kube-prometheus
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
##
20
global:
21
imageRegistry: ""
22
## E.g.
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
## Security parameters
29
##
30
security:
31
## @param global.security.allowInsecureImages Allows skipping image verification
32
allowInsecureImages: false
33
## Compatibility adaptations for Kubernetes platforms
34
##
35
compatibility:
36
## Compatibility adaptations for Openshift
37
##
38
openshift:
39
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
40
##
41
adaptSecurityContext: auto
42
org: ""
43
## @section Common parameters
44
##
45
46
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
47
##
48
kubeVersion: ""
49
## @param nameOverride String to partially override `kube-prometheus.name` template with a string (will prepend the release name)
50
##
51
nameOverride: ""
52
## @param fullnameOverride String to fully override `kube-prometheus.fullname` template with a string
53
##
54
fullnameOverride: ""
55
## @param namespaceOverride String to fully override common.names.namespace
56
##
57
namespaceOverride: ""
58
## @param commonAnnotations Annotations to add to all deployed objects
59
##
60
commonAnnotations: {}
61
## @param commonLabels Labels to add to all deployed objects
62
##
63
commonLabels: {}
64
## @param extraDeploy Array of extra objects to deploy with the release
65
##
66
extraDeploy: []
67
## @param clusterDomain Kubernetes cluster domain name
68
##
69
clusterDomain: cluster.local
70
## @section Prometheus Operator Parameters
71
##
72
operator:
73
## @param operator.enabled Deploy Prometheus Operator to the cluster
74
##
75
enabled: true
76
## Iamguarded Prometheus Operator image version
77
## ref: https://hub.docker.com/r/iamguarded/prometheus-operator/tags/
78
## @param operator.image.registry [default: REGISTRY_NAME] Prometheus Operator image registry
79
## @param operator.image.repository [default: REPOSITORY_NAME/prometheus-operator] Prometheus Operator image repository
80
## @skip operator.image.tag Prometheus Operator image tag (immutable tags are recommended)
81
## @param operator.image.digest Prometheus Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
82
## @param operator.image.pullPolicy Prometheus Operator image pull policy
83
## @param operator.image.pullSecrets Specify docker-registry secret names as an array
84
##
85
image:
86
registry: cgr.dev
87
repository: chainguard-private/prometheus-operator-iamguarded
88
tag: 0.89.0
89
digest: ""
90
## Specify a imagePullPolicy
91
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
92
##
93
pullPolicy: IfNotPresent
94
## Optionally specify an array of imagePullSecrets.
95
## Secrets must be manually created in the namespace.
96
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
97
## Example:
98
## pullSecrets:
99
## - myRegistryKeySecretName
100
##
101
pullSecrets: []
102
## @param operator.extraArgs Additional arguments passed to Prometheus Operator
103
## Example:
104
## extraArgs:
105
## - --namespaces={{ include "common.names.namespace" . }}
106
##
107
extraArgs: []
108
## @param operator.command Override default container command (useful when using custom images)
109
##
110
command: []
111
## @param operator.args Override default container args (useful when using custom images)
112
##
113
args: []
114
## @param operator.lifecycleHooks for the Prometheus Operator container(s) to automate configuration before or after startup
115
##
116
lifecycleHooks: {}
117
## @param operator.extraEnvVars Array with extra environment variables to add to Prometheus Operator nodes
118
## e.g:
119
## extraEnvVars:
120
## - name: FOO
121
## value: "bar"
122
##
123
extraEnvVars: []
124
## @param operator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Prometheus Operator nodes
125
##
126
extraEnvVarsCM: ""
127
## @param operator.extraEnvVarsSecret Name of existing Secret containing extra env vars for Prometheus Operator nodes
128
##
129
extraEnvVarsSecret: ""
130
## @param operator.extraVolumes Optionally specify extra list of additional volumes for the Prometheus Operator pod(s)
131
##
132
extraVolumes: []
133
## @param operator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Prometheus Operator container(s)
134
##
135
extraVolumeMounts: []
136
## @param operator.sidecars Add additional sidecar containers to the Prometheus Operator pod(s)
137
## e.g:
138
## sidecars:
139
## - name: your-image-name
140
## image: your-image
141
## imagePullPolicy: Always
142
## ports:
143
## - name: portname
144
## containerPort: 1234
145
##
146
sidecars: []
147
## @param operator.initContainers Add additional init containers to the Prometheus Operator pod(s)
148
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
149
## e.g:
150
## initContainers:
151
## - name: your-image-name
152
## image: your-image
153
## imagePullPolicy: Always
154
## command: ['sh', '-c', 'echo "hello world"']
155
##
156
initContainers: []
157
## @param operator.automountServiceAccountToken Mount Service Account token in pod
158
##
159
automountServiceAccountToken: true
160
## @param operator.hostAliases Add deployment host aliases
161
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
162
##
163
hostAliases: []
164
## Service account for Prometheus Operator to use.
165
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
166
##
167
serviceAccount:
168
## @param operator.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus Operator
169
##
170
create: true
171
## @param operator.serviceAccount.name The name of the ServiceAccount to create
172
## If not set and create is true, a name is generated using the kube-prometheus.operator.fullname template
173
##
174
name: ""
175
## @param operator.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
176
##
177
automountServiceAccountToken: false
178
## @param operator.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
179
##
180
annotations: {}
181
## @param operator.schedulerName Name of the Kubernetess scheduler (other than default)
182
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
183
##
184
schedulerName: ""
185
## @param operator.terminationGracePeriodSeconds In seconds, time the given to the Prometheus Operator pod needs to terminate gracefully
186
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
187
##
188
terminationGracePeriodSeconds: ""
189
## @param operator.topologySpreadConstraints Topology Spread Constraints for pod assignment
190
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
191
## The value is evaluated as a template
192
##
193
topologySpreadConstraints: []
194
## Prometheus Operator pods' Security Context
195
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
196
## @param operator.podSecurityContext.enabled Enable pod security context
197
## @param operator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
198
## @param operator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
199
## @param operator.podSecurityContext.supplementalGroups Set filesystem extra groups
200
## @param operator.podSecurityContext.fsGroup Group ID for the container filesystem
201
##
202
podSecurityContext:
203
enabled: true
204
fsGroupChangePolicy: Always
205
sysctls: []
206
supplementalGroups: []
207
fsGroup: 1001
208
## Prometheus Operator containers' Security Context (only main container)
209
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
210
## @param operator.containerSecurityContext.enabled Enabled containers' Security Context
211
## @param operator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
212
## @param operator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
213
## @param operator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
214
## @param operator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
215
## @param operator.containerSecurityContext.privileged Set container's Security Context privileged
216
## @param operator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
217
## @param operator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
218
## @param operator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
219
## @param operator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
220
##
221
containerSecurityContext:
222
enabled: true
223
seLinuxOptions: {}
224
runAsUser: 1001
225
runAsGroup: 1001
226
runAsNonRoot: true
227
privileged: false
228
readOnlyRootFilesystem: true
229
allowPrivilegeEscalation: false
230
capabilities:
231
drop: ["ALL"]
232
seccompProfile:
233
type: "RuntimeDefault"
234
## Prometheus Operator Service
235
##
236
service:
237
## @param operator.service.type Kubernetes service type
238
##
239
type: ClusterIP
240
## @param operator.service.ports.http Prometheus Operator service port
241
##
242
ports:
243
http: 8080
244
## @param operator.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service
245
## e.g:
246
## clusterIP: None
247
##
248
clusterIP: ""
249
## @param operator.service.nodePorts.http Kubernetes Service nodePort
250
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
251
## e.g:
252
## nodePort: 30080
253
##
254
nodePorts:
255
http: ""
256
## @param operator.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
257
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
258
##
259
loadBalancerIP: ""
260
## @param operator.service.loadBalancerClass Operator service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
261
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
262
##
263
loadBalancerClass: ""
264
## @param operator.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer`
265
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
266
## e.g:
267
## loadBalancerSourceRanges:
268
## - 10.10.10.0/24
269
##
270
loadBalancerSourceRanges: []
271
## @param operator.service.externalTrafficPolicy Enable client source IP preservation
272
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
273
## There are two available options: Cluster (default) and Local.
274
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
275
##
276
externalTrafficPolicy: Cluster
277
## @param operator.service.healthCheckNodePort Specifies the health check node port (numeric port number) for the service if `externalTrafficPolicy` is set to Local.
278
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
279
##
280
healthCheckNodePort: ""
281
## @param operator.service.labels Additional labels for Prometheus Operator service
282
##
283
labels: {}
284
## @param operator.service.annotations Additional annotations for Prometheus Operator service
285
##
286
annotations: {}
287
## @param operator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
288
##
289
extraPorts: []
290
## @param operator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
291
## If "ClientIP", consecutive client requests will be directed to the same Pod
292
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
293
##
294
sessionAffinity: None
295
## @param operator.service.sessionAffinityConfig Additional settings for the sessionAffinity
296
## sessionAffinityConfig:
297
## clientIP:
298
## timeoutSeconds: 300
299
##
300
sessionAffinityConfig: {}
301
## Network Policies
302
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
303
##
304
networkPolicy:
305
## @param operator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
306
##
307
enabled: true
308
## @param operator.networkPolicy.allowExternal Don't require server label for connections
309
## The Policy model to apply. When set to false, only pods with the correct
310
## server label will have network access to the ports server is listening
311
## on. When true, server will accept connections from any source
312
## (with the correct destination port).
313
##
314
allowExternal: true
315
## @param operator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
316
##
317
allowExternalEgress: true
318
## @param operator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
319
## e.g:
320
## extraIngress:
321
## - ports:
322
## - port: 1234
323
## from:
324
## - podSelector:
325
## - matchLabels:
326
## - role: frontend
327
## - podSelector:
328
## - matchExpressions:
329
## - key: role
330
## operator: In
331
## values:
332
## - frontend
333
extraIngress: []
334
## @param operator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
335
## e.g:
336
## extraEgress:
337
## - ports:
338
## - port: 1234
339
## to:
340
## - podSelector:
341
## - matchLabels:
342
## - role: frontend
343
## - podSelector:
344
## - matchExpressions:
345
## - key: role
346
## operator: In
347
## values:
348
## - frontend
349
##
350
extraEgress: []
351
## @param operator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
352
## @param operator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
353
##
354
ingressNSMatchLabels: {}
355
ingressNSPodMatchLabels: {}
356
## Create a servicemonitor for the operator
357
##
358
serviceMonitor:
359
## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator
360
##
361
enabled: true
362
## @param operator.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
363
##
364
jobLabel: ""
365
## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
366
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
367
##
368
interval: ""
369
## @param operator.serviceMonitor.metricRelabelings Metric relabeling
370
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
371
##
372
metricRelabelings: []
373
## @param operator.serviceMonitor.relabelings Relabel configs
374
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
375
##
376
relabelings: []
377
## @param operator.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
378
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
379
##
380
scrapeTimeout: ""
381
## @param operator.serviceMonitor.labels Extra labels for the ServiceMonitor
382
##
383
labels: {}
384
## @param operator.serviceMonitor.annotations Extra annotations for the ServiceMonitor
385
##
386
annotations: {}
387
## @param operator.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor
388
## (e.g. tlsConfig for further customization of the HTTPS behavior)
389
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint
390
##
391
extraParameters: {}
392
## @param operator.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
393
##
394
sampleLimit: ""
395
## @param operator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production).
396
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
397
##
398
resourcesPreset: "nano"
399
## @param operator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
400
## Example:
401
## resources:
402
## requests:
403
## cpu: 2
404
## memory: 512Mi
405
## limits:
406
## cpu: 3
407
## memory: 1024Mi
408
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
409
##
410
resources: {}
411
## @param operator.podAffinityPreset Pod affinity preset
412
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
413
##
414
podAffinityPreset: ""
415
## @param operator.podAntiAffinityPreset Prometheus Operator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
416
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
417
##
418
podAntiAffinityPreset: soft
419
## Node affinity preset
420
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
421
##
422
nodeAffinityPreset:
423
## @param operator.nodeAffinityPreset.type Prometheus Operator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
424
##
425
type: ""
426
## @param operator.nodeAffinityPreset.key Prometheus Operator Node label key to match Ignored if `affinity` is set.
427
## E.g.
428
## key: "kubernetes.io/e2e-az-name"
429
##
430
key: ""
431
## @param operator.nodeAffinityPreset.values Prometheus Operator Node label values to match. Ignored if `affinity` is set.
432
## E.g.
433
## values:
434
## - e2e-az1
435
## - e2e-az2
436
##
437
values: []
438
## @param operator.affinity Prometheus Operator Affinity for pod assignment
439
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
440
## Note: operator.podAffinityPreset, operator.podAntiAffinityPreset, and operator.nodeAffinityPreset will be ignored when it's set
441
##
442
affinity: {}
443
## @param operator.nodeSelector Prometheus Operator Node labels for pod assignment
444
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
445
##
446
nodeSelector: {}
447
## @param operator.tolerations Prometheus Operator Tolerations for pod assignment
448
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
449
##
450
tolerations: []
451
## @param operator.podAnnotations Annotations for Prometheus Operator pods
452
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
453
##
454
podAnnotations: {}
455
## @param operator.podLabels Extra labels for Prometheus Operator pods
456
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
457
##
458
podLabels: {}
459
## @param operator.priorityClassName Priority class assigned to the Pods
460
##
461
priorityClassName: ""
462
## Configure extra options for liveness probe
463
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
464
## @param operator.livenessProbe.enabled Turn on and off liveness probe
465
## @param operator.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
466
## @param operator.livenessProbe.periodSeconds How often to perform the probe
467
## @param operator.livenessProbe.timeoutSeconds When the probe times out
468
## @param operator.livenessProbe.failureThreshold Minimum consecutive failures for the probe
469
## @param operator.livenessProbe.successThreshold Minimum consecutive successes for the probe
470
##
471
livenessProbe:
472
enabled: true
473
initialDelaySeconds: 120
474
periodSeconds: 10
475
timeoutSeconds: 5
476
failureThreshold: 6
477
successThreshold: 1
478
## Configure extra options for readiness probe
479
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
480
## @param operator.readinessProbe.enabled Turn on and off readiness probe
481
## @param operator.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
482
## @param operator.readinessProbe.periodSeconds How often to perform the probe
483
## @param operator.readinessProbe.timeoutSeconds When the probe times out
484
## @param operator.readinessProbe.failureThreshold Minimum consecutive failures for the probe
485
## @param operator.readinessProbe.successThreshold Minimum consecutive successes for the probe
486
##
487
readinessProbe:
488
enabled: true
489
initialDelaySeconds: 30
490
periodSeconds: 10
491
timeoutSeconds: 5
492
failureThreshold: 6
493
successThreshold: 1
494
## Configure extra options for startup probe
495
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
496
## @param operator.startupProbe.enabled Turn on and off startup probe
497
## @param operator.startupProbe.initialDelaySeconds Delay before startup probe is initiated
498
## @param operator.startupProbe.periodSeconds How often to perform the probe
499
## @param operator.startupProbe.timeoutSeconds When the probe times out
500
## @param operator.startupProbe.failureThreshold Minimum consecutive failures for the probe
501
## @param operator.startupProbe.successThreshold Minimum consecutive successes for the probe
502
##
503
startupProbe:
504
enabled: false
505
initialDelaySeconds: 30
506
periodSeconds: 10
507
timeoutSeconds: 5
508
failureThreshold: 6
509
successThreshold: 1
510
## @param operator.customLivenessProbe Custom livenessProbe that overrides the default one
511
##
512
customLivenessProbe: {}
513
## @param operator.customReadinessProbe Custom readinessProbe that overrides the default one
514
##
515
customReadinessProbe: {}
516
## @param operator.customStartupProbe Custom startupProbe that overrides the default one
517
##
518
customStartupProbe: {}
519
## @param operator.logLevel Log level for Prometheus Operator
520
##
521
logLevel: info
522
## @param operator.logFormat Log format for Prometheus Operator
523
##
524
logFormat: logfmt
525
## @param operator.configReloaderResources Set the prometheus config reloader side-car CPU and memory requests and limits.
