DirectorySecurity AdvisoriesPricing
/
Sign in
Directory
kube-state-metrics logoHELM

kube-state-metrics

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
##
19
global:
20
imageRegistry: ""
21
## E.g.
22
## imagePullSecrets:
23
## - myRegistryKeySecretName
24
##
25
imagePullSecrets: []
26
## Security parameters
27
##
28
security:
29
## @param global.security.allowInsecureImages Allows skipping image verification
30
allowInsecureImages: false
31
## Compatibility adaptations for Kubernetes platforms
32
##
33
compatibility:
34
## Compatibility adaptations for Openshift
35
##
36
openshift:
37
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
38
##
39
adaptSecurityContext: auto
40
org: ""
41
## @section Common parameters
42
##
43
44
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
45
##
46
kubeVersion: ""
47
## @param nameOverride String to partially override `kube-state-metrics.name` template with a string (will prepend the release name)
48
##
49
nameOverride: ""
50
## @param fullnameOverride String to fully override `kube-state-metrics.fullname` template with a string
51
##
52
fullnameOverride: ""
53
## @param namespaceOverride String to fully override common.names.namespace
54
##
55
namespaceOverride: ""
56
## @param commonLabels Add labels to all the deployed resources
57
##
58
commonLabels: {}
59
## @param commonAnnotations Add annotations to all the deployed resources
60
##
61
commonAnnotations: {}
62
## @param extraDeploy Array of extra objects to deploy with the release
63
##
64
extraDeploy: []
65
## Enable diagnostic mode in the deployment(s)/statefulset(s)
66
##
67
diagnosticMode:
68
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
69
##
70
enabled: false
71
## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)
72
##
73
command:
74
- sleep
75
## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)
76
##
77
args:
78
- infinity
79
## @section kube-state-metrics parameters
80
##
81
82
## @param automountServiceAccountToken Mount Service Account token in pod
83
##
84
automountServiceAccountToken: true
85
## @param hostAliases Add deployment host aliases
86
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
87
##
88
hostAliases: []
89
## Role Based Access
90
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
91
##
92
rbac:
93
## @param rbac.create Whether to create & use RBAC resources or not
94
##
95
create: true
96
## @param rbac.pspEnabled Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
97
##
98
pspEnabled: true
99
## @param rbac.rules Custom RBAC rules to set
100
## e.g:
101
## rules:
102
## - apiGroups:
103
## - ""
104
## resources:
105
## - pods
106
## verbs:
107
## - get
108
## - list
109
##
110
rules: []
111
## Service account for kube-state-metrics to use.
112
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
113
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
114
## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
115
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
116
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
117
##
118
serviceAccount:
119
create: true
120
name: ""
121
automountServiceAccountToken: false
122
annotations: {}
123
## Iamguarded kube-state-metrics image version
124
## ref: https://hub.docker.com/r/iamguarded/kube-state-metrics/tags/
125
## @param image.registry [default: REGISTRY_NAME] kube-state-metrics image registry
126
## @param image.repository [default: REPOSITORY_NAME/kube-state-metrics] kube-state-metrics image repository
127
## @skip image.tag kube-state-metrics image tag (immutable tags are recommended)
128
## @param image.digest kube-state-metrics image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
129
## @param image.pullPolicy kube-state-metrics image pull policy
130
## @param image.pullSecrets Specify docker-registry secret names as an array
131
##
132
image:
133
registry: cgr.dev
134
repository: chainguard-private/kube-state-metrics-iamguarded
135
tag: 2.18.0
136
digest: ""
