageclasses  }}
-        - --resources=storageclasses
-{{  end  }}
-{{  if .Values.collectors.validatingwebhookconfigurations  }}
-        - --resources=validatingwebhookconfigurations
-{{  end  }}
-{{  if .Values.collectors.verticalpodautoscalers  }}
-        - --resources=verticalpodautoscalers
-{{  end  }}
-{{  if .Values.collectors.volumeattachments  }}
-        - --resources=volumeattachments
-{{  end  }}
-{{ if .Values.namespaces }}
-        - --namespaces={{ tpl .Values.namespaces $ | join "," }}
-{{ end }}
-{{ if .Values.autosharding.enabled }}
+        {{-  end  }}
+        {{- if .Values.service.port }}
+        - --port={{ .Values.service.port | default 8080}}
+        {{-  end  }}
+        {{-  if .Values.collectors  }}
+        - --resources={{ .Values.collectors | join "," }}
+        {{-  end  }}
+        {{- if .Values.metricLabelsAllowlist }}
+        - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }}
+        {{- end }}
+        {{- if .Values.metricAllowlist }}
+        - --metric-allowlist={{ .Values.metricAllowlist | join "," }}
+        {{- end }}
+        {{- if .Values.metricDenylist }}
+        - --metric-denylist={{ .Values.metricDenylist | join "," }}
+        {{- end }}
+        {{- if .Values.namespaces }}
+        - --namespaces={{ tpl (.Values.namespaces | join ",") $ }}
+        {{- end }}
+        {{- if .Values.autosharding.enabled }}
        - --pod=$(POD_NAME)
        - --pod-namespace=$(POD_NAMESPACE)
-{{ end }}
-{{ if .Values.kubeconfig.enabled }}
+        {{- end }}
+        {{- if .Values.kubeconfig.enabled }}
        - --kubeconfig=/opt/k8s/.kube/config
-{{ end }}
-{{ if .Values.selfMonitor.telemetryHost }}
+        {{- end }}
+        {{- if .Values.selfMonitor.telemetryHost }}
        - --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
-{{ end }}
-        - --telemetry-port=8081
-{{- if .Values.kubeconfig.enabled }}
+        {{- end }}
+        - --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }}
+        {{- if .Values.kubeconfig.enabled }}
        volumeMounts:
        - name: kubeconfig
          mountPath: /opt/k8s/.kube/
          readOnly: true
-{{- end }}
+        {{- end }}
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        ports:
-        - containerPort: 8080
-{{- if .Values.selfMonitor.enabled }}
-        - containerPort: 8081
-{{- end }}
+        - containerPort: {{ .Values.service.port | default 8080}}
+        {{- if .Values.selfMonitor.enabled }}
+        - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
+        {{- end }}
        livenessProbe:
          httpGet:
            path: /healthz
-            port: 8080
+            port: {{ .Values.service.port | default 8080}}
          initialDelaySeconds: 5
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /
-            port: 8080
+            port: {{ .Values.service.port | default 8080}}
          initialDelaySeconds: 5
          timeoutSeconds: 5
-{{- if .Values.resources }}
+        {{- if .Values.resources }}
        resources:
 {{ toYaml .Values.resources | indent 10 }}
 {{- end }}
@@ -202,22 +133,22 @@ spec:
 {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
-{{- end }}
-{{- if .Values.affinity }}
+      {{- end }}
+      {{- if .Values.affinity }}
      affinity:
 {{ toYaml .Values.affinity | indent 8 }}
-{{- end }}
-{{- if .Values.nodeSelector }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-{{- if .Values.tolerations }}
+      {{- end }}
+      {{- if .Values.tolerations }}
      tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-{{- if .Values.kubeconfig.enabled}}
+      {{- end }}
+      {{- if .Values.kubeconfig.enabled}}
      volumes:
        - name: kubeconfig
          secret:
            secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
-{{- end }}
+      {{- end }}
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml
@@ -14,6 +14,6 @@ roleRef:
  name: psp-{{ template "kube-state-metrics.fullname" . }}
 subjects:
  - kind: ServiceAccount
-    name: {{ template "kube-state-metrics.fullname" . }}
+    name: {{ template "kube-state-metrics.serviceAccountName" . }}
    namespace: {{ template "kube-state-metrics.namespace" . }}
 {{- end }}
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/role.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/role.yaml
@@ -18,169 +18,169 @@ metadata:
  namespace: {{ . }}
 {{- end }}
 rules:
-{{ if $.Values.collectors.certificatesigningrequests }}
+{{ if has "certificatesigningrequests" $.Values.collectors }}
 - apiGroups: ["certificates.k8s.io"]
  resources:
  - certificatesigningrequests
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.configmaps }}
+{{ if has "configmaps" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - configmaps
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.cronjobs }}
+{{ if has "cronjobs" $.Values.collectors }}
 - apiGroups: ["batch"]
  resources:
  - cronjobs