526
## configReloaderResources:
527
## limits:
528
## cpu: 200m
529
## memory: 100Mi
530
## requests:
531
## cpu: 100m
532
## memory: 50Mi
533
##
534
configReloaderResources: {}
535
## @param operator.kubeletService.enabled If true, the operator will create and maintain a service for scraping kubelets
536
## @param operator.kubeletService.namespace Namespace to deploy the kubelet service
537
##
538
kubeletService:
539
enabled: true
540
namespace: kube-system
541
## Prometheus Configmap-reload image to use for reloading configmaps
542
## defaults to Iamguarded Prometheus Operator (ref: https://hub.docker.com/r/iamguarded/prometheus-operator/tags/)
543
##
544
prometheusConfigReloader:
545
## @param operator.prometheusConfigReloader.image Prometheus Config Reloader image. If not set, the same as `operator.image.registry`
546
## registry:
547
## repository:
548
## tag:
549
## digest: ""
550
## pullSecrets:
551
##
552
image: {}
553
## Prometheus config reload container's securityContext
554
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
555
## @param operator.prometheusConfigReloader.containerSecurityContext.enabled Enabled containers' Security Context
556
## @param operator.prometheusConfigReloader.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
557
## @param operator.prometheusConfigReloader.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
558
## @param operator.prometheusConfigReloader.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
559
## @param operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
560
## @param operator.prometheusConfigReloader.containerSecurityContext.privileged Set container's Security Context privileged
561
## @param operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
562
## @param operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
563
## @param operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop List of capabilities to be dropped
564
## @param operator.prometheusConfigReloader.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
565
##
566
containerSecurityContext:
567
enabled: true
568
seLinuxOptions: {}
569
runAsUser: 1001
570
runAsGroup: 1001
571
runAsNonRoot: true
572
privileged: false
573
readOnlyRootFilesystem: true
574
allowPrivilegeEscalation: false
575
capabilities:
576
drop: ["ALL"]
577
seccompProfile:
578
type: "RuntimeDefault"
579
## Configure extra options for liveness probe
580
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
581
## @param operator.prometheusConfigReloader.livenessProbe.enabled Turn on and off liveness probe
582
## @param operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
583
## @param operator.prometheusConfigReloader.livenessProbe.periodSeconds How often to perform the probe
584
## @param operator.prometheusConfigReloader.livenessProbe.timeoutSeconds When the probe times out
585
## @param operator.prometheusConfigReloader.livenessProbe.failureThreshold Minimum consecutive failures for the probe
586
## @param operator.prometheusConfigReloader.livenessProbe.successThreshold Minimum consecutive successes for the probe
587
##
588
livenessProbe:
589
enabled: true
590
initialDelaySeconds: 10
591
periodSeconds: 10
592
timeoutSeconds: 5
593
failureThreshold: 6
594
successThreshold: 1
595
## Configure extra options for readiness probe
596
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
597
## @param operator.prometheusConfigReloader.readinessProbe.enabled Turn on and off readiness probe
598
## @param operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
599
## @param operator.prometheusConfigReloader.readinessProbe.periodSeconds How often to perform the probe
600
## @param operator.prometheusConfigReloader.readinessProbe.timeoutSeconds When the probe times out
601
## @param operator.prometheusConfigReloader.readinessProbe.failureThreshold Minimum consecutive failures for the probe
602
## @param operator.prometheusConfigReloader.readinessProbe.successThreshold Minimum consecutive successes for the probe
603
##
604
readinessProbe:
605
enabled: true
606
initialDelaySeconds: 15
607
periodSeconds: 20
608
timeoutSeconds: 5
609
failureThreshold: 6
610
successThreshold: 1
611
## Restrict the namespaces that the operator watches
612
## ref: `-namespaces` in https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/operator.md
613
## @param operator.namespaces Optional comma-separated list of namespaces to watch (default=all).
614
##
615
namespaces: ""
616
## Pod Disruption Budget configuration
617
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
618
## @param operator.pdb.create Enable/disable a Pod Disruption Budget creation
619
## @param operator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
620
## @param operator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
621
##
622
pdb:
623
create: true
624
minAvailable: ""
625
maxUnavailable: ""
626
## @section Prometheus Parameters
627
##
628
629
## Deploy a Prometheus instance
630
##
631
prometheus:
632
## @param prometheus.enabled Deploy Prometheus to the cluster
633
##
634
enabled: true
635
## Iamguarded Prometheus image version
636
## ref: https://hub.docker.com/r/iamguarded/prometheus/tags/
637
## @param prometheus.image.registry [default: REGISTRY_NAME] Prometheus image registry
638
## @param prometheus.image.repository [default: REPOSITORY_NAME/prometheus] Prometheus image repository
639
## @skip prometheus.image.tag Prometheus image tag (immutable tags are recommended)
640
## @param prometheus.image.digest Prometheus image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
641
## @param prometheus.image.pullPolicy Prometheus image pull policy
642
## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array
643
##
644
image:
645
registry: cgr.dev
646
repository: chainguard-private/prometheus-iamguarded
647
tag: 3.10.0
648
digest: ""
649
pullPolicy: IfNotPresent
650
## Optionally specify an array of imagePullSecrets.
651
## Secrets must be manually created in the namespace.
652
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
653
## Example:
654
## pullSecrets:
655
## - myRegistryKeySecretName
656
##
657
pullSecrets: []
658
## @param prometheus.defaultRules.create Create default rules for Prometheus
659
## @param prometheus.defaultRules.rules [object] Set of default rules for Prometheus that can be enabled/disabled
660
##
661
defaultRules:
662
create: true
663
rules:
664
alertmanager: true
665
etcd: true
666
configReloaders: true
667
general: true
668
k8sContainerCpuUsageSecondsTotal: true
669
k8sContainerMemoryCache: true
670
k8sContainerMemoryRss: true
671
k8sContainerMemorySwap: true
672
k8sContainerResource: true
673
k8sContainerMemoryWorkingSetBytes: true
674
k8sPodOwner: true
675
kubeApiserverAvailability: true
676
kubeApiserverBurnrate: true
677
kubeApiserverHistogram: true
678
kubeApiserverSlos: true
679
kubeControllerManager: true
680
kubelet: true
681
kubeProxy: true
682
kubePrometheusGeneral: true
683
kubePrometheusNodeRecording: true
684
kubernetesApps: true
685
kubernetesResources: true
686
kubernetesStorage: true
687
kubernetesSystem: true
688
kubeSchedulerAlerting: true
689
kubeSchedulerRecording: true
690
kubeStateMetrics: true
691
network: true
692
node: true
693
nodeExporterAlerting: true
694
nodeExporterRecording: true
695
prometheus: true
696
prometheusOperator: true
697
## Service account for Prometheus to use.
698
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
699
##
700
serviceAccount:
701
## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus
702
##
703
create: true
704
## @param prometheus.serviceAccount.name The name of the ServiceAccount to create
705
## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template
706
##
707
name: ""
708
## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount
709
## annotations:
710
## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus
711
##
712
annotations: {}
713
## @param prometheus.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
714
##
715
automountServiceAccountToken: false
716
## Prometheus pods' Security Context
717
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
718
## @param prometheus.podSecurityContext.enabled Enable security context
719
## @param prometheus.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
720
## @param prometheus.podSecurityContext.sysctls Set kernel settings using the sysctl interface
721
## @param prometheus.podSecurityContext.supplementalGroups Set filesystem extra groups
722
## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem
723
##
724
podSecurityContext:
725
enabled: true
726
fsGroupChangePolicy: Always
727
sysctls: []
728
supplementalGroups: []
729
fsGroup: 1001
730
## Prometheus containers' Security Context
731
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
732
## @param prometheus.containerSecurityContext.enabled Enabled containers' Security Context
733
## @param prometheus.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
734
## @param prometheus.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
735
## @param prometheus.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
736
## @param prometheus.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
737
## @param prometheus.containerSecurityContext.privileged Set container's Security Context privileged
738
## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
739
## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
740
## @param prometheus.containerSecurityContext.capabilities.drop List of capabilities to be dropped
741
## @param prometheus.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
742
##
743
containerSecurityContext:
744
enabled: true
745
seLinuxOptions: {}
746
runAsUser: 1001
747
runAsGroup: 1001
748
runAsNonRoot: true
749
privileged: false
750
readOnlyRootFilesystem: true
751
allowPrivilegeEscalation: false
752
capabilities:
753
drop: ["ALL"]
754
seccompProfile:
755
type: "RuntimeDefault"
756
## Configure pod disruption budgets for Prometheus
757
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
758
## @param prometheus.pdb.create Create a pod disruption budget for Prometheus
759
## @param prometheus.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled
760
## @param prometheus.pdb.maxUnavailable Maximum number / percentage of pods that may be made unavailable
761
##
762
pdb:
763
create: true
764
minAvailable: ""
765
maxUnavailable: ""
766
## Network Policies
767
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
768
##
769
networkPolicy:
770
## @param prometheus.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
771
##
772
enabled: true
773
## @param prometheus.networkPolicy.allowExternal Don't require server label for connections
774
## The Policy model to apply. When set to false, only pods with the correct
775
## server label will have network access to the ports server is listening
776
## on. When true, server will accept connections from any source
777
## (with the correct destination port).
778
##
779
allowExternal: true
780
## @param prometheus.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
781
##
782
allowExternalEgress: true
783
## @param prometheus.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
784
## e.g:
785
## extraIngress:
786
## - ports:
787
## - port: 1234
788
## from:
789
## - podSelector:
790
## - matchLabels:
791
## - role: frontend
792
## - podSelector:
793
## - matchExpressions:
794
## - key: role
795
## operator: In
796
## values:
797
## - frontend
798
extraIngress: []
799
## @param prometheus.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
800
## e.g:
801
## extraEgress:
802
## - ports:
803
## - port: 1234
804
## to:
805
## - podSelector:
806
## - matchLabels:
807
## - role: frontend
808
## - podSelector:
809
## - matchExpressions:
810
## - key: role
811
## operator: In
812
## values:
813
## - frontend
814
##
815
extraEgress: []
816
## @param prometheus.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
817
## @param prometheus.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
818
##
819
ingressNSMatchLabels: {}
820
ingressNSPodMatchLabels: {}
821
## Prometheus Service
822
##
823
service:
824
## @param prometheus.service.type Kubernetes service type
825
##
826
type: ClusterIP
827
## @param prometheus.service.ports.http Prometheus service port
828
##
829
ports:
830
http: 9090
831
## @param prometheus.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service
832
## e.g: clusterIP: None
833
##
834
clusterIP: ""
835
## @param prometheus.service.nodePorts.http Specify the nodePort value for the LoadBalancer and NodePort service types.
836
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
837
## e.g:
838
## nodePort: 30090
839
##
840
nodePorts:
841
http: ""
842
## @param prometheus.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
843
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
844
##
845
loadBalancerIP: ""
846
## @param prometheus.service.loadBalancerClass Prometheus service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
847
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
848
##
849
loadBalancerClass: ""
850
## @param prometheus.service.loadBalancerSourceRanges Address that are allowed when service is `LoadBalancer`
851
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
852
## e.g:
853
## loadBalancerSourceRanges:
854
## - 10.10.10.0/24
855
##
856
loadBalancerSourceRanges: []
857
## @param prometheus.service.externalTrafficPolicy Enable client source IP preservation
858
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
859
## There are two available options: Cluster (default) and Local
860
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
861
##
862
externalTrafficPolicy: Cluster
863
## @param prometheus.service.healthCheckNodePort Specifies the health check node port
864
## if externalTrafficPolicy is set to Local.
865
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
866
##
867
healthCheckNodePort: ""
868
## @param prometheus.service.labels Additional labels for Prometheus service (this value is evaluated as a template)
869
##
870
labels: {}
871
## @param prometheus.service.annotations Additional annotations for Prometheus service (this value is evaluated as a template)
872
##
873
annotations: {}
874
## @param prometheus.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
875
## If "ClientIP", consecutive client requests will be directed to the same Pod
876
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
877
##
878
sessionAffinity: None
879
## @param prometheus.service.sessionAffinityConfig Additional settings for the sessionAffinity
880
## sessionAffinityConfig:
881
## clientIP:
882
## timeoutSeconds: 300
883
##
884
sessionAffinityConfig: {}
885
serviceMonitor:
886
## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself
887
##
888
enabled: true
889
## @param prometheus.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
890
##
891
jobLabel: ""
892
## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
893
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
894
##
895
interval: ""
896
## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling
897
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
898
##
899
metricRelabelings: []
900
## @param prometheus.serviceMonitor.relabelings Relabel configs
901
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
902
##
903
relabelings: []
904
## @param prometheus.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
905
##
906
sampleLimit: ""
907
## Configure the ingress resource that allows you to access the
908
## Prometheus installation. Set up the URL
909
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
910
##
911
ingress:
912
## @param prometheus.ingress.enabled Enable ingress controller resource
913
##
914
enabled: false
915
## @param prometheus.ingress.pathType Ingress Path type
916
##
917
pathType: ImplementationSpecific
918
## @param prometheus.ingress.apiVersion Override API Version (automatically detected if not set)
919
##
920
apiVersion: ""
921
## @param prometheus.ingress.hostname Default host for the ingress resource
922
##
923
hostname: prometheus.local
924
## @param prometheus.ingress.path The Path to Prometheus. You may need to set this to '/*' in order to use this with ALB ingress controllers
925
##
926
path: /
927
## @param prometheus.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
928
## For a full list of possible ingress annotations, please see
929
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
930
## Use this parameter to set the required annotations for cert-manager, see
931
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
932
##
933
## e.g:
934
## annotations:
935
## kubernetes.io/ingress.class: nginx
936
## cert-manager.io/cluster-issuer: cluster-issuer-name
937
##
938
annotations: {}
939
## @param prometheus.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
940
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
941
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
942
##
943
ingressClassName: ""
944
## @param prometheus.ingress.tls Enable TLS configuration for the hostname defined at prometheus.ingress.hostname parameter
945
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.prometheus.ingress.hostname }}
946
## You can use the prometheus.ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
947
##
948
tls: false
949
## @param prometheus.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
950
##
951
selfSigned: false
952
## @param prometheus.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
953
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
954
## extraHosts:
955
## - name: prometheus.local
956
## path: /
957
##
958
extraHosts: []
959
## @param prometheus.ingress.extraPaths Additional arbitrary path/backend objects
960
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
961
## extraPaths:
962
## - path: /*
963
## backend:
964
## serviceName: ssl-redirect
965
## servicePort: use-annotation
966
##
967
extraPaths: []
968
## @param prometheus.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
969
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
970
## extraTls:
971
## - hosts:
972
## - prometheus.local
973
## secretName: prometheus.local-tls
974
##
975
extraTls: []
976
## @param prometheus.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
977
## key and certificate should start with -----BEGIN CERTIFICATE----- or
978
## -----BEGIN RSA PRIVATE KEY-----
979
##
980
## name should line up with a tlsSecret set further up
981
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
982
##
983
## It is also possible to create and manage the certificates outside of this helm chart
984
## Please see README.md for more information
985
## e.g:
986
## secrets:
987
## - name: prometheus.local-tls
988
## key:
989
## certificate:
990
##
991
## NOTE: the secret name MUST match {{ingress.hostname}}-tls to be used if selfSigned is false or no certManager is used
992
secrets: []
993
## @param prometheus.ingress.extraRules Additional rules to be covered with this ingress record
994
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
995
## e.g:
996
## extraRules:
997
## - host: example.local
998
## http:
999
## path: /
1000
## backend:
1001
## service:
1002
## name: example-svc
1003
## port:
1004
## name: http
1005
##
1006
extraRules: []
1007
## @param prometheus.externalUrl External URL used to access Prometheus
1008
## If not creating an ingress but still exposing the service some other way (like a proxy)
1009
## let Prometheus know what its external URL is so that it can properly create links
1010
## externalUrl: https://prometheus.example.com
1011
##
1012
externalUrl: ""
1013
## @param prometheus.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if prometheus.resources is set (prometheus.resources is recommended for production).
1014
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1015
##
1016
resourcesPreset: "small"
1017
## @param prometheus.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1018
## Example:
1019
## resources:
1020
## requests:
1021
## cpu: 2
1022
## memory: 512Mi
1023
## limits:
1024
## cpu: 3
1025
## memory: 1024Mi
1026
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1027
##
1028
resources: {}
1029
## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1030
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1031
##
1032
podAffinityPreset: ""
1033
## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1034
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1035
##
1036
podAntiAffinityPreset: soft
1037
## Node affinity preset
1038
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1039
##
1040
nodeAffinityPreset:
1041
## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1042
##
1043
type: ""
1044
## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set.
1045
## E.g.
1046
## key: "kubernetes.io/e2e-az-name"
1047
##
1048
key: ""
1049
## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set.