137
## Specify a imagePullPolicy
138
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
139
##
140
pullPolicy: IfNotPresent
141
## Optionally specify an array of imagePullSecrets.
142
## Secrets must be manually created in the namespace.
143
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
144
## Example:
145
## pullSecrets:
146
## - myRegistryKeySecretName
147
##
148
pullSecrets: []
149
## @param extraArgs Additional command line arguments to pass to kube-state-metrics
150
## Example:
151
## extraArgs:
152
## metric-labels-allowlist: pods=[*]
153
extraArgs: {}
154
## @param command Override default container command (useful when using custom images)
155
##
156
command: []
157
## @param args Override default container args (useful when using custom images)
158
##
159
args: []
160
## @param lifecycleHooks for the kube-state-metrics container(s) to automate configuration before or after startup
161
##
162
lifecycleHooks: {}
163
## @param extraEnvVars Array with extra environment variables to add to kube-state-metrics nodes
164
## e.g:
165
## extraEnvVars:
166
## - name: FOO
167
## value: "bar"
168
##
169
extraEnvVars: []
170
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for kube-state-metrics pod(s)
171
##
172
extraEnvVarsCM: ""
173
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for kube-state-metrics pod(s)
174
##
175
extraEnvVarsSecret: ""
176
## @param extraVolumes Optionally specify extra list of additional volumes for the kube-state-metrics pod(s)
177
##
178
extraVolumes: []
179
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the kube-state-metrics container(s)
180
##
181
extraVolumeMounts: []
182
## @param sidecars Add additional sidecar containers to the kube-state-metrics pod(s)
183
## e.g:
184
## sidecars:
185
## - name: your-image-name
186
## image: your-image
187
## imagePullPolicy: Always
188
## ports:
189
## - name: portname
190
## containerPort: 1234
191
##
192
sidecars: []
193
## @param initContainers Add additional init containers to the kube-state-metrics pod(s)
194
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
195
## e.g:
196
## initContainers:
197
## - name: your-image-name
198
## image: your-image
199
## imagePullPolicy: Always
200
## command: ['sh', '-c', 'echo "hello world"']
201
##
202
initContainers: []
203
## Pod Disruption Budget configuration
204
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
205
## @param pdb.create Enable/disable a Pod Disruption Budget creation
206
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
207
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
208
##
209
pdb:
210
create: true
211
minAvailable: ""
212
maxUnavailable: ""
213
## @param namespaces Comma-separated list of namespaces to be enabled. Defaults to all namespaces. Evaluated as a template.
214
##
215
namespaces: ""
216
## kube-state-metrics resources to be enabled
217
## @param kubeResources.certificatesigningrequests Enable the `certificatesigningrequests` resource
218
## @param kubeResources.configmaps Enable the `configmaps` resource
219
## @param kubeResources.cronjobs Enable the `cronjobs` resource
220
## @param kubeResources.daemonsets Enable the `daemonsets` resource
221
## @param kubeResources.deployments Enable the `deployments` resource
222
## @param kubeResources.endpoints Enable the `endpoints` resource
223
## @param kubeResources.horizontalpodautoscalers Enable the `horizontalpodautoscalers` resource
224
## @param kubeResources.ingresses Enable the `ingresses` resource
225
## @param kubeResources.jobs Enable the `jobs` resource
226
## @param kubeResources.leases Enable the `leases` resource
227
## @param kubeResources.limitranges Enable the `limitranges` resource
228
## @param kubeResources.mutatingwebhookconfigurations Enable the `mutatingwebhookconfigurations` resource
229
## @param kubeResources.namespaces Enable the `namespaces` resource
230
## @param kubeResources.networkpolicies Enable the `networkpolicies` resource
231
## @param kubeResources.nodes Enable the `nodes` resource
232
## @param kubeResources.persistentvolumeclaims Enable the `persistentvolumeclaims` resource
233
## @param kubeResources.persistentvolumes Enable the `persistentvolumes` resource
234
## @param kubeResources.poddisruptionbudgets Enable the `poddisruptionbudgets` resource
235
## @param kubeResources.pods Enable the `pods` resource
236
## @param kubeResources.replicasets Enable the `replicasets` resource
237
## @param kubeResources.replicationcontrollers Enable the `replicationcontrollers` resource
238
## @param kubeResources.resourcequotas Enable the `resourcequotas` resource
239
## @param kubeResources.secrets Enable the `secrets` resource
240
## @param kubeResources.services Enable the `services` resource
241
## @param kubeResources.statefulsets Enable the `statefulsets` resource
242
## @param kubeResources.storageclasses Enable the `storageclasses` resource
243
## @param kubeResources.validatingwebhookconfigurations Enable the `validatingwebhookconfigurations` resource
244
## @param kubeResources.volumeattachments Enable the `volumeattachments` resource
245
##
246
kubeResources:
247
certificatesigningrequests: true
248
configmaps: true
249
cronjobs: true
250
daemonsets: true
251
deployments: true
252
endpoints: true
253
horizontalpodautoscalers: true
254
ingresses: true
255
jobs: true
256
leases: true
257
limitranges: true
258
mutatingwebhookconfigurations: true
259
namespaces: true
260
networkpolicies: true
261
nodes: true
262
persistentvolumeclaims: true
263
persistentvolumes: true
264
poddisruptionbudgets: true
265
pods: true
266
replicasets: true
267
replicationcontrollers: true
268
resourcequotas: true
269
secrets: true
270
services: true
271
statefulsets: true
272
storageclasses: true
273
validatingwebhookconfigurations: false
274
volumeattachments: true
275
## Configure custom resource state metrics
276
## ref: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/metrics/extend/customresourcestate-metrics.md
277
## @param customResourceState.enabled Enabled custom resource state metrics
278
## @param customResourceState.configuration Configuration of the CustomResourceStateMetrics to be added. Evaluated as a template.
279
customResourceState:
280
enabled: false
281
configuration: {}
282
##
283
## Configure Pods Security Context
284
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
285
## @param podSecurityContext.enabled Enabled kube-state-metrics pods' Security Context
286
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
287
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
288
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
289
## @param podSecurityContext.fsGroup Set kube-state