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.daemonsets }}
+{{ if has "daemonsets" $.Values.collectors }}
 - apiGroups: ["extensions", "apps"]
  resources:
  - daemonsets
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.deployments }}
+{{ if has "deployments" $.Values.collectors }}
 - apiGroups: ["extensions", "apps"]
  resources:
  - deployments
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.endpoints }}
+{{ if has "endpoints" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - endpoints
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.horizontalpodautoscalers }}
+{{ if has "horizontalpodautoscalers" $.Values.collectors }}
 - apiGroups: ["autoscaling"]
  resources:
  - horizontalpodautoscalers
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.ingresses }}
+{{ if has "ingresses" $.Values.collectors }}
 - apiGroups: ["extensions", "networking.k8s.io"]
  resources:
  - ingresses
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.jobs }}
+{{ if has "jobs" $.Values.collectors }}
 - apiGroups: ["batch"]
  resources:
  - jobs
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.limitranges }}
+{{ if has "limitranges" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - limitranges
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.mutatingwebhookconfigurations }}
+{{ if has "mutatingwebhookconfigurations" $.Values.collectors }}
 - apiGroups: ["admissionregistration.k8s.io"]
  resources:
    - mutatingwebhookconfigurations
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.namespaces }}
+{{ if has "namespaces" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - namespaces
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.networkpolicies }}
+{{ if has "networkpolicies" $.Values.collectors }}
 - apiGroups: ["networking.k8s.io"]
  resources:
  - networkpolicies
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.nodes }}
+{{ if has "nodes" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - nodes
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.persistentvolumeclaims }}
+{{ if has "persistentvolumeclaims" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - persistentvolumeclaims
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.persistentvolumes }}
+{{ if has "persistentvolumes" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - persistentvolumes
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.poddisruptionbudgets }}
+{{ if has "poddisruptionbudgets" $.Values.collectors }}
 - apiGroups: ["policy"]
  resources:
    - poddisruptionbudgets
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.pods }}
+{{ if has "pods" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - pods
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.replicasets }}
+{{ if has "replicasets" $.Values.collectors }}
 - apiGroups: ["extensions", "apps"]
  resources:
  - replicasets
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.replicationcontrollers }}
+{{ if has "replicationcontrollers" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - replicationcontrollers
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.resourcequotas }}
+{{ if has "resourcequotas" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - resourcequotas
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.secrets }}
+{{ if has "secrets" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - secrets
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.services }}
+{{ if has "services" $.Values.collectors }}
 - apiGroups: [""]
  resources:
  - services
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.statefulsets }}
+{{ if has "statefulsets" $.Values.collectors }}
 - apiGroups: ["apps"]
  resources:
  - statefulsets
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.storageclasses }}
+{{ if has "storageclasses" $.Values.collectors }}
 - apiGroups: ["storage.k8s.io"]
  resources:
    - storageclasses
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.validatingwebhookconfigurations }}
+{{ if has "validatingwebhookconfigurations" $.Values.collectors }}
 - apiGroups: ["admissionregistration.k8s.io"]
  resources:
    - validatingwebhookconfigurations
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.volumeattachments }}
+{{ if has "volumeattachments" $.Values.collectors }}
 - apiGroups: ["storage.k8s.io"]
  resources:
    - volumeattachments
  verbs: ["list", "watch"]
 {{ end -}}
-{{ if $.Values.collectors.verticalpodautoscalers }}
+{{ if has "verticalpodautoscalers" $.Values.collectors }}
 - apiGroups: ["autoscaling.k8s.io"]
  resources:
    - verticalpodautoscalers
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/rolebinding.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/rolebinding.yaml
@@ -21,7 +21,7 @@ roleRef:
 {{- end }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "kube-state-metrics.fullname" $ }}
+  name: {{ template "kube-state-metrics.serviceAccountName" $ }}