1050
## E.g.
1051
## values:
1052
## - e2e-az1
1053
## - e2e-az2
1054
##
1055
values: []
1056
## @param prometheus.affinity Prometheus Affinity for pod assignment
1057
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1058
## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set
1059
##
1060
affinity: {}
1061
## @param prometheus.nodeSelector Prometheus Node labels for pod assignment
1062
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1063
##
1064
nodeSelector: {}
1065
## @param prometheus.topologySpreadConstraints Prometheus Topology Spread Constraints for pod assignment
1066
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1067
## The value is evaluated as a template
1068
##
1069
topologySpreadConstraints: []
1070
## @param prometheus.tolerations Prometheus Tolerations for pod assignment
1071
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1072
##
1073
tolerations: []
1074
## @param prometheus.scrapeInterval Interval between consecutive scrapes
1075
##
1076
scrapeInterval: ""
1077
## @param prometheus.evaluationInterval Interval between consecutive evaluations
1078
##
1079
evaluationInterval: ""
1080
## @param prometheus.scrapeTimeout Timeout after which the global scrape is ended
1081
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
1082
##
1083
scrapeTimeout: ""
1084
## @param prometheus.sampleLimit Per-scrape max number of scraped samples. Requires Prometheus v2.45.0 and newer
1085
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
1086
sampleLimit: ""
1087
## @param prometheus.enforcedSampleLimit Override sampleLimits set by ServiceMonitor, PodMonitor or Probe objects
1088
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PrometheusSpec
1089
enforcedSampleLimit: ""
1090
## @param prometheus.keepDroppedTargets Limit per scrape config on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.
1091
## Requires Prometheus v2.47.0 and newer
1092
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
1093
keepDroppedTargets: ""
1094
## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback
1095
##
1096
listenLocal: false
1097
## Configure extra options for liveness probe
1098
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1099
## @param prometheus.livenessProbe.enabled Turn on and off liveness probe
1100
## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state
1101
## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
1102
## @param prometheus.livenessProbe.periodSeconds How often to perform the probe
1103
## @param prometheus.livenessProbe.timeoutSeconds When the probe times out
1104
## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe
1105
## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe
1106
##
1107
livenessProbe:
1108
enabled: true
1109
path: /-/healthy
1110
initialDelaySeconds: 0
1111
failureThreshold: 10
1112
periodSeconds: 10
1113
successThreshold: 1
1114
timeoutSeconds: 3
1115
## Configure extra options for readiness probe
1116
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1117
## @param prometheus.readinessProbe.enabled Turn on and off readiness probe
1118
## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state
1119
## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
1120
## @param prometheus.readinessProbe.periodSeconds How often to perform the probe
1121
## @param prometheus.readinessProbe.timeoutSeconds When the probe times out
1122
## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe
1123
## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe
1124
##
1125
readinessProbe:
1126
enabled: true
1127
path: /-/ready
1128
initialDelaySeconds: 0
1129
failureThreshold: 10
1130
periodSeconds: 10
1131
successThreshold: 1
1132
timeoutSeconds: 3
1133
## Configure extra options for startup probe
1134
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1135
## @param prometheus.startupProbe.enabled Turn on and off readiness probe
1136
## @param prometheus.startupProbe.path Path of the HTTP service for checking the ready state
1137
## @param prometheus.startupProbe.initialDelaySeconds Delay before readiness probe is initiated
1138
## @param prometheus.startupProbe.periodSeconds How often to perform the probe
1139
## @param prometheus.startupProbe.timeoutSeconds When the probe times out
1140
## @param prometheus.startupProbe.failureThreshold Minimum consecutive failures for the probe
1141
## @param prometheus.startupProbe.successThreshold Minimum consecutive successes for the probe
1142
##
1143
startupProbe:
1144
enabled: true
1145
path: /-/ready
1146
initialDelaySeconds: 0
1147
failureThreshold: 60
1148
periodSeconds: 15
1149
successThreshold: 1
1150
timeoutSeconds: 3
1151
## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API
1152
## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
1153
##
1154
enableAdminAPI: false
1155
## @param prometheus.enableFeatures Enable access to Prometheus disabled features.
1156
## ref: https://prometheus.io/docs/prometheus/latest/disabled_features/
1157
##
1158
enableFeatures: []
1159
## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent
1160
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints
1161
##
1162
alertingEndpoints: []
1163
## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems
1164
##
1165
externalLabels: {}
1166
## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name
1167
##
1168
replicaExternalLabelName: ""
1169
## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name
1170
##
1171
replicaExternalLabelNameClear: false
1172
## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route
1173
## Useful for proxies that rewrite URLs.
1174
##
1175
routePrefix: /
1176
## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name
1177
##
1178
prometheusExternalLabelName: ""
1179
## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name
1180
##
1181
prometheusExternalLabelNameClear: false
1182
## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods
1183
##
1184
secrets: []
1185
## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods
1186
##
1187
configMaps: []
1188
## @param prometheus.querySpec The query command line flags when starting Prometheus
1189
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec
1190
##
1191
querySpec: {}
1192
## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery
1193
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
1194
##
1195
ruleNamespaceSelector: {}
1196
## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery
1197
## If {}, select all ServiceMonitors
1198
##
1199
ruleSelector: {}
1200
## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery
1201
## If {}, select all ServiceMonitors
1202
##
1203
serviceMonitorSelector: {}
1204
## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery
1205
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
1206
##
1207
serviceMonitorNamespaceSelector: {}
1208
## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery.
1209
## If {}, select all PodMonitors
1210
##
1211
podMonitorSelector: {}
1212
## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery
1213
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
1214
##
1215
podMonitorNamespaceSelector: {}
1216
## @param prometheus.probeSelector Probes to be selected for target discovery.
1217
## If {}, select all Probes
1218
##
1219
probeSelector: {}
1220
## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery
1221
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
1222
##
1223
probeNamespaceSelector: {}
1224
## @param prometheus.scrapeConfigSelector ScrapeConfig to be selected for target discovery.
1225
## If {}, select all ScrapeConfig
1226
##
1227
scrapeConfigSelector: {}
1228
## @param prometheus.scrapeConfigNamespaceSelector Namespaces to be selected for ScrapeConfig discovery
1229
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
1230
##
1231
scrapeConfigNamespaceSelector: {}
1232
## @param prometheus.scrapeClasses List of scrape classes to expose to scraping objects
1233
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#scrapeclass for usage
1234
##
1235
scrapeClasses: []
1236
## @param prometheus.retention Metrics retention days
1237
##
1238
retention: 10d
1239
## @param prometheus.retentionSize Maximum size of metrics
1240
##
1241
retentionSize: ""
1242
## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB
1243
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
1244
## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction
1245
##
1246
disableCompaction: false
1247
## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy
1248
##
1249
walCompression: false
1250
## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes
1251
##
1252
paused: false
1253
## @param prometheus.replicaCount Number of Prometheus replicas desired
1254
##
1255
replicaCount: 1
1256
## @param prometheus.shards Number of Prometheus shards desired
1257
##
1258
shards: 1
1259
## @param prometheus.logLevel Log level for Prometheus
1260
##
1261
logLevel: info
1262
## @param prometheus.logFormat Log format for Prometheus
1263
##
1264
logFormat: logfmt
1265
## @param prometheus.nameValidationScheme Specifies the validation scheme for metric and label names
1266
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.NameValidationSchemeOptions
1267
##
1268
nameValidationScheme: "UTF8"
1269
## @param prometheus.podMetadata [object] Standard object's metadata
1270
## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
1271
##
1272
podMetadata:
1273
## labels:
1274
## app: prometheus
1275
## k8s-app: prometheus
1276
##
1277
labels: {}
1278
annotations: {}
1279
## @param prometheus.remoteRead The remote_read spec configuration for Prometheus
1280
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
1281
## remoteRead:
1282
## - url: http://remote1/read
1283
##
1284
remoteRead: []
1285
## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus
1286
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
1287
## remoteWrite:
1288
## - url: http://remote1/push
1289
##
1290
remoteWrite: []
1291
## @param prometheus.enableRemoteWriteReceiver Enable Prometheus to be used as a receiver for the Prometheus remote write protocol.
1292
##
1293
enableRemoteWriteReceiver: false
1294
## @param prometheus.storageSpec Prometheus StorageSpec for persistent data
1295
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
1296
##
1297
storageSpec: {}
1298
## Prometheus persistence parameters
1299
##
1300
persistence:
1301
## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect.
1302
##
1303
enabled: false
1304
## @param prometheus.persistence.storageClass Persistent Volume Storage Class
1305
## If defined, storageClassName: <storageClass>
1306
## If set to "-", storageClassName: "", which disables dynamic provisioning
1307
## If undefined (the default) or set to null, no storageClassName spec is
1308
## set, choosing the default provisioner.
1309
##
1310
storageClass: ""
1311
## @param prometheus.persistence.accessModes Persistent Volume Access Modes
1312
##
1313
accessModes:
1314
- ReadWriteOnce
1315
## @param prometheus.persistence.size Persistent Volume Size
1316
##
1317
size: 8Gi
1318
## @param prometheus.persistence.annotations Persistent Volume Claim annotations
1319
##
1320
annotations: {}
1321
## @param prometheus.priorityClassName Priority class assigned to the Pods
1322
##
1323
priorityClassName: ""
1324
## @param prometheus.containers Containers allows injecting additional containers
1325
##
1326
containers: []
1327
## @param prometheus.initContainers Add additional init containers to the prometheus pod(s)
1328
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1329
## e.g:
1330
## initContainers:
1331
## - name: your-image-name
1332
## image: your-image
1333
## imagePullPolicy: Always
1334
## command: ['sh', '-c', 'echo "hello world"']
1335
##
1336
initContainers: []
1337
## @param prometheus.volumes Volumes allows configuration of additional volumes
1338
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
1339
##
1340
volumes: []
1341
## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template
1342
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
1343
##
1344
volumeMounts: []
1345
## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance.
1346
## - name: custom-recording-rules
1347
## groups:
1348
## - name: sum_node_by_job
1349
## rules:
1350
## - record: job:kube_node_labels:sum
1351
## expr: sum(kube_node_labels) by (job)
1352
## - name: sum_prometheus_config_reload_by_pod
1353
## rules:
1354
## - record: job:prometheus_config_last_reload_successful:sum
1355
## expr: sum(prometheus_config_last_reload_successful) by (pod)
1356
## - name: custom-alerting-rules
1357
## groups:
1358
## - name: prometheus-config
1359
## rules:
1360
## - alert: PrometheusConfigurationReload
1361
## expr: prometheus_config_last_reload_successful > 0
1362
## for: 1m
1363
## labels:
1364
## severity: error
1365
## annotations:
1366
## summary: "Prometheus configuration reload (instance {{ $labels.instance }})"
1367
## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
1368
## - name: custom-node-exporter-alerting-rules
1369
## rules:
1370
## - alert: PhysicalComponentTooHot
1371
## expr: node_hwmon_temp_celsius > 75
1372
## for: 5m
1373
## labels:
1374
## severity: warning
1375
## annotations:
1376
## summary: "Physical component too hot (instance {{ $labels.instance }})"
1377
## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
1378
## - alert: NodeOvertemperatureAlarm
1379
## expr: node_hwmon_temp_alarm == 1
1380
## for: 5m
1381
## labels:
1382
## severity: critical
1383
## annotations:
1384
## summary: "Node overtemperature alarm (instance {{ $labels.instance }})"
1385
## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
1386
##
1387
## @param prometheus.additionalArgs Allows setting additional arguments for the Prometheus container
1388
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Prometheus
1389
##
1390
additionalArgs: []
1391
additionalPrometheusRules: []
1392
## Note that the prometheus will fail to provision if the correct secret does not exist.
1393
## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs
1394
## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs
1395
## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration
1396
## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration
1397
## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs
1398
##
1399
additionalScrapeConfigs:
1400
enabled: false
1401
type: external
1402
external:
1403
## Name of the secret that Prometheus should use for the additional scrape configuration
1404
##
1405
name: ""
1406
## Name of the key inside the secret to be used for the additional scrape configuration.
1407
##
1408
key: ""
1409
internal:
1410
jobList: []
1411
## Enable additional Prometheus alert relabel configs that are managed externally to this chart
1412
## Note that the prometheus will fail to provision if the correct secret does not exist.
1413
## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart
1414
## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration
1415
## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration
1416
##
1417
additionalAlertRelabelConfigsExternal:
1418
enabled: false
1419
name: ""
1420
key: ""
1421
## Enable additional Prometheus AlertManager configs that are managed externally to this chart
1422
## Note that the prometheus will fail to provision if the correct secret does not exist.
1423
## @param prometheus.additionalAlertManagerExternal.enabled Enable additional Prometheus AlertManager configs that are managed externally to this chart
1424
## @param prometheus.additionalAlertManagerExternal.name Name of the secret that Prometheus should use for the additional Prometheus AlertManager configuration
1425
## @param prometheus.additionalAlertManagerExternal.key Name of the key inside the secret to be used for the additional Prometheus AlertManager configuration
1426
##
1427
additionalAlertManagerExternal:
1428
enabled: false
1429
name: ""
1430
key: ""
1431
## Thanos sidecar container configuration
1432
##
1433
thanos:
1434
## @param prometheus.thanos.create Create a Thanos sidecar container
1435
##
1436
create: false
1437
## Iamguarded Thanos image
1438
## ref: https://hub.docker.com/r/iamguarded/thanos/tags/
1439
## @param prometheus.thanos.image.registry [default: REGISTRY_NAME] Thanos image registry
1440
## @param prometheus.thanos.image.repository [default: REPOSITORY_NAME/thanos] Thanos image name
1441
## @skip prometheus.thanos.image.tag Thanos image tag
1442
## @param prometheus.thanos.image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1443
## @param prometheus.thanos.image.pullPolicy Thanos image pull policy
1444
## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array
1445
##
1446
image:
1447
registry: cgr.dev
1448
repository: chainguard-private/thanos-iamguarded
1449
tag: 0.41.0
1450
digest: ""
1451
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1452
##
1453
pullPolicy: IfNotPresent
1454
## Optionally specify an array of imagePullSecrets.
1455
## Secrets must be manually created in the namespace.
1456
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1457
## Example:
1458
## pullSecrets:
1459
## - myRegistryKeySecretName
1460
##
1461
pullSecrets: []
1462
## Thanos Sidecar container's securityContext
1463
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1464
## @param prometheus.thanos.containerSecurityContext.enabled Enabled containers' Security Context
1465
## @param prometheus.thanos.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1466
## @param prometheus.thanos.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1467
## @param prometheus.thanos.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1468
## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1469
## @param prometheus.thanos.containerSecurityContext.privileged Set container's Security Context privileged
1470
## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1471
## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1472
## @param prometheus.thanos.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1473
## @param prometheus.thanos.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1474
##
1475
containerSecurityContext:
1476
enabled: true
1477
seLinuxOptions: {}
1478
runAsUser: 1001
1479
runAsGroup: 1001
1480
runAsNonRoot: true
1481
privileged: false
1482
readOnlyRootFilesystem: true
1483
allowPrivilegeEscalation: false
1484
capabilities:
1485
drop: ["ALL"]
1486
seccompProfile:
1487
type: "RuntimeDefault"
1488
## @param prometheus.thanos.containerPorts.grpc Thanos grpc port
1489
## @param prometheus.thanos.containerPorts.http Thanos http port
1490
##
1491
containerPorts:
1492
grpc: 10901
1493
http: 10902
1494
## @param prometheus.thanos.prometheusUrl Override default prometheus url `http://localhost:9090`
1495
##
1496
prometheusUrl: ""
1497
## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container
1498
## extraArgs:
1499
## - --log.level=debug
1500
## - --tsdb.path=/data/
1501
##
1502
extraArgs: []
1503
## @param prometheus.thanos.objectStorageConfig.secretName Support mounting a Secret for the objectStorageConfig of the sideCar container.
1504
## @param prometheus.thanos.objectStorageConfig.secretKey Secret key with the configuration file.
1505
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md
1506
## objectStorageConfig:
1507
## secretName: thanos-objstore-config
1508
## secretKey: thanos.yaml
1509
##
1510
objectStorageConfig:
1511
secretName: ""
1512
secretKey: thanos.yaml
1513
## @param prometheus.thanos.extraEnvVars Array with extra environment variables to add to the thanos sidecar container
1514
## For example:
1515
## extraEnvVars:
1516
## - name: REQUEST_LOGGING_CONFIG
1517
## valueFrom:
1518
## secretKeyRef:
1519
## name: thanos-request-logging-config
1520
## key: request-logging-config.yml
1521
##
1522
extraEnvVars: []
1523
## @param prometheus.thanos.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the thanos sidecar container
1524
##
1525
extraEnvVarsCM: ""
1526
## @param prometheus.thanos.extraEnvVarsSecret Name of existing Secret containing extra env vars for the thanos sidecar container
1527
##
1528
extraEnvVarsSecret: ""
1529
## ref: https://github.com/thanos-io/thanos/blob/main/docs/components/sidecar.md
1530
## @param prometheus.thanos.extraVolumeMounts Additional volumeMounts from `prometheus.volumes` for thanos sidecar container
1531
## extraVolumeMounts:
1532
## - name: my-secret-volume
1533
## mountPath: /etc/thanos/secrets/my-secret
1534
##
1535
extraVolumeMounts: []
1536
## Thanos sidecar container resource requests and limits.
1537
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1538
## We usually recommend not to specify default resources and to leave this as a conscious
1539
## choice for the user. This also increases chances charts run on environments with little
1540
## resources, such as Minikube. If you do want to specify resources, uncomment the following
1541
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1542
## @param prometheus.thanos.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if prometheus.thanos.resources is set (prometheus.thanos.resources is recommended for production).
