# Version Checker - Container Image Version Monitoring for Kubernetes # Namespace: version-checker-system # # This deploys jetstack/version-checker which monitors all container images # running in the cluster and compares them to latest available upstream versions. # Metrics are exposed for Prometheus scraping. # # Documentation: https://github.com/jetstack/version-checker # # Metrics exposed: # - version_checker_is_latest_version{...} = 1 (up to date) or 0 (outdated) # - version_checker_image_info{image, current_version, latest_version, ...} --- apiVersion: v1 kind: Namespace metadata: name: version-checker-system labels: app.kubernetes.io/name: version-checker --- apiVersion: v1 kind: ServiceAccount metadata: name: version-checker namespace: version-checker-system labels: app.kubernetes.io/name: version-checker --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: version-checker labels: app.kubernetes.io/name: version-checker rules: # Required to read pod specs to get container images - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] # Required to check Kubernetes version (optional feature) - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: version-checker labels: app.kubernetes.io/name: version-checker roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: version-checker subjects: - kind: ServiceAccount name: version-checker namespace: version-checker-system --- apiVersion: apps/v1 kind: Deployment metadata: name: version-checker namespace: version-checker-system labels: app.kubernetes.io/name: version-checker app.kubernetes.io/instance: version-checker app.kubernetes.io/version: "v0.10.0" annotations: reloader.stakater.com/auto: "true" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: version-checker app.kubernetes.io/instance: version-checker template: metadata: labels: app.kubernetes.io/name: version-checker app.kubernetes.io/instance: version-checker app.kubernetes.io/version: "v0.10.0" annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: serviceAccountName: version-checker securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 containers: - name: version-checker image: quay.io/jetstack/version-checker:v0.10.0 imagePullPolicy: IfNotPresent args: # Test ALL containers in the cluster (not just annotated ones) - --test-all-containers # How often to re-check versions (default: 1h) - --image-cache-timeout=1h # Log level - --log-level=info ports: - name: metrics containerPort: 8080 protocol: TCP resources: requests: cpu: 10m memory: 32Mi limits: cpu: 100m memory: 128Mi livenessProbe: httpGet: path: /healthz port: metrics initialDelaySeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: /readyz port: metrics initialDelaySeconds: 10 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL --- apiVersion: v1 kind: Service metadata: name: version-checker namespace: version-checker-system labels: app.kubernetes.io/name: version-checker app.kubernetes.io/instance: version-checker spec: type: ClusterIP ports: - name: metrics port: 8080 targetPort: metrics protocol: TCP selector: app.kubernetes.io/name: version-checker app.kubernetes.io/instance: version-checker --- # ServiceMonitor for Prometheus Operator (if using kube-prometheus-stack) # If you're using plain Prometheus with pod annotations, this can be removed # apiVersion: monitoring.coreos.com/v1 # kind: ServiceMonitor # metadata: # name: version-checker # namespace: version-checker-system # labels: # app.kubernetes.io/name: version-checker # app.kubernetes.io/instance: version-checker # # Add your Prometheus selector label if needed # # release: prometheus # spec: # selector: # matchLabels: # app.kubernetes.io/name: version-checker # namespaceSelector: # matchNames: # - version-checker-system # endpoints: # - port: metrics # interval: 5m # scrapeTimeout: 30s # path: /metrics