  namespace: {{ template "kube-state-metrics.namespace" $ }}
 {{- end -}}
 {{- end -}}
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/service.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/service.yaml
@@ -23,16 +23,16 @@ spec:
  ports:
  - name: "http"
    protocol: TCP
-    port: {{ .Values.service.port }}
+    port: {{ .Values.service.port | default 8080}}
  {{- if .Values.service.nodePort }}
    nodePort: {{ .Values.service.nodePort }}
  {{- end }}
-    targetPort: 8080
+    targetPort: {{ .Values.service.port | default 8080}}
  {{ if .Values.selfMonitor.enabled }}
  - name: "metrics"
    protocol: TCP
    port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
-    targetPort: 8081
+    targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
  {{ end }}
 {{- if .Values.service.loadBalancerIP }}
  loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/serviceaccount.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/serviceaccount.yaml
@@ -7,7 +7,7 @@ metadata:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
-  name: {{ template "kube-state-metrics.fullname" . }}
+  name: {{ template "kube-state-metrics.serviceAccountName" . }}
  namespace: {{ template "kube-state-metrics.namespace" . }}
 {{- if .Values.serviceAccount.annotations }}
  annotations:
--- a/lib/common/bootstrap/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml
@@ -15,6 +15,6 @@ roleRef:
  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
 subjects:
  - kind: ServiceAccount
-    name: {{ template "kube-state-metrics.fullname" . }}
+    name: {{ template "kube-state-metrics.serviceAccountName" . }}
    namespace: {{ template "kube-state-metrics.namespace" . }}
 {{- end }}
--- a/lib/common/bootstrap/charts/kube-state-metrics/values.yaml
+++ b/lib/common/bootstrap/charts/kube-state-metrics/values.yaml
@@ -2,7 +2,7 @@
 prometheusScrape: true
 image:
  repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics
-  tag: v2.0.0
+  tag: v2.1.1
  pullPolicy: IfNotPresent

 imagePullSecrets: []
@@ -114,37 +114,56 @@ podAnnotations: {}
 # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
 podDisruptionBudget: {}

-# Available collectors for kube-state-metrics. By default all available
-# resources are enabled.
+# Comma-separated list of metrics to be exposed.
+# This list comprises of exact metric names and/or regex patterns.
+# The allowlist and denylist are mutually exclusive.
+metricAllowlist: []
+
+# Comma-separated list of metrics not to be enabled.
+# This list comprises of exact metric names and/or regex patterns.
+# The allowlist and denylist are mutually exclusive.
+metricDenylist: []
+
+# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
+# labels metric. By default the metric contains only name and namespace labels.
+# To include additional labels, provide a list of resource names in their plural form and Kubernetes
+# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
+# A single '*' can be provided per resource instead to allow any labels, but that has
+# severe performance implications (Example: '=pods=[*]').
+metricLabelsAllowlist: []
+  # - namespaces=[k8s-label-1,k8s-label-n]
+
+# Available collectors for kube-state-metrics.
+# By default, all available resources are enabled, comment out to disable.
 collectors:
-  certificatesigningrequests: true
-  configmaps: true
-  cronjobs: true
-  daemonsets: true
-  deployments: true
-  endpoints: true
-  horizontalpodautoscalers: true
-  ingresses: true
-  jobs: true
-  limitranges: true
-  mutatingwebhookconfigurations: true
-  namespaces: true
-  networkpolicies: true
-  nodes: true
-  persistentvolumeclaims: true
-  persistentvolumes: true
-  poddisruptionbudgets: true
-  pods: true
-  replicasets: true
-  replicationcontrollers: true
-  resourcequotas: true
-  secrets: true
-  services: true
-  statefulsets: true
-  storageclasses: true
-  validatingwebhookconfigurations: true
-  verticalpodautoscalers: false
-  volumeattachments: true
+  - certificatesigningrequests
+  - configmaps
+  - cronjobs
+  - daemonsets
+  - deployments
+  - endpoints
+  - horizontalpodautoscalers
+  - ingresses
+  - jobs
+  - limitranges
+  - mutatingwebhookconfigurations
+  - namespaces
+  - networkpolicies
+  - nodes
+  - persistentvolumeclaims
+  - persistentvolumes
+  - poddisruptionbudgets
+  - pods
+  - replicasets
+  - replicationcontrollers
+  - resourcequotas
+  - secrets
+  - services
+  - statefulsets
+  - storageclasses
+  - validatingwebhookconfigurations
+  - volumeattachments
+  # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers

 # Enabling kubeconfig will pass the --kubeconfig argument to the container
 kubeconfig:
--- a/lib/helm-freeze.yaml
+++ b/lib/helm-freeze.yaml
@@ -35,7 +35,7 @@ charts:
    version: 4.3.1
  - name: kube-state-metrics
    repo_name: prometheus-community
-    version: 3.2.0
+    version: 3.4.2
  - name: loki
    repo_name: loki
    version: 0.31.1