1543
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1544
##
1545
resourcesPreset: "nano"
1546
## @param prometheus.thanos.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1547
## Example:
1548
## resources:
1549
## requests:
1550
## cpu: 2
1551
## memory: 512Mi
1552
## limits:
1553
## cpu: 3
1554
## memory: 1024Mi
1555
##
1556
resources: {}
1557
## Configure extra options for liveness probe
1558
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1559
## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe
1560
## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state
1561
## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
1562
## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe
1563
## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out
1564
## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe
1565
## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe
1566
##
1567
livenessProbe:
1568
enabled: true
1569
path: /-/healthy
1570
initialDelaySeconds: 0
1571
periodSeconds: 5
1572
timeoutSeconds: 3
1573
failureThreshold: 120
1574
successThreshold: 1
1575
## Configure extra options for readiness probe
1576
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1577
## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe
1578
## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state
1579
## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
1580
## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe
1581
## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out
1582
## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe
1583
## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe
1584
##
1585
readinessProbe:
1586
enabled: true
1587
path: /-/ready
1588
initialDelaySeconds: 0
1589
periodSeconds: 5
1590
timeoutSeconds: 3
1591
failureThreshold: 120
1592
successThreshold: 1
1593
## Thanos Sidecar Service
1594
##
1595
service:
1596
## @param prometheus.thanos.service.type Kubernetes service type
1597
##
1598
type: ClusterIP
1599
## @param prometheus.thanos.service.ports.grpc Thanos service port
1600
## @param prometheus.thanos.service.ports.http Thanos service port
1601
##
1602
ports:
1603
grpc: 10901
1604
http: 10902
1605
## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default.
1606
## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests.
1607
##
1608
clusterIP: None
1609
## @param prometheus.thanos.service.nodePorts.grpc Specify the nodePort value for the LoadBalancer and NodePort service types.
1610
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1611
## e.g:
1612
## nodePort: 30901
1613
##
1614
nodePorts:
1615
grpc: ""
1616
## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
1617
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1618
##
1619
loadBalancerIP: ""
1620
## @param prometheus.thanos.service.loadBalancerClass Thanos service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1621
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1622
##
1623
loadBalancerClass: ""
1624
## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer`
1625
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1626
## e.g:
1627
## loadBalancerSourceRanges:
1628
## - 10.10.10.0/24
1629
##
1630
loadBalancerSourceRanges: []
1631
## @param prometheus.thanos.service.labels Additional labels for Thanos service
1632
##
1633
labels: {}
1634
## @param prometheus.thanos.service.annotations Additional annotations for Thanos service
1635
##
1636
annotations: {}
1637
## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container
1638
## extraPorts:
1639
## - name: http
1640
## port: 10902
1641
## targetPort: http
1642
## protocol: TCP
1643
##
1644
extraPorts: []
1645
## @param prometheus.thanos.service.externalTrafficPolicy Prometheus service external traffic policy
1646
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1647
##
1648
externalTrafficPolicy: Cluster
1649
## @param prometheus.thanos.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1650
## If "ClientIP", consecutive client requests will be directed to the same Pod
1651
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1652
##
1653
sessionAffinity: None
1654
## @param prometheus.thanos.service.sessionAffinityConfig Additional settings for the sessionAffinity
1655
## sessionAffinityConfig:
1656
## clientIP:
1657
## timeoutSeconds: 300
1658
##
1659
sessionAffinityConfig: {}
1660
## Configure the ingress resource that allows you to access the
1661
## Thanos Sidecar installation. Set up the URL
1662
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
1663
##
1664
ingress:
1665
## @param prometheus.thanos.ingress.enabled Enable ingress controller resource
1666
##
1667
enabled: false
1668
## @param prometheus.thanos.ingress.pathType Ingress path type
1669
##
1670
pathType: ImplementationSpecific
1671
## @param prometheus.thanos.ingress.apiVersion Force Ingress API version (automatically detected if not set)
1672
##
1673
apiVersion: ""
1674
## @param prometheus.thanos.ingress.hostname Default host for the ingress record
1675
##
1676
hostname: thanos.prometheus.local
1677
## @param prometheus.thanos.ingress.path Default path for the ingress record
1678
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
1679
##
1680
path: /
1681
## @param prometheus.thanos.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
1682
## For a full list of possible ingress annotations, please see
1683
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
1684
## Use this parameter to set the required annotations for cert-manager, see
1685
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
1686
##
1687
## Examples:
1688
## kubernetes.io/ingress.class: nginx
1689
## cert-manager.io/cluster-issuer: cluster-issuer-name
1690
##
1691
annotations: {}
1692
## @param prometheus.thanos.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
1693
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
1694
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
1695
##
1696
ingressClassName: ""
1697
## @param prometheus.thanos.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
1698
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
1699
## You can:
1700
## - Use the `ingress.secrets` parameter to create this TLS secret
1701
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
1702
## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
1703
##
1704
tls: false
1705
## @param prometheus.thanos.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
1706
##
1707
selfSigned: false
1708
## @param prometheus.thanos.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
1709
## e.g:
1710
## extraHosts:
1711
## - name: thanos.prometheus.local
1712
## path: /
1713
##
1714
extraHosts: []
1715
## @param prometheus.thanos.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
1716
## e.g:
1717
## extraPaths:
1718
## - path: /*
1719
## backend:
1720
## serviceName: ssl-redirect
1721
## servicePort: use-annotation
1722
##
1723
extraPaths: []
1724
## @param prometheus.thanos.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
1725
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
1726
## e.g:
1727
## extraTls:
1728
## - hosts:
1729
## - thanos.prometheus.local
1730
## secretName: thanos.prometheus.local-tls
1731
##
1732
extraTls: []
1733
## @param prometheus.thanos.ingress.secrets Custom TLS certificates as secrets
1734
## NOTE: 'key' and 'certificate' are expected in PEM format
1735
## NOTE: 'name' should line up with a 'secretName' set further up
1736
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
1737
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
1738
## It is also possible to create and manage the certificates outside of this helm chart
1739
## Please see README.md for more information
1740
## e.g:
1741
## secrets:
1742
## - name: thanos.prometheus.local-tls
1743
## key: |-
1744
## -----BEGIN RSA PRIVATE KEY-----
1745
## ...
1746
## -----END RSA PRIVATE KEY-----
1747
## certificate: |-
1748
## -----BEGIN CERTIFICATE-----
1749
## ...
1750
## -----END CERTIFICATE-----
1751
##
1752
secrets: []
1753
## @param prometheus.thanos.ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template
1754
## Useful when looking for additional customization, such as using different backend
1755
##
1756
extraRules: []
1757
## Create a ServiceMonitor to monitor Prometheus thanos sidecar
1758
##
1759
serviceMonitor:
1760
## @param prometheus.thanos.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus thanos sidecar
1761
##
1762
enabled: false
1763
## @param prometheus.thanos.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
1764
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
1765
##
1766
interval: ""
1767
## @param prometheus.thanos.serviceMonitor.path HTTP path to scrape for metrics
1768
##
1769
path: /metrics
1770
## @param prometheus.thanos.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1771
##
1772
jobLabel: ""
1773
## @param prometheus.thanos.serviceMonitor.metricRelabelings Metric relabeling
1774
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
1775
##
1776
metricRelabelings: []
1777
## @param prometheus.thanos.serviceMonitor.relabelings Relabel configs
1778
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
1779
##
1780
relabelings: []
1781
## @param prometheus.thanos.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
1782
##
1783
sampleLimit: ""
1784
## config-reloader sidecar container configuration
1785
##
1786
configReloader:
1787
## config-reloader sidecar Service
1788
##
1789
service:
1790
## @param prometheus.configReloader.service.enabled Enable config-reloader sidecar service
1791
##
1792
enabled: false
1793
## @param prometheus.configReloader.service.type Kubernetes service type
1794
##
1795
type: ClusterIP
1796
## @param prometheus.configReloader.service.ports.http config-reloader sidecar container service port
1797
##
1798
ports:
1799
http: 8080
1800
## @param prometheus.configReloader.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default.
1801
## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests.
1802
##
1803
clusterIP: None
1804
## @param prometheus.configReloader.service.nodePorts.http Specify the nodePort value for the LoadBalancer and NodePort service types.
1805
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
1806
## e.g:
1807
## nodePort: 30901
1808
##
1809
nodePorts:
1810
http: ""
1811
## @param prometheus.configReloader.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
1812
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
1813
##
1814
loadBalancerIP: ""
1815
## @param prometheus.configReloader.service.loadBalancerClass Prometheus Config Reloader service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1816
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1817
##
1818
loadBalancerClass: ""
1819
## @param prometheus.configReloader.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer`
1820
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1821
## e.g:
1822
## loadBalancerSourceRanges:
1823
## - 10.10.10.0/24
1824
##
1825
loadBalancerSourceRanges: []
1826
## @param prometheus.configReloader.service.labels Additional labels for Prometheus service
1827
##
1828
labels: {}
1829
## @param prometheus.configReloader.service.annotations Additional annotations for Prometheus service
1830
##
1831
annotations: {}
1832
## @param prometheus.configReloader.service.extraPorts Additional ports to expose from the config-reloader sidecar container
1833
## extraPorts:
1834
## - name: http
1835
## port: 10902
1836
## targetPort: http
1837
## protocol: TCP
1838
##
1839
extraPorts: []
1840
## @param prometheus.configReloader.service.externalTrafficPolicy Prometheus service external traffic policy
1841
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1842
##
1843
externalTrafficPolicy: Cluster
1844
## @param prometheus.configReloader.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1845
## If "ClientIP", consecutive client requests will be directed to the same Pod
1846
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1847
##
1848
sessionAffinity: None
1849
## @param prometheus.configReloader.service.sessionAffinityConfig Additional settings for the sessionAffinity
1850
## sessionAffinityConfig:
1851
## clientIP:
1852
## timeoutSeconds: 300
1853
##
1854
sessionAffinityConfig: {}
1855
## Create a ServiceMonitor to monitor Prometheus config-reloader sidecar
1856
##
1857
serviceMonitor:
1858
## @param prometheus.configReloader.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus config-reloader sidecar
1859
##
1860
enabled: false
1861
## @param prometheus.configReloader.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
1862
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
1863
##
1864
interval: ""
1865
## @param prometheus.configReloader.serviceMonitor.path HTTP path to scrape for metrics
1866
##
1867
path: /metrics
1868
## @param prometheus.configReloader.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1869
##
1870
jobLabel: ""
1871
## @param prometheus.configReloader.serviceMonitor.metricRelabelings Metric relabeling
1872
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
1873
##
1874
metricRelabelings: []
1875
## @param prometheus.configReloader.serviceMonitor.relabelings Relabel configs
1876
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
1877
##
1878
relabelings: []
1879
## @param prometheus.configReloader.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
1880
##
1881
sampleLimit: ""
1882
## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
1883
##
1884
portName: web
1885
## @section Alertmanager Parameters
1886
##
1887
1888
## Configuration for alertmanager
1889
## ref: https://prometheus.io/docs/alerting/alertmanager/
1890
##
1891
alertmanager:
1892
## @param alertmanager.enabled Deploy Alertmanager to the cluster
1893
##
1894
enabled: true
1895
## Iamguarded Alertmanager image version
1896
## ref: https://hub.docker.com/r/iamguarded/alertmanager/tags/
1897
## @param alertmanager.image.registry [default: REGISTRY_NAME] Alertmanager image registry
1898
## @param alertmanager.image.repository [default: REPOSITORY_NAME/alertmanager] Alertmanager image repository
1899
## @skip alertmanager.image.tag Alertmanager image tag (immutable tags are recommended)
1900
## @param alertmanager.image.digest Alertmanager image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1901
## @param alertmanager.image.pullPolicy Alertmanager image pull policy
1902
## @param alertmanager.image.pullSecrets Specify docker-registry secret names as an array
1903
##
1904
image:
1905
registry: cgr.dev
1906
repository: chainguard-private/prometheus-alertmanager-iamguarded
1907
tag: 0.31.1
1908
digest: ""
1909
pullPolicy: IfNotPresent
1910
## Optionally specify an array of imagePullSecrets.
1911
## Secrets must be manually created in the namespace.
1912
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1913
## Example:
1914
## pullSecrets:
1915
## - myRegistryKeySecretName
1916
##
1917
pullSecrets: []
1918
## Service account for Alertmanager to use.
1919
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1920
##
1921
serviceAccount:
1922
## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager
1923
##
1924
create: true
1925
## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create
1926
## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template
1927
##
1928
name: ""
1929
## @param alertmanager.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
1930
##
1931
automountServiceAccountToken: false
1932
## @param alertmanager.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1933
##
1934
annotations: {}
1935
## Prometheus Alertmanager pods' Security Context
1936
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1937
## @param alertmanager.podSecurityContext.enabled Enable security context
1938
## @param alertmanager.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1939
## @param alertmanager.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1940
## @param alertmanager.podSecurityContext.supplementalGroups Set filesystem extra groups
1941
## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem
1942
##
1943
podSecurityContext:
1944
enabled: true
1945
fsGroupChangePolicy: Always
1946
sysctls: []
1947
supplementalGroups: []
1948
fsGroup: 1001
1949
## Prometheus Alertmanager container's securityContext
1950
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1951
## @param alertmanager.containerSecurityContext.enabled Enabled containers' Security Context
1952
## @param alertmanager.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1953
## @param alertmanager.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1954
## @param alertmanager.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1955
## @param alertmanager.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1956
## @param alertmanager.containerSecurityContext.privileged Set container's Security Context privileged
1957
## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1958
## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1959
## @param alertmanager.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1960
## @param alertmanager.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1961
##
1962
containerSecurityContext:
1963
enabled: true
1964
seLinuxOptions: {}
1965
runAsUser: 1001
1966
runAsGroup: 1001
1967
runAsNonRoot: true
1968
privileged: false
1969
readOnlyRootFilesystem: true
1970
allowPrivilegeEscalation: false
1971
capabilities:
1972
drop: ["ALL"]
1973
seccompProfile:
1974
type: "RuntimeDefault"
1975
## Configure pod disruption budgets for Alertmanager
1976
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
1977
## @param alertmanager.pdb.create Create a pod disruption budget for Alertmanager
1978
## @param alertmanager.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled
1979
## @param alertmanager.pdb.maxUnavailable Maximum number / percentage of pods that may be made unavailable
1980
##
1981
pdb:
1982
create: true
1983
minAvailable: ""
1984
maxUnavailable: ""
1985
## Alertmanager Service
1986
##
1987
service:
1988
## @param alertmanager.service.type Kubernetes service type
1989
##
1990
type: ClusterIP
1991
## @param alertmanager.service.ports.http Alertmanager service port
1992
##
1993
ports:
1994
http: 9093
1995
## @param alertmanager.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service
1996
## e.g:
1997
## clusterIP: None
1998
##
1999
clusterIP: ""
2000
## @param alertmanager.service.nodePorts.http Specify the nodePort value for the LoadBalancer and NodePort service types.
2001
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
2002
## e.g:
2003
## nodePort: 30903
2004
##
2005
nodePorts:
2006
http: ""
2007
## @param alertmanager.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
2008
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
2009
##
2010
loadBalancerIP: ""
2011
## @param alertmanager.service.loadBalancerClass Alertmanager service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
2012
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2013
##
2014
loadBalancerClass: ""
2015
## @param alertmanager.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer`
2016
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2017
## e.g:
2018
## loadBalancerSourceRanges:
2019
## - 10.10.10.0/24
2020
##
2021
loadBalancerSourceRanges: []
2022
## @param alertmanager.service.externalTrafficPolicy Enable client source IP preservation
2023
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2024
## There are two available options: Cluster (default) and Local.
2025
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2026
##
2027
externalTrafficPolicy: Cluster
2028
## @param alertmanager.service.healthCheckNodePort Specifies the health check node port
2029
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2030
##
2031
healthCheckNodePort: ""
2032
## @param alertmanager.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2033
##
2034
extraPorts: []
2035
## @param alertmanager.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
2036
## If "ClientIP", consecutive client requests will be directed to the same Pod
2037
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2038
##
2039
sessionAffinity: None
2040
## @param alertmanager.service.sessionAffinityConfig Additional settings for the sessionAffinity
2041
## sessionAffinityConfig:
2042
## clientIP:
2043
## timeoutSeconds: 300
2044
##
2045
sessionAffinityConfig: {}
2046
## @param alertmanager.service.annotations Additional annotations for Alertmanager service (this value is evaluated as a template)
2047
##
2048
annotations: {}
2049
## Network Policies
2050
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2051
##
2052
networkPolicy:
2053
## @param alertmanager.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2054
##
2055
enabled: true
2056
## @param alertmanager.networkPolicy.allowExternal Don't require server label for connections
2057
## The Policy model to apply. When set to false, only pods with the correct
2058
## server label will have network access to the ports server is listening
2059
## on. When true, server will accept connections from any source
2060
## (with the correct destination port).
2061
##
2062
allowExternal: true
2063
## @param alertmanager.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2064
##
2065
allowExternalEgress: true
2066
## @param alertmanager.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2067
## e.g:
2068
## extraIngress:
2069
## - ports:
2070
## - port: 1234
2071
## from:
2072
## - podSelector:
2073
## - matchLabels:
2074
## - role: frontend
2075
## - podSelector:
2076
## - matchExpressions:
2077
## - key: role
2078
## operator: In
2079
## values:
2080
## - frontend
2081
extraIngress: []
2082
## @param alertmanager.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2083
## e.g:
2084
## extraEgress:
2085
## - ports:
2086
## - port: 1234
2087
## to:
2088
## - podSelector:
2089
## - matchLabels:
2090
## - role: frontend
2091
## - podSelector:
2092
## - matchExpressions:
2093
## - key: role
2094
## operator: In
2095
## values:
2096
## - frontend
2097
##
2098
extraEgress: []
2099
## @param alertmanager.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2100
## @param alertmanager.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2101
##
2102
ingressNSMatchLabels: {}
2103
ingressNSPodMatchLabels: {}
2104
## If true, create a serviceMonitor for alertmanager
2105
##
2106
serviceMonitor:
2107
## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager
2108
##
2109
enabled: true
2110
## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used.
2111
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
2112
##
2113
interval: ""
2114
## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling
2115
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
2116
##
2117
metricRelabelings: []
2118
## @param alertmanager.serviceMonitor.relabelings Relabel configs
2119
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
2120
##
2121
relabelings: []
2122
## @param alertmanager.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2123
##
2124
jobLabel: ""
2125
## @param alertmanager.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
2126
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2127
##
2128
scrapeTimeout: ""
2129
## @param alertmanager.serviceMonitor.selector ServiceMonitor selector labels
2130
## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration
2131
##
2132
## selector:
2133
## prometheus: my-prometheus
2134
##
2135
selector: {}
2136
## @param alertmanager.serviceMonitor.labels Extra labels for the ServiceMonitor
2137
##
2138
labels: {}
2139
## @param alertmanager.serviceMonitor.annotations Extra annotations for the ServiceMonitor
2140
##
2141
annotations: {}
2142
## @param alertmanager.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
2143
##
2144
honorLabels: false
2145
## @param alertmanager.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor
2146
## (e.g. tlsConfig for further customization of the HTTPS behavior)
2147
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint
2148
##
2149
extraParameters: {}
2150
## @param alertmanager.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
2151
##
2152
sampleLimit: ""
2153
## Configure the ingress resource that allows you to access the
2154
## Alertmanager installation. Set up the URL
2155
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
2156
##
2157
ingress:
2158
## @param alertmanager.ingress.enabled Enable ingress controller resource
2159
##
2160
enabled: false
2161
## @param alertmanager.ingress.pathType Ingress Path type
2162
##
2163
pathType: ImplementationSpecific
2164
## @param alertmanager.ingress.apiVersion Override API Version (automatically detected if not set)
2165
##
2166
apiVersion: ""
2167
## @param alertmanager.ingress.hostname Default host for the ingress resource
2168
##
2169
hostname: alertmanager.local
2170
## @param alertmanager.ingress.path The Path to Alert Manager. You may need to set this to '/*' in order to use this with ALB ingress controllers.
2171
##
2172
path: /
2173
## @param alertmanager.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
2174
## For a full list of possible ingress annotations, please see
2175
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
2176
## Use this parameter to set the required annotations for cert-manager, see
2177
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2178
##
2179
## e.g:
2180
## annotations:
2181
## kubernetes.io/ingress.class: nginx
2182
## cert-manager.io/cluster-issuer: cluster-issuer-name
2183
##
2184
annotations: {}
2185
## @param alertmanager.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2186
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2187
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2188
##
2189
ingressClassName: ""
2190
## @param alertmanager.ingress.tls Enable TLS configuration for the hostname defined at alertmanager.ingress.hostname parameter
2191
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.alertmanager.ingress.hostname }}
2192
## You can use the alertmanager.ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
2193
##
2194
tls: false
2195
## @param alertmanager.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2196
##
2197
selfSigned: false
2198
## @param alertmanager.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
2199
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
2200
## extraHosts:
2201
## - name: alertmanager.local
2202
## path: /
2203
##
2204
extraHosts: []
2205
## @param alertmanager.ingress.extraPaths Additional arbitrary path/backend objects
2206
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
2207
## extraPaths:
2208
## - path: /*
2209
## backend:
2210
## serviceName: ssl-redirect
2211
## servicePort: use-annotation
2212
##
2213
extraPaths: []
2214
## @param alertmanager.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
2215
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2216
## extraTls:
2217
## - hosts:
2218
## - alertmanager.local
2219
## secretName: alertmanager.local-tls
2220
##
2221
extraTls: []
2222
## @param alertmanager.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
2223
## key and certificate should start with -----BEGIN CERTIFICATE----- or
2224
## -----BEGIN RSA PRIVATE KEY-----
2225
##
2226
## name should line up with a tlsSecret set further up
2227
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
2228
##
2229
## It is also possible to create and manage the certificates outside of this helm chart
2230
## Please see README.md for more information
2231
## secrets:
2232
## - name: alertmanager.local-tls
2233
## key:
2234
## certificate:
2235
##
2236
secrets: []
2237
## @param alertmanager.ingress.extraRules Additional rules to be covered with this ingress record
2238
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2239
## e.g:
2240
## extraRules:
2241
## - host: example.local
2242
## http:
2243
## path: /
2244
## backend:
2245
## service:
2246
## name: example-svc
2247
## port:
2248
## name: http
2249
##
2250
extraRules: []
2251
## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features.
2252
##
2253
enableFeatures: []
2254
## @param alertmanager.externalUrl External URL used to access Alertmanager
2255
## e.g:
2256
## externalUrl: https://alertmanager.example.com
2257
##
2258
externalUrl: ""
2259
## @param alertmanager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if alertmanager.resources is set (alertmanager.resources is recommended for production).
2260
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
2261
##
2262
resourcesPreset: "nano"
2263
## @param alertmanager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2264
## Example:
2265
## resources:
2266
## requests:
2267
## cpu: 2
2268
## memory: 512Mi
2269
## limits:
2270
## cpu: 3
2271
## memory: 1024Mi
2272
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2273
##
2274
resources: {}
2275
## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2276
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2277
##
2278
podAffinityPreset: ""
2279
## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2280
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2281
##
2282
podAntiAffinityPreset: soft
2283
## Node affinity preset
2284
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2285
##
2286
nodeAffinityPreset:
2287
## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2288
##
2289
type: ""
2290
## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set.
2291
## E.g.
2292
## key: "kubernetes.io/e2e-az-name"
2293
##
2294
key: ""
2295
## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set.
2296
## E.g.
2297
## values:
2298
## - e2e-az1
2299
## - e2e-az2
2300
##
2301
values: []
2302
## @param alertmanager.affinity Alertmanager Affinity for pod assignment
2303
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2304
## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set
2305
##
2306
affinity: {}
2307
## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment
2308
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2309
##
2310
nodeSelector: {}
2311
## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment
2312
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2313
##
2314
tolerations: []
2315
## Alertmanager configuration
2316
## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
2317
## @param alertmanager.config [object] Alertmanager configuration directive
2318
## @skip alertmanager.config.route.group_by
2319
## @skip alertmanager.config.route.routes
2320
## @skip alertmanager.config.receivers
2321
##
2322
config:
2323
global:
2324
resolve_timeout: 5m
2325
route:
2326
group_by: ['job']
2327
group_wait: 30s
2328
group_interval: 5m
2329
repeat_interval: 12h
2330
receiver: 'null'
2331
routes:
2332
- match:
2333
alertname: Watchdog
2334
receiver: 'null'
2335
receivers:
2336
- name: 'null'
2337
## @param alertmanager.templateFiles Extra files to be added inside the `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}` secret.
2338
##
2339
templateFiles: {}
2340
## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created.
2341
## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}`
2342
## It must contain:
2343
## alertmanager.yaml: <config>
2344
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting
2345
##
2346
externalConfig: false
2347
## @param alertmanager.replicaCount Number of Alertmanager replicas desired
2348
##
2349
replicaCount: 1
2350
## Configure extra options for liveness probe
2351
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
2352
## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe
2353
## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state
2354
## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
2355
## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe
2356
## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out
2357
## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe
2358
## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe
2359
##
2360
livenessProbe:
2361
enabled: true
2362
path: /-/healthy
2363
initialDelaySeconds: 0
2364
periodSeconds: 5
2365
timeoutSeconds: 3
2366
failureThreshold: 120
2367
successThreshold: 1
2368
## Configure extra options for readiness probe
2369
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
2370
## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe
2371
## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state
2372
## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
2373
## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe
2374
## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out
2375
## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe
2376
## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe
2377
##
2378
readinessProbe:
2379
enabled: true
2380
path: /-/ready
2381
initialDelaySeconds: 0
2382
periodSeconds: 5
2383
timeoutSeconds: 3
2384
failureThreshold: 120
2385
successThreshold: 1
2386
## @param alertmanager.logLevel Log level for Alertmanager
2387
##
2388
logLevel: info
2389
## @param alertmanager.logFormat Log format for Alertmanager
2390
##
2391
logFormat: logfmt
2392
## @param alertmanager.podMetadata [object] Standard object's metadata.
2393
## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
2394
##
2395
podMetadata:
2396
labels: {}
2397
annotations: {}
2398
## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods
2399
##
2400
secrets: []
2401
## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods
2402
##
2403
configMaps: []
2404
## @param alertmanager.retention Metrics retention days
2405
##
2406
retention: 120h
2407
## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data
2408
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
2409
##
2410
storageSpec: {}
2411
## Alertmanager persistence parameters
2412
##
2413
persistence:
2414
## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect.
2415
## If you want to use this configuration make sure the storageSpec is not provided.
2416
##
2417
enabled: false
2418
## @param alertmanager.persistence.storageClass Persistent Volume Storage Class
2419
## If defined, storageClassName: <storageClass>
2420
## If set to "-", storageClassName: "", which disables dynamic provisioning
2421
## If undefined (the default) or set to null, no storageClassName spec is
2422
## set, choosing the default provisioner.
2423
##
2424
storageClass: ""
2425
## @param alertmanager.persistence.accessModes Persistent Volume Access Modes
2426
##
2427
accessModes:
2428
- ReadWriteOnce
2429
## @param alertmanager.persistence.size Persistent Volume Size
2430
##
2431
size: 8Gi
2432
## @param alertmanager.persistence.annotations Persistent Volume Claim annotations
2433
##
2434
annotations: {}
2435
## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes
2436
##
2437
paused: false
2438
## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback
2439
##
2440
listenLocal: false
2441
## @param alertmanager.containers Containers allows injecting additional containers
2442
##
2443
containers: []
2444
## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template
2445
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
2446
##
2447
volumes: []
2448
## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template
2449
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec
2450
##
2451
volumeMounts: []
2452
## @param alertmanager.priorityClassName Priority class assigned to the Pods
2453
##
2454
priorityClassName: ""
2455
## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster
2456
##
2457
additionalPeers: []
2458
## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route
2459
## Useful for proxies that rewrite URLs.
2460
##
2461
routePrefix: /
2462
## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web
2463
##
2464
portName: web
2465
## @param alertmanager.configNamespaceSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {}
2466
##
2467
configNamespaceSelector: {}
2468
## @param alertmanager.configSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {}
2469
##
2470
configSelector: {}
2471
## @param alertmanager.configuration EXPERIMENTAL: alertmanagerConfiguration specifies the global Alertmanager configuration. If defined, it takes precedence over the `configSecret` field. This field may change in future releases. The specified global alertmanager config will not force add a namespace label in routes and inhibitRules
2472
##
2473
configuration: {}
2474
## @param alertmanager.configMatcherStrategy alertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts.
2475
## E.g.
2476
## configMatcherStrategy:
2477
## type: OnNamespace
2478
## If type set to `OnNamespace`, the operator injects a label matcher matching the
2479
## namespace of the AlertmanagerConfig object for all its routes and inhibition
2480
## rules. `None` will not add any additional matchers other than the ones
2481
## specified in the AlertmanagerConfig. Default is `OnNamespace`.
2482
configMatcherStrategy: {}
2483
## @section Exporters
2484
##
2485
2486
## Exporters
2487
##
2488
exporters:
2489
node-exporter:
2490
## @param exporters.node-exporter.enabled Enable node-exporter
2491
##
2492
enabled: true
2493
kube-state-metrics:
2494
## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics
2495
##
2496
enabled: true
2497
## @param node-exporter [object] Node Exporter deployment configuration
2498
##
2499
node-exporter:
2500
image:
2501
registry: cgr.dev
2502
repository: chainguard-private/prometheus-node-exporter-iamguarded
2503
tag: 1.10.2
2504
digest: ""
2505
service:
2506
labels:
2507
jobLabel: node-exporter
2508
serviceMonitor:
2509
enabled: true
2510
jobLabel: jobLabel
2511
extraArgs:
2512
collector.filesystem.mount-points-exclude: "^/(dev|proc|sys|var/lib/docker/.+)($|/)"
2513
collector.filesystem.fs-types-exclude: "^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"
2514
## @param kube-state-metrics [object] Kube State Metrics deployment configuration
2515
##
2516
kube-state-metrics:
2517
image:
2518
registry: cgr.dev
2519
repository: chainguard-private/kube-state-metrics-iamguarded
2520
tag: 2.18.0
2521
digest: ""
2522
serviceMonitor:
2523
enabled: true
2524
honorLabels: true
2525
## Component scraping for kubelet and kubelet hosted cAdvisor
2526
##
2527
kubelet:
2528
## @param kubelet.enabled Create a ServiceMonitor to scrape kubelet service
2529
##
2530
enabled: true
2531
## @param kubelet.namespace Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace`
2532
##
2533
namespace: kube-system
2534
serviceMonitor:
2535
## @param kubelet.serviceMonitor.https Enable scraping of the kubelet over HTTPS
2536
##
2537
https: true
2538
## @param kubelet.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
2539
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
2540
##
2541
interval: ""
2542
## @param kubelet.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2543
##
2544
jobLabel: k8s-app
2545
## @param kubelet.serviceMonitor.resource Enable scraping /metrics/resource from kubelet's service
2546
##
2547
resource: false
2548
## @param kubelet.serviceMonitor.resourcePath From kubernetes 1.18, /metrics/resource/v1alpha1 was renamed to /metrics/resource
2549
##
2550
resourcePath: "/metrics/resource/v1alpha1"
2551
## @param kubelet.serviceMonitor.resourceRelabelings Metric relabeling
2552
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
2553
##
2554
resourceRelabelings: []
2555
## @param kubelet.serviceMonitor.resourceMetricRelabelings Metric relabeling
2556
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
2557
##
2558
resourceMetricRelabelings: []
2559
## @param kubelet.serviceMonitor.metricRelabelings Metric relabeling
2560
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
2561
##
2562
metricRelabelings: []
2563
## @param kubelet.serviceMonitor.relabelings Relabel configs
2564
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
2565
##
2566
relabelings: []
2567
## @param kubelet.serviceMonitor.cAdvisor Enable scraping /metrics/cadvisor from kubelet's service
2568
## ref: https://prometheus.io/docs/guides/cadvisor/#exploring-metrics-in-the-expression-browser
2569
##
2570
cAdvisor: true
2571
## @param kubelet.serviceMonitor.cAdvisorMetricRelabelings Metric relabeling for scraping cAdvisor
2572
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
2573
##
2574
cAdvisorMetricRelabelings: []
2575
## @param kubelet.serviceMonitor.cAdvisorRelabelings Relabel configs for scraping cAdvisor
2576
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
2577
##
2578
cAdvisorRelabelings: []
2579
## @param kubelet.serviceMonitor.labels Extra labels for the ServiceMonitor
2580
##
2581
labels: {}
2582
## @param kubelet.serviceMonitor.annotations Extra annotations for the ServiceMonitor
2583
##
2584
annotations: {}
2585
## @param kubelet.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
2586
##
2587
sampleLimit: ""
2588
## @section Blackbox Exporter Deployment Parameters
2589
##
2590
blackboxExporter:
2591
## @param blackboxExporter.enabled Enable Blackbox Exporter deployment
2592
##
2593
enabled: true
2594
## Iamguarded Alertmanager image version
2595
## ref: https://hub.docker.com/r/iamguarded/prometheus-operator/tags/
2596
## @param blackboxExporter.image.registry [default: REGISTRY_NAME] Blackbox Exporter image registry
2597
## @param blackboxExporter.image.repository [default: REPOSITORY_NAME/blackbox-exporter] Blackbox Exporter image repository
2598
## @param blackboxExporter.image.pullPolicy Blackbox Exporter image pull policy
2599
## @skip blackboxExporter.image.tag Blackbox Exporter image tag (immutable tags are recommended)
2600
## @param blackboxExporter.image.digest Blackbox Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2601
## @param blackboxExporter.image.pullSecrets Specify docker-registry secret names as an array
2602
##
2603
image:
2604
registry: cgr.dev
2605
repository: chainguard-private/prometheus-blackbox-exporter-iamguarded
2606
tag: 0.28.0
2607
digest: ""
2608
pullPolicy: IfNotPresent
2609
## Optionally specify an array of imagePullSecrets.
2610
## Secrets must be manually created in the namespace.
2611
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2612
## Example:
2613
## pullSecrets:
2614
## - myRegistryKeySecretName
2615
##
2616
pullSecrets: []
2617
## @param blackboxExporter.extraEnvVars Array with extra environment variables to add to blackboxExporter nodes
2618
## e.g:
2619
## extraEnvVars:
2620
## - name: FOO
2621
## value: "bar"
2622
##
2623
extraEnvVars: []
2624
## @param blackboxExporter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for blackboxExporter nodes
2625
##
2626
extraEnvVarsCM: ""
2627
## @param blackboxExporter.extraEnvVarsSecret Name of existing Secret containing extra env vars for blackboxExporter nodes
2628
##
2629
extraEnvVarsSecret: ""
2630
## @param blackboxExporter.command Override default container command (useful when using custom images)
2631
##
2632
command: []
2633
## @param blackboxExporter.args Override default container args (useful when using custom images)
2634
##
2635
args: []
2636
## @param blackboxExporter.replicaCount Number of Blackbox Exporter replicas to deploy
2637
##
2638
replicaCount: 1
2639
## Configure extra options for Blackbox Exporter container liveness, readiness and startup probes
2640
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
2641
## @param blackboxExporter.livenessProbe.enabled Enable livenessProbe on Blackbox Exporter nodes
2642
## @param blackboxExporter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2643
## @param blackboxExporter.livenessProbe.periodSeconds Period seconds for livenessProbe
2644
## @param blackboxExporter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2645
## @param blackboxExporter.livenessProbe.failureThreshold Failure threshold for livenessProbe
2646
## @param blackboxExporter.livenessProbe.successThreshold Success threshold for livenessProbe
2647
##
2648
livenessProbe:
2649
enabled: true
2650
failureThreshold: 3
2651
initialDelaySeconds: 30
2652
periodSeconds: 10
2653
successThreshold: 1
2654
timeoutSeconds: 1
2655
## @param blackboxExporter.readinessProbe.enabled Enable readinessProbe on Blackbox Exporter nodes
2656
## @param blackboxExporter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2657
## @param blackboxExporter.readinessProbe.periodSeconds Period seconds for readinessProbe
2658
## @param blackboxExporter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2659
## @param blackboxExporter.readinessProbe.failureThreshold Failure threshold for readinessProbe
2660
## @param blackboxExporter.readinessProbe.successThreshold Success threshold for readinessProbe
2661
##
2662
readinessProbe:
2663
enabled: true
2664
failureThreshold: 3
2665
initialDelaySeconds: 60
2666
periodSeconds: 10
2667
successThreshold: 1
2668
timeoutSeconds: 1
2669
## @param blackboxExporter.startupProbe.enabled Enable startupProbe on Blackbox Exporter containers
2670
## @param blackboxExporter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2671
## @param blackboxExporter.startupProbe.periodSeconds Period seconds for startupProbe
2672
## @param blackboxExporter.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2673
## @param blackboxExporter.startupProbe.failureThreshold Failure threshold for startupProbe
2674
## @param blackboxExporter.startupProbe.successThreshold Success threshold for startupProbe
2675
##
2676
startupProbe:
2677
enabled: false
2678
initialDelaySeconds: 30
2679
periodSeconds: 10
2680
timeoutSeconds: 1
2681
failureThreshold: 15
2682
successThreshold: 1
2683
## @param blackboxExporter.customLivenessProbe Custom livenessProbe that overrides the default one
2684
##
2685
customLivenessProbe: {}
2686
## @param blackboxExporter.customReadinessProbe Custom readinessProbe that overrides the default one
2687
##
2688
customReadinessProbe: {}
2689
## @param blackboxExporter.customStartupProbe Custom startupProbe that overrides the default one
2690
##
2691
customStartupProbe: {}
2692
## @param blackboxExporter.configuration [object] Blackbox Exporter configuration
2693
##
2694
configuration: |
2695
"modules":
2696
"http_2xx":
2697
"http":
2698
"preferred_ip_protocol": "ip4"
2699
"prober": "http"
2700
"http_post_2xx":
2701
"http":
2702
"method": "POST"
2703
"preferred_ip_protocol": "ip4"
2704
"prober": "http"
2705
"irc_banner":
2706
"prober": "tcp"
2707
"tcp":
2708
"preferred_ip_protocol": "ip4"
2709
"query_response":
2710
- "send": "NICK prober"
2711
- "send": "USER prober prober prober :prober"
2712
- "expect": "PING :([^ ]+)"
2713
"send": "PONG ${1}"
2714
- "expect": "^:[^ ]+ 001"
2715
"pop3s_banner":
2716
"prober": "tcp"
2717
"tcp":
2718
"preferred_ip_protocol": "ip4"
2719
"query_response":
2720
- "expect": "^+OK"
2721
"tls": true
2722
"tls_config":
2723
"insecure_skip_verify": false
2724
"ssh_banner":
2725
"prober": "tcp"
2726
"tcp":
2727
"preferred_ip_protocol": "ip4"
2728
"query_response":
2729
- "expect": "^SSH-2.0-"
2730
"tcp_connect":
2731
"prober": "tcp"
2732
"tcp":
2733
"preferred_ip_protocol": "ip4"
2734
## @param blackboxExporter.existingConfigMap ConfigMap pointing to the Blackbox Exporter configuration
2735
##
2736
existingConfigMap: ""
2737
## @param blackboxExporter.containerPorts.http Blackbox Exporter HTTP container port
2738
##
2739
containerPorts:
2740
http: 19115
2741
serviceAccount:
2742
## @param blackboxExporter.serviceAccount.create Enable creation of ServiceAccount for Prometheus Operator pod
2743
##
2744
create: true
2745
## @param blackboxExporter.serviceAccount.name The name of the ServiceAccount to use.
2746
## If not set and create is true, a name is generated using the common.names.fullname template
2747
##
2748
name: ""
2749
## @param blackboxExporter.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
2750
## Can be set to false if pods using this serviceAccount do not need to use K8s API
2751
##
2752
automountServiceAccountToken: false
2753
## @param blackboxExporter.serviceAccount.annotations Additional custom annotations for the ServiceAccount
2754
##
2755
annotations: {}
2756
## Blackbox Exporter resource requests and limits
2757
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2758
## @param blackboxExporter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if blackboxExporter.resources is set (blackboxExporter.resources is recommended for production).
2759
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
2760
##
2761
resourcesPreset: "nano"
2762
## @param blackboxExporter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2763
## Example:
2764
## resources:
2765
## requests:
2766
## cpu: 2
2767
## memory: 512Mi
2768
## limits:
2769
## cpu: 3
2770
## memory: 1024Mi
2771
##
2772
resources: {}
2773
## Configure Pods Security Context
2774
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2775
## @param blackboxExporter.podSecurityContext.enabled Enabled Blackbox Exporter pods' Security Context
2776
## @param blackboxExporter.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2777
## @param blackboxExporter.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2778
## @param blackboxExporter.podSecurityContext.supplementalGroups Set filesystem extra groups
2779
## @param blackboxExporter.podSecurityContext.fsGroup Set Blackbox Exporter pod's Security Context fsGroup
2780
##
2781
podSecurityContext:
2782
enabled: true
2783
fsGroupChangePolicy: Always
2784
sysctls: []
2785
supplementalGroups: []
2786
fsGroup: 1001
2787
## Configure Container Security Context
2788
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2789
## @param blackboxExporter.containerSecurityContext.enabled Enabled containers' Security Context
2790
## @param blackboxExporter.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2791
## @param blackboxExporter.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
2792
## @param blackboxExporter.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
2793
## @param blackboxExporter.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
2794
## @param blackboxExporter.containerSecurityContext.privileged Set container's Security Context privileged
2795
## @param blackboxExporter.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
2796
## @param blackboxExporter.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
2797
## @param blackboxExporter.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2798
## @param blackboxExporter.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2799
##
2800
containerSecurityContext:
2801
enabled: true
2802
seLinuxOptions: {}
2803
runAsUser: 1001
2804
runAsGroup: 1001
2805
runAsNonRoot: true
2806
privileged: false
2807
readOnlyRootFilesystem: true
2808
allowPrivilegeEscalation: false
2809
capabilities:
2810
drop: ["ALL"]
2811
seccompProfile:
2812
type: "RuntimeDefault"
2813
## @param blackboxExporter.lifecycleHooks for the blackboxExporter container(s) to automate configuration before or after startup
2814
##
2815
lifecycleHooks: {}
2816
## @param blackboxExporter.automountServiceAccountToken Mount Service Account token in pod
2817
##
2818
automountServiceAccountToken: false
2819
## @param blackboxExporter.hostAliases blackboxExporter pods host aliases
2820
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2821
##
2822
hostAliases: []
2823
## @param blackboxExporter.podLabels Extra labels for blackboxExporter pods
2824
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2825
##
2826
podLabels: {}
2827
## @param blackboxExporter.podAnnotations Annotations for blackboxExporter pods
2828
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2829
##
2830
podAnnotations: {}
2831
## @param blackboxExporter.podAffinityPreset Pod affinity preset. Ignored if `blackboxExporter.affinity` is set. Allowed values: `soft` or `hard`
2832
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2833
##
2834
podAffinityPreset: ""
2835
## @param blackboxExporter.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `blackboxExporter.affinity` is set. Allowed values: `soft` or `hard`
2836
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2837
##
2838
podAntiAffinityPreset: soft
2839
## Node blackboxExporter.affinity preset
2840
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2841
##
2842
nodeAffinityPreset:
2843
## @param blackboxExporter.nodeAffinityPreset.type Node affinity preset type. Ignored if `blackboxExporter.affinity` is set. Allowed values: `soft` or `hard`
2844
##
2845
type: ""
2846
## @param blackboxExporter.nodeAffinityPreset.key Node label key to match. Ignored if `blackboxExporter.affinity` is set
2847
##
2848
key: ""
2849
## @param blackboxExporter.nodeAffinityPreset.values Node label values to match. Ignored if `blackboxExporter.affinity` is set
2850
## E.g.
2851
## values:
2852
## - e2e-az1
2853
## - e2e-az2
2854
##
2855
values: []
2856
## @param blackboxExporter.affinity Affinity for Blackbox Exporter pods assignment
2857
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2858
## NOTE: `blackboxExporter.podAffinityPreset`, `blackboxExporter.podAntiAffinityPreset`, and `blackboxExporter.nodeAffinityPreset` will be ignored when it's set
2859
##
2860
affinity: {}
2861
## @param blackboxExporter.nodeSelector Node labels for Blackbox Exporter pods assignment
2862
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2863
##
2864
nodeSelector: {}
2865
## @param blackboxExporter.tolerations Tolerations for Blackbox Exporter pods assignment
2866
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2867
##
2868
tolerations: []
2869
## @param blackboxExporter.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
2870
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2871
##
2872
topologySpreadConstraints: []
2873
## @param blackboxExporter.priorityClassName Blackbox Exporter pods' priorityClassName
2874
##
2875
priorityClassName: ""
2876
## @param blackboxExporter.schedulerName Kubernetes pod scheduler registry
2877
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2878
##
2879
schedulerName: ""
2880
## @param blackboxExporter.terminationGracePeriodSeconds In seconds, time the given to the Blackbox Exporter pod needs to terminate gracefully
2881
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
2882
##
2883
terminationGracePeriodSeconds: ""
2884
## @param blackboxExporter.updateStrategy.type Blackbox Exporter statefulset strategy type
2885
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2886
##
2887
updateStrategy:
2888
type: RollingUpdate
2889
## @param blackboxExporter.extraVolumes Optionally specify extra list of additional volumes for the Blackbox Exporter pod(s)
2890
##
2891
extraVolumes: []
2892
## @param blackboxExporter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Blackbox Exporter container(s)
2893
##
2894
extraVolumeMounts: []
2895
## @param blackboxExporter.sidecars Add additional sidecar containers to the Blackbox Exporter pod(s)
2896
## e.g:
2897
## sidecars:
2898
## - name: your-image-name
2899
## image: your-image
2900
## imagePullPolicy: Always
2901
## ports:
2902
## - name: portname
2903
## containerPort: 1234
2904
##
2905
sidecars: []
2906
## @param blackboxExporter.initContainers Add additional init containers to the Blackbox Exporter pod(s)
2907
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2908
## e.g:
2909
## initContainers:
2910
## - name: your-image-name
2911
## image: your-image
2912
## imagePullPolicy: Always
2913
## command: ['sh', '-c', 'echo "hello world"']
2914
##
2915
initContainers: []
2916
## @section Blackbox Exporter Traffic Exposure Parameters
2917
##
2918
2919
## blackboxExporter service parameters
2920
##
2921
service:
2922
## @param blackboxExporter.service.type Blackbox Exporter service type
2923
##
2924
type: ClusterIP
2925
## @param blackboxExporter.service.ports.http Blackbox Exporter HTTP service port
2926
##
2927
ports:
2928
http: 19115
2929
## Node ports to expose
2930
## NOTE: choose port between <30000-32767>
2931
## @param blackboxExporter.service.nodePorts.http Node port for HTTP
2932
##
2933
nodePorts:
2934
http: ""
2935
## @param blackboxExporter.service.sessionAffinity Control where client requests go, to the same pod or round-robin
2936
## Values: ClientIP or None
2937
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
2938
##
2939
sessionAffinity: None
2940
## @param blackboxExporter.service.sessionAffinityConfig Additional settings for the sessionAffinity
2941
## sessionAffinityConfig:
2942
## clientIP:
2943
## timeoutSeconds: 300
2944
##
2945
sessionAffinityConfig: {}
2946
## @param blackboxExporter.service.clusterIP Blackbox Exporter service Cluster IP
2947
## e.g.:
2948
## clusterIP: None
2949
##
2950
clusterIP: ""
2951
## @param blackboxExporter.service.loadBalancerIP Blackbox Exporter service Load Balancer IP
2952
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2953
##
2954
loadBalancerIP: ""
2955
## @param blackboxExporter.service.loadBalancerClass Blackbox Exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
2956
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2957
##
2958
loadBalancerClass: ""
2959
## @param blackboxExporter.service.loadBalancerSourceRanges Blackbox Exporter service Load Balancer sources
2960
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2961
## e.g:
2962
## loadBalancerSourceRanges:
2963
## - 10.10.10.0/24
2964
##
2965
loadBalancerSourceRanges: []
2966
## @param blackboxExporter.service.externalTrafficPolicy Blackbox Exporter service external traffic policy
2967
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2968
##
2969
externalTrafficPolicy: Cluster
2970
## @param blackboxExporter.service.annotations Additional custom annotations for Blackbox Exporter service
2971
##
2972
annotations: {}
2973
## @param blackboxExporter.service.extraPorts Extra ports to expose in the Blackbox Exporter service
2974
##
2975
extraPorts: []
2976
## Network Policies
2977
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2978
##
2979
networkPolicy:
2980
## @param blackboxExporter.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2981
##
2982
enabled: true
2983
## @param blackboxExporter.networkPolicy.allowExternal Don't require server label for connections
2984
## The Policy model to apply. When set to false, only pods with the correct
2985
## server label will have network access to the ports server is listening
2986
## on. When true, server will accept connections from any source
2987
## (with the correct destination port).
2988
##
2989
allowExternal: true
2990
## @param blackboxExporter.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2991
##
2992
allowExternalEgress: true
2993
## @param blackboxExporter.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2994
## e.g:
2995
## extraIngress:
2996
## - ports:
2997
## - port: 1234
2998
## from:
2999
## - podSelector:
3000
## - matchLabels:
3001
## - role: frontend
3002
## - podSelector:
3003
## - matchExpressions:
3004
## - key: role
3005
## operator: In
3006
## values:
3007
## - frontend
3008
extraIngress: []
3009
## @param blackboxExporter.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
3010
## e.g:
3011
## extraEgress:
3012
## - ports:
3013
## - port: 1234
3014
## to:
3015
## - podSelector:
3016
## - matchLabels:
3017
## - role: frontend
3018
## - podSelector:
3019
## - matchExpressions:
3020
## - key: role
3021
## operator: In
3022
## values:
3023
## - frontend
3024
##
3025
extraEgress: []
3026
## @param blackboxExporter.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
3027
## @param blackboxExporter.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
3028
##
3029
ingressNSMatchLabels: {}
3030
ingressNSPodMatchLabels: {}
3031
## Pod Disruption Budget configuration
3032
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3033
## @param blackboxExporter.pdb.create Enable/disable a Pod Disruption Budget creation
3034
## @param blackboxExporter.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3035
## @param blackboxExporter.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
3036
##
3037
pdb:
3038
create: true
3039
minAvailable: ""
3040
maxUnavailable: ""
3041
## Component scraping the kube-apiserver
3042
##
3043
kubeApiServer:
3044
## @param kubeApiServer.enabled Create a ServiceMonitor to scrape kube-apiserver service
3045
##
3046
enabled: true
3047
serviceMonitor:
3048
## @param kubeApiServer.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used.
3049
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
3050
##
3051
interval: ""
3052
## @param kubeApiServer.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3053
##
3054
jobLabel: component
3055
## @param kubeApiServer.serviceMonitor.metricRelabelings Metric relabeling
3056
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
3057
##
3058
metricRelabelings: []
3059
## @param kubeApiServer.serviceMonitor.relabelings Relabel configs
3060
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
3061
##
3062
relabelings: []
3063
## @param kubeApiServer.serviceMonitor.labels Extra labels for the ServiceMonitor
3064
##
3065
labels: {}
3066
## @param kubeApiServer.serviceMonitor.annotations Extra annotations for the ServiceMonitor
3067
##
3068
annotations: {}
3069
## @param kubeApiServer.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
3070
##
3071
sampleLimit: ""
3072
## Component scraping the kube-controller-manager
3073
##
3074
kubeControllerManager:
3075
## @param kubeControllerManager.enabled Create a ServiceMonitor to scrape kube-controller-manager service
3076
##
3077
enabled: true
3078
## @param kubeControllerManager.endpoints If your kube controller manager is not deployed as a pod, specify IPs it can be found on
3079
## endpoints:
3080
## - 10.141.4.22
3081
## - 10.141.4.23
3082
## - 10.141.4.24
3083
##
3084
endpoints: []
3085
## @param kubeControllerManager.namespace Namespace where kube-controller-manager service is deployed.
3086
##
3087
namespace: kube-system
3088
## Service ports and selector information
3089
## @param kubeControllerManager.service.enabled Whether or not to create a Service object for kube-controller-manager
3090
## @param kubeControllerManager.service.ports.http Listening port of the kube-controller-manager Service object
3091
## @param kubeControllerManager.service.targetPorts.http Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on
3092
## @param kubeControllerManager.service.selector Optional PODs Label selector for the service
3093
##
3094
service:
3095
enabled: true
3096
ports:
3097
http: 10252
3098
targetPorts:
3099
http: 10252
3100
## selector:
3101
## component: kube-controller-manager
3102
##
3103
selector: {}
3104
## @param kubeControllerManager.service.labels Additional labels for kube-controller-manaer service
3105
##
3106
labels: {}
3107
serviceMonitor:
3108
## @param kubeControllerManager.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
3109
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
3110
##
3111
interval: ""
3112
## @param kubeControllerManager.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3113
##
3114
jobLabel: component
3115
## @param kubeControllerManager.serviceMonitor.https Enable scraping kube-controller-manager over https
3116
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
3117
##
3118
https: false
3119
## @param kubeControllerManager.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping
3120
##
3121
insecureSkipVerify: ""
3122
## @param kubeControllerManager.serviceMonitor.serverName Name of the server to use when validating TLS certificate
3123
##
3124
serverName: ""
3125
## @param kubeControllerManager.serviceMonitor.metricRelabelings Metric relabeling
3126
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
3127
##
3128
metricRelabelings: []
3129
## @param kubeControllerManager.serviceMonitor.relabelings Relabel configs
3130
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
3131
##
3132
relabelings: []
3133
## @param kubeControllerManager.serviceMonitor.labels Extra labels for the ServiceMonitor
3134
##
3135
labels: {}
3136
## @param kubeControllerManager.serviceMonitor.annotations Extra annotations for the ServiceMonitor
3137
##
3138
annotations: {}
3139
## @param kubeControllerManager.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
3140
##
3141
sampleLimit: ""
3142
## Component scraping kube scheduler
3143
##
3144
kubeScheduler:
3145
## @param kubeScheduler.enabled Create a ServiceMonitor to scrape kube-scheduler service
3146
##
3147
enabled: true
3148
## @param kubeScheduler.endpoints If your kube scheduler is not deployed as a pod, specify IPs it can be found on
3149
## endpoints:
3150
## - 10.141.4.22
3151
## - 10.141.4.23
3152
## - 10.141.4.24
3153
##
3154
endpoints: []
3155
## @param kubeScheduler.namespace Namespace where kube-scheduler service is deployed.
3156
##
3157
namespace: kube-system
3158
## If using kubeScheduler.endpoints only the port and targetPort are used
3159
## @param kubeScheduler.service.enabled Whether or not to create a Service object for kube-scheduler
3160
## @param kubeScheduler.service.ports.http Listening port of the kube scheduler Service object
3161
## @param kubeScheduler.service.targetPorts.http Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on
3162
## @param kubeScheduler.service.selector Optional PODs Label selector for the service
3163
##
3164
service:
3165
enabled: true
3166
ports:
3167
http: 10251
3168
targetPorts:
3169
http: 10251
3170
## selector:
3171
## component: kube-scheduler
3172
##
3173
selector: {}
3174
## @param kubeScheduler.service.labels Additional labels for kube-scheduler service
3175
##
3176
labels: {}
3177
serviceMonitor:
3178
## @param kubeScheduler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
3179
##
3180
interval: ""
3181
## @param kubeScheduler.serviceMonitor.https Enable scraping kube-scheduler over https
3182
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
3183
##
3184
https: false
3185
## @param kubeScheduler.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3186
##
3187
jobLabel: component
3188
## @param kubeScheduler.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping
3189
##
3190
insecureSkipVerify: ""
3191
## @param kubeScheduler.serviceMonitor.serverName Name of the server to use when validating TLS certificate
3192
##
3193
serverName: ""
3194
## @param kubeScheduler.serviceMonitor.metricRelabelings Metric relabeling
3195
## metricRelabelings:
3196
## - action: keep
3197
## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
3198
## sourceLabels: [__name__]
3199
##
3200
metricRelabelings: []
3201
## @param kubeScheduler.serviceMonitor.relabelings Relabel configs
3202
## relabelings:
3203
## - sourceLabels: [__meta_kubernetes_pod_node_name]
3204
## separator: ;
3205
## regex: ^(.*)$
3206
## targetLabel: nodename
3207
## replacement: $1
3208
## action: replace
3209
##
3210
relabelings: []
3211
## @param kubeScheduler.serviceMonitor.labels Extra labels for the ServiceMonitor
3212
##
3213
labels: {}
3214
## @param kubeScheduler.serviceMonitor.annotations Extra annotations for the ServiceMonitor
3215
##
3216
annotations: {}
3217
## @param kubeScheduler.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
3218
##
3219
sampleLimit: ""
3220
## Component scraping coreDns
3221
##
3222
coreDns:
3223
## @param coreDns.enabled Create a ServiceMonitor to scrape coredns service
3224
##
3225
enabled: true
3226
## @param coreDns.namespace Namespace where core dns service is deployed.
3227
##
3228
namespace: kube-system
3229
## Create a ServiceMonitor to scrape coredns service
3230
## @param coreDns.service.enabled Whether or not to create a Service object for coredns
3231
## @param coreDns.service.ports.http Listening port of the coredns Service object
3232
## @param coreDns.service.targetPorts.http Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on
3233
## @param coreDns.service.selector Optional PODs Label selector for the service
3234
##
3235
service:
3236
enabled: true
3237
ports:
3238
http: 9153
3239
targetPorts:
3240
http: 9153
3241
## selector:
3242
## component: kube-dns
3243
##
3244
selector: {}
3245
## @param coreDns.service.labels Additional labels for coredns service
3246
##
3247
labels: {}
3248
serviceMonitor:
3249
## @param coreDns.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used.
3250
##
3251
interval: ""
3252
## @param coreDns.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3253
##
3254
jobLabel: k8s-app
3255
## @param coreDns.serviceMonitor.metricRelabelings Metric relabel configs to apply to samples before ingestion.
3256
## metricRelabelings:
3257
## - action: keep
3258
## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
3259
## sourceLabels: [__name__]
3260
##
3261
metricRelabelings: []
3262
## @param coreDns.serviceMonitor.relabelings Relabel configs to apply to samples before ingestion.
3263
## relabelings:
3264
## - sourceLabels: [__meta_kubernetes_pod_node_name]
3265
## separator: ;
3266
## regex: ^(.*)$
3267
## targetLabel: nodename
3268
## replacement: $1
3269
## action: replace
3270
##
3271
relabelings: []
3272
## @param coreDns.serviceMonitor.labels Extra labels for the ServiceMonitor
3273
##
3274
labels: {}
3275
## @param coreDns.serviceMonitor.annotations Extra annotations for the ServiceMonitor
3276
##
3277
annotations: {}
3278
## @param coreDns.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
3279
##
3280
sampleLimit: ""
3281
## Component scraping the kube-proxy
3282
##
3283
kubeProxy:
3284
## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service
3285
##
3286
enabled: true
3287
## @param kubeProxy.endpoints If your kube-proxy is not deployed as a pod, specify IPs it can be found on
3288
## endpoints:
3289
## - 10.141.4.22
3290
## - 10.141.4.23
3291
## - 10.141.4.24
3292
##
3293
endpoints: []
3294
## @param kubeProxy.namespace Namespace where kube-proxy service is deployed.
3295
##
3296
namespace: kube-system
3297
## @param kubeProxy.service.enabled Whether or not to create a Service object for kube-proxy
3298
## @param kubeProxy.service.ports.http Listening port of the kube-proxy Service object
3299
## @param kubeProxy.service.targetPorts.http Port to target on the kube-proxy Pods. This should be the port that kube-proxy is exposing metrics on
3300
## @param kubeProxy.service.selector Optional PODs Label selector for the service
3301
##
3302
service:
3303
enabled: true
3304
ports:
3305
http: 10249
3306
targetPorts:
3307
http: 10249
3308
## selector:
3309
## k8s-app: kube-proxy
3310
##
3311
selector: {}
3312
## @param kubeProxy.service.labels Additional labels for kube-proxy service
3313
##
3314
labels: {}
3315
serviceMonitor:
3316
## @param kubeProxy.serviceMonitor.https Enable scraping kube-proxy over https.
3317
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
3318
##
3319
https: false
3320
## @param kubeProxy.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
3321
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
3322
##
3323
interval: ""
3324
## @param kubeProxy.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3325
##
3326
jobLabel: k8s-app
3327
## @param kubeProxy.serviceMonitor.metricRelabelings Metric relabeling
3328
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
3329
##
3330
metricRelabelings: []
3331
## @param kubeProxy.serviceMonitor.relabelings Relabel configs
3332
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
3333
##
3334
relabelings: []
3335
## @param kubeProxy.serviceMonitor.labels Extra labels for the ServiceMonitor
3336
##
3337
labels: {}
3338
## @param kubeProxy.serviceMonitor.annotations Extra annotations for the ServiceMonitor
3339
##
3340
annotations: {}
3341
## @param kubeProxy.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
3342
##
3343
sampleLimit: ""
3344
## @section RBAC parameters
3345
##
3346
3347
## Role Based Access
3348
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
3349
## @param rbac.create Whether to create and use RBAC resources or not
3350
## @param rbac.pspEnabled Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
3351
rbac:
3352
create: true
3353
pspEnabled: true
3354
## @param rbac.rules.operator Custom RBAC rules to set on Prometheus Operator ClusterRole
3355
## @param rbac.rules.prometheus Custom RBAC rules to set on Prometheus ClusterRole
3356
## e.g:
3357
## rbac:
3358
## rules:
3359
## operator: []
3360
## prometheus:
3361
## - apiGroups:
3362
## - ""
3363
## resources:
3364
## - pods
3365
## verbs:
3366
## - get
3367
## - list
3368
##
3369
rules:
3370
operator: []
3371
prometheus: []
3372
## @section Thanos Ruler Parameters
3373
##
3374
thanosRuler:
3375
## @param thanosRuler.enabled Enable/disable Thanos Ruler component
3376
##
3377
enabled: false
3378
## Iamguarded Thanos image
3379
## ref: https://hub.docker.com/r/iamguarded/thanos/tags/
3380
## @param thanosRuler.image.registry [default: REGISTRY_NAME] Thanos image registry
3381
## @param thanosRuler.image.repository Thanos image repository
3382
## @skip thanosRuler.image.tag Thanos image tag
3383
## @param thanosRuler.image.digest Thanos image digest
3384
## @param thanosRuler.image.pullPolicy Thanos image pull policy
3385
## @param thanosRuler.image.pullSecrets Specify docker-registry secret names as an array
3386
##
3387
image:
3388
registry: cgr.dev
3389
repository: chainguard-private/thanos-iamguarded
3390
tag: 0.41.0
3391
digest: ""
3392
pullPolicy: IfNotPresent
3393
pullSecrets: []
3394
## @param thanosRuler.replicaCount Number of Thanos Ruler replicas to deploy
3395
##
3396
replicaCount: 1
3397
## @param thanosRuler.paused When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects
3398
##
3399
paused: false
3400
## @param thanosRuler.logFormat Log format for Thanos Ruler
3401
##
3402
logFormat: logfmt
3403
## @param thanosRuler.logLevel Log level for Thanos ruler
3404
##
3405
logLevel: info
3406
## @param thanosRuler.retention Time duration ThanosRuler shall retain data for
3407
## Must match the regular expression [0-9]+(ms|s|m|h|d|w|y) (milliseconds seconds minutes hours days weeks years)
3408
## The field has no effect when remote-write is configured since the Ruler operates in stateless mode
3409
##
3410
retention: "24h"
3411
## @param thanosRuler.evaluationInterval Interval between consecutive evaluations
3412
##
3413
evaluationInterval: ""
3414
## @param thanosRuler.labels Configures the external label pairs of the ThanosRuler resource
3415
## A default replica label 'thanos_ruler_replica' will always be added as a label with the value of the pod’s name
3416
##
3417
labels: {}
3418
## @param thanosRuler.storage Storage spec to specify how storage shall be used.
3419
## ref: https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.StorageSpec
3420
storage: {}
3421
## @param thanosRuler.volumes Additional volumes on the output StatefulSet definition
3422
## Volumes specified will be appended to other volumes that are generated as a result of thanosRuler.storage configuration
3423
##
3424
volumes: []
3425
## @param thanosRuler.volumeMounts Additional VolumeMounts on the output StatefulSet definition.
3426
## VolumeMounts specified will be appended to other VolumeMounts that are generated as a result of thanosRuler.storage configuration
3427
##
3428
volumeMounts: []
3429
## @param thanosRuler.listenLocal Makes Thanos Ruler listen on loopback, so that it does not bind against the Pod IP
3430
##
3431
listenLocal: false
3432
## @param thanosRuler.externalPrefix The external URL the Thanos Ruler instances will be available under. Maps to --web.external-prefix on Thanos Ruler
3433
##
3434
externalPrefix: ""
3435
## Service parameters
3436
##
3437
service:
3438
## @param thanosRuler.service.type Kubernetes service type
3439
##
3440
type: ClusterIP
3441
## @param thanosRuler.service.ports.http Thanos Ruler service HTTP port
3442
## @param thanosRuler.service.ports.grpc Thanos Ruler service GRPC port
3443
##
3444
ports:
3445
http: 10902
3446
grpc: 10901
3447
## @param thanosRuler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types
3448
## @param thanosRuler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types
3449
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
3450
##
3451
nodePorts:
3452
http: ""
3453
grpc: ""
3454
## @param thanosRuler.service.clusterIP Thanos Ruler service clusterIP IP
3455
## e.g:
3456
## clusterIP: None
3457
##
3458
clusterIP: ""
3459
## @param thanosRuler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
3460
## Set the LoadBalancer service type to internal only
3461
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
3462
##
3463
loadBalancerIP: ""
3464
## @param thanosRuler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
3465
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3466
## e.g:
3467
## loadBalancerSourceRanges:
3468
## - 10.10.10.0/24
3469
##
3470
loadBalancerSourceRanges: []
3471
## @param thanosRuler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy
3472
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3473
##
3474
externalTrafficPolicy: Cluster
3475
## @param thanosRuler.service.labels Extra labels for Thanos Ruler service
3476
##
3477
labels: {}
3478
## @param thanosRuler.service.annotations Annotations for Thanos Ruler service
3479
##
3480
annotations: {}
3481
## @param thanosRuler.service.extraPorts Extra ports to expose in the Thanos Ruler service
3482
##
3483
extraPorts: []
3484
## @param thanosRuler.service.labelSelectorsOverride Selector for Thanos Query service
3485
##
3486
labelSelectorsOverride: {}
3487
## @param thanosRuler.service.additionalHeadless Additional Headless service
3488
##
3489
additionalHeadless: false
3490
## Headless service properties
3491
##
3492
headless:
3493
## @param thanosRuler.service.headless.annotations Annotations for the headless service.
3494
##
3495
annotations: {}
3496
## Network Policies
3497
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3498
##
3499
networkPolicy:
3500
## @param thanosRuler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
3501
##
3502
enabled: true
3503
## @param thanosRuler.networkPolicy.allowExternal Don't require client label for connections
3504
## The Policy model to apply. When set to false, only pods with the correct
3505
## client label will have network access to the ports the application is listening
3506
## on. When true, the app will accept connections from any source (with the correct destination port).
3507
##
3508
allowExternal: true
3509
## @param thanosRuler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
3510
## If set to 'false', set 'extraEgress' to allow communicating to your Thanos Query/Frontend Query services.
3511
##
3512
allowExternalEgress: true
3513
## @param thanosRuler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
3514
## e.g:
3515
## extraIngress:
3516
## - ports:
3517
## - port: 1234
3518
## from:
3519
## - podSelector:
3520
## - matchLabels:
3521
## - role: frontend
3522
## - podSelector:
3523
## - matchExpressions:
3524
## - key: role
3525
## operator: In
3526
## values:
3527
## - frontend
3528
extraIngress: []
3529
## @param thanosRuler.networkPolicy.extraEgress [array] Add extra egress rules to the NetworkPolicy
3530
## e.g:
3531
## extraEgress:
3532
## - ports:
3533
## - port: 1234
3534
## to:
3535
## - podSelector:
3536
## - matchLabels:
3537
## - role: frontend
3538
## - podSelector:
3539
## - matchExpressions:
3540
## - key: role
3541
## operator: In
3542
## values:
3543
## - frontend
3544
##
3545
extraEgress: []
3546
## @param thanosRuler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
3547
## @param thanosRuler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
3548
##
3549
ingressNSMatchLabels: {}
3550
ingressNSPodMatchLabels: {}
3551
## @param thanosRuler.routePrefix Prefix used to register routes. Useful for proxies that rewrite URLs.
3552
##
3553
routePrefix: /
3554
## Configure the ingress resource that allows you to access Thanos Ruler
3555
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
3556
##
3557
ingress:
3558
## @param thanosRuler.ingress.enabled Enable ingress controller resource
3559
##
3560
enabled: false
3561
## @param thanosRuler.ingress.hostname Default host for the ingress resource
3562
##
3563
hostname: thanos-ruler.local
3564
## @param thanosRuler.ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
3565
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
3566
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
3567
##
3568
ingressClassName: ""
3569
## @param thanosRuler.ingress.labels Additional label for the Ingress resource.
3570
## Use this parameter to set the required labels for your needs
3571
## e.g.:
3572
## labels:
3573
## dns-managed-by-external-dns: 'true'
3574
##
3575
labels: {}
3576
## @param thanosRuler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
3577
## For a full list of possible ingress annotations, please see
3578
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
3579
## Use this parameter to set the required annotations for cert-manager, see
3580
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
3581
##
3582
## e.g.:
3583
## annotations:
3584
## kubernetes.io/ingress.class: nginx
3585
## cert-manager.io/cluster-issuer: cluster-issuer-name
3586
##
3587
annotations: {}
3588
## @param thanosRuler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
3589
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
3590
## extraHosts:
3591
## - name: thanos.local
3592
## path: /
3593
## pathType: ImplementationSpecific
3594
##
3595
extraHosts: []
3596
## @param thanosRuler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
3597
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
3598
## extraTls:
3599
## - hosts:
3600
## - thanos.local
3601
## secretName: thanos.local-tls
3602
##
3603
extraTls: []
3604
## @param thanosRuler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
3605
## key and certificate should start with -----BEGIN CERTIFICATE----- or
3606
## -----BEGIN RSA PRIVATE KEY-----
3607
##
3608
## name should line up with a tlsSecret set further up
3609
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
3610
##
3611
## It is also possible to create and manage the certificates outside of this helm chart
3612
## Please see README.md for more information
3613
## e.g:
3614
## - name: thanos.local-tls
3615
## key:
3616
## certificate:
3617
##
3618
secrets: []
3619
## @param thanosRuler.ingress.extraRules Additional rules to be covered with this ingress record
3620
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
3621
## e.g.:
3622
## extraRules:
3623
## - host: example.local
3624
## http:
3625
## path: /
3626
## backend:
3627
## service:
3628
## name: example-svc
3629
## port:
3630
## name: http
3631
##
3632
extraRules: []
3633
## @param thanosRuler.ingress.apiVersion Force Ingress API version (automatically detected if not set)
3634
##
3635
apiVersion: ""
3636
## @param thanosRuler.ingress.path Ingress path
3637
##
3638
path: /
3639
## @param thanosRuler.ingress.pathType Ingress path type
3640
##
3641
pathType: ImplementationSpecific
3642
## @param thanosRuler.ingress.tls Enable TLS configuration for the hostname defined at `thanosRuler.ingress.hostname` parameter
3643
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.thanosRuler.ingress.hostname }}`
3644
## You can:
3645
## - Use the `thanosRuler.ingress.secrets` parameter to create this TLS secret
3646
## - Rely on cert-manager to create it by setting the corresponding annotations
3647
## - Rely on Helm to create self-signed certificates by setting `thanosRuler.ingress.selfSigned=true`
3648
##
3649
tls: false
3650
## @param thanosRuler.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
3651
##
3652
selfSigned: false
3653
## Service account for Thanos Ruler to use
3654
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3655
##
3656
serviceAccount:
3657
## @param thanosRuler.serviceAccount.create Specify whether to create a ServiceAccount for Thanos Ruler
3658
##
3659
create: true
3660
## @param thanosRuler.serviceAccount.name The name of the ServiceAccount to create
3661
## If not set and create is true, a name is generated using the kube-prometheus.thanosRuler.fullname template
3662
##
3663
name: ""
3664
## @param thanosRuler.serviceAccount.annotations Additional annotations for the ServiceAccount
3665
## annotations:
3666
## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/thanosruler
3667
##
3668
annotations: {}
3669
## @param thanosRuler.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
3670
##
3671
automountServiceAccountToken: false
3672
## Thanos Ruler pods' Security Context
3673
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3674
## @param thanosRuler.podSecurityContext.enabled Enable security context
3675
## @param thanosRuler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
3676
## @param thanosRuler.podSecurityContext.sysctls Set kernel settings using the sysctl interface
3677
## @param thanosRuler.podSecurityContext.supplementalGroups Set filesystem extra groups
3678
## @param thanosRuler.podSecurityContext.fsGroup Group ID for the container filesystem
3679
##
3680
podSecurityContext:
3681
enabled: true
3682
fsGroupChangePolicy: Always
3683
sysctls: []
3684
supplementalGroups: []
3685
fsGroup: 1001
3686
## @param thanosRuler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
3687
## This is ignored if operator.resources is set (operator.resources is recommended for production).
3688
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
3689
##
3690
resourcesPreset: "nano"
3691
## @param thanosRuler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3692
## Example:
3693
## resources:
3694
## requests:
3695
## cpu: 2
3696
## memory: 512Mi
3697
## limits:
3698
## cpu: 3
3699
## memory: 1024Mi
3700
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3701
##
3702
resources: {}
3703
## @param thanosRuler.containerPorts.http HTTP container port
3704
## @param thanosRuler.containerPorts.grpc GRPC container port
3705
##
3706
containerPorts:
3707
grpc: 10901
3708
http: 10902
3709
## @param thanosRuler.alertQueryUrl The external Query URL the Thanos Ruler will set in the ‘Source’ field of all alerts
3710
## Maps to the ��‘–alert.query-url’ CLI arg
3711
##
3712
alertQueryUrl: ""
3713
## Configuration for connecting to alertmanager
3714
## Maps to --alertmanagers.config Thanos Ruler argument
3715
## NOTE: This field takes precedence over alertmanagersUrl.
3716
##
3717
alertmanagersConfig:
3718
## @param thanosRuler.alertmanagersConfig.existingSecret.name Name of an existing secret to use for Alert Manager config
3719
## If configured, thanosRuler.alertmanagersConfig.config will not be used
3720
## @param thanosRuler.alertmanagersConfig.existingSecret.key Name of a key in the existing secret to use for Alert Manager config
3721
##
3722
existingSecret:
3723
name: ""
3724
key: ""
3725
## @param thanosRuler.alertmanagersConfig.config Alert Manager configuration
3726
## Unused if thanosRuler.alertmanagersConfig.existingSecret.name is configured
3727
## If empty, Thanos Ruler will use this chart's Alertmanager when 'alertmanager.enabled' is 'true'
3728
## ref: https://thanos.io/tip/components/rule.md/#alertmanager
3729
## e.g:
3730
## alertmanagers:
3731
## - http_config:
3732
## basic_auth:
3733
## username: some_user
3734
## password: some_pass
3735
## static_configs:
3736
## - alertmanager.thanos.io
3737
## scheme: http
3738
## timeout: 10s
3739
## api_version: v2
3740
##
3741
config: {}
3742
## @param thanosRuler.alertDropLabels Configures the label names which should be dropped in Thanos Ruler alerts
3743
## The replica label `thanos_ruler_replica` will always be dropped from the alerts.
3744
##
3745
alertDropLabels: []
3746
## Configures the list of Thanos Query endpoints from which to query metrics.
3747
## Maps to --query.config Thanos Ruler argument
3748
## The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api
3749
queryConfig:
3750
## @param thanosRuler.queryConfig.existingSecret.name Name of an existing secret to use for Alert Manager config
3751
## If configured, thanosRuler.queryConfig.config will not be used
3752
## @param thanosRuler.queryConfig.existingSecret.key Key in the existing secret to use for Query config
3753
##
3754
existingSecret:
3755
name: ""
3756
key: "query-config.yaml"
3757
## @param thanosRuler.queryConfig.config
3758
## Unused if thanosRuler.queryConfig.existingSecret.name is configured
3759
##
3760
## e.g:
3761
## config:
3762
## - static_configs:
3763
## - "dnssrv+_http._tcp.thanos-query.thanos.svc.cluster.local"
3764
config: []
3765
## Configures object storage
3766
## Maps to --objstore.config Thanos Ruler argument
3767
## ref: https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage
3768
##
3769
objectStorageConfig:
3770
## @param thanosRuler.objectStorageConfig.existingSecret.name Name of an existing secret to use for Object Storage config
3771
## If configured, thanosRuler.objectStorageConfig.config will not be used
3772
## @param thanosRuler.objectStorageConfig.existingSecret.key Key in the existing secret to use for Object Storage config
3773
##
3774
existingSecret:
3775
name: ""
3776
key: ""
3777
## @param thanosRuler.objectStorageConfig.config
3778
## Unused if thanosRuler.objectStorageConfig.existingSecret.name is configured
3779
##
3780
config: {}
3781
## @param thanosRuler.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery
3782
## If nil, select own namespace
3783
##
3784
ruleNamespaceSelector: {}
3785
## @param thanosRuler.ruleSelector PrometheusRule selector labels
3786
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
3787
## If nil, select all PrometheusRules
3788
##
3789
ruleSelector: {}
3790
## @param thanosRuler.evalInterval How frequently to evaluate rules
3791
##
3792
evalInterval: "1m"
3793
## @param thanosRuler.clusterName Used to set the 'ruler_cluster' label
3794
##
3795
clusterName: ""
3796
## @param thanosRuler.additionalArgs [array] Additional arguments for the ThanosRuler container.
3797
## It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet.
3798
##
3799
additionalArgs:
3800
- name: grpc-address
3801
value: "0.0.0.0:{{ .Values.thanosRuler.containerPorts.grpc }}"
3802
- name: http-address
3803
value: "0.0.0.0:{{ .Values.thanosRuler.containerPorts.http }}"
3804
## Thanos Ruler Pod Disruption Budget configuration
3805
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3806
## @param thanosRuler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler
3807
## @param thanosRuler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3808
## @param thanosRuler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
3809
##
3810
pdb:
3811
create: true
3812
minAvailable: ""
3813
maxUnavailable: ""
3814
## @param thanosRuler.nodeSelector Node labels for Thanos Ruler pods assignment
3815
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3816
##
3817
nodeSelector: {}
3818
## Create a servicemonitor for Thanos ruler
3819
##
3820
serviceMonitor:
3821
## @param thanosRuler.serviceMonitor.enabled Creates a ServiceMonitor to monitor Thanos Ruler
3822
##
3823
enabled: true
3824
## @param thanosRuler.serviceMonitor.https Enable scraping Thanos Ruler over https.
3825
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
3826
##
3827
https: false
3828
## @param thanosRuler.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3829
##
3830
jobLabel: ""
3831
## @param thanosRuler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
3832
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
3833
##
3834
interval: ""
3835
## @param thanosRuler.serviceMonitor.metricRelabelings Metric relabeling
3836
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
3837
##
3838
metricRelabelings: []
3839
## @param thanosRuler.serviceMonitor.relabelings Relabel configs
3840
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
3841
##
3842
relabelings: []
3843
## @param thanosRuler.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
3844
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3845
##
3846
scrapeTimeout: ""
3847
## @param thanosRuler.serviceMonitor.labels Extra labels for the ServiceMonitor
3848
##
3849
labels: {}
3850
## @param thanosRuler.serviceMonitor.annotations Extra annotations for the ServiceMonitor
3851
##
3852
annotations: {}
3853
## @param thanosRuler.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor
3854
## (e.g. tlsConfig for further customization of the HTTPS behavior)
3855
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint
3856
##
3857
extraParameters: {}
3858
## @param thanosRuler.serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
3859
##
3860
sampleLimit: ""
3861
## @param thanosRuler.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
3862
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3863
##
3864
podAffinityPreset: ""
3865
## @param thanosRuler.podAntiAffinityPreset Thanos Ruler Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
3866
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3867
##
3868
podAntiAffinityPreset: soft
3869
## Node affinity preset
3870
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3871
##
3872
nodeAffinityPreset:
3873
## @param thanosRuler.nodeAffinityPreset.type Thanos Ruler Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
3874
##
3875
type: ""
3876
## @param thanosRuler.nodeAffinityPreset.key Thanos Ruler Node label key to match. Ignored if `affinity` is set
3877
## E.g.
3878
## key: "kubernetes.io/e2e-az-name"
3879
##
3880
key: ""
3881
## @param thanosRuler.nodeAffinityPreset.values Thanos Ruler Node label values to match. Ignored if `affinity` is set
3882
## E.g.
3883
## values:
3884
## - e2e-az1
3885
## - e2e-az2
3886
##
3887
values: []
3888
## @param thanosRuler.affinity Thanos Ruler Affinity for pod assignment
3889
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3890
## Note: thanosRuler.podAffinityPreset, thanosRuler.podAntiAffinityPreset, and thanosRuler.nodeAffinityPreset will be ignored when it's set
3891
##
3892
affinity: {}
3893
## @param thanosRuler.podMetadata [object] Standard object's metadata
3894
## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
3895
##
3896
podMetadata:
3897
labels: {}
3898
annotations: {}
3899
## @param thanosRuler.tolerations Thanos Ruler Tolerations for pod assignment
3900
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3901
##
3902
tolerations: []
3903
## @param thanosRuler.topologySpreadConstraints Topology Spread Constraints for pod assignment
3904
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
3905
## The value is evaluated as a template
3906
##
3907
topologySpreadConstraints: []
3908
## @param thanosRuler.containers Containers allows injecting additional containers or modifying operator generated containers
3909
## The current container names are: thanos-ruler and config-reloader
3910
##
3911
containers: []
3912
## @param thanosRuler.initContainers InitContainers allows adding initContainers to the pod definition
3913
## Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources.
3914
##
3915
initContainers: []
3916
## @param thanosRuler.priorityClassName Priority class assigned to the Pods
3917
##
3918
priorityClassName: ""
3919
## @param thanosRuler.portName Port name used for the pods and governing service
3920
##
3921
portName: http
3922
## @param thanosRuler.web Defines the configuration of the ThanosRuler web server
3923
##
3924
web: {}
3925
## @param thanosRuler.remoteWrite Defines the list of remote write configurations
3926
## When the list isn’t empty, the ruler is configured with stateless mode
3927
## ref: https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.RemoteWriteSpec
3928
##
3929
remoteWrite: {}
3930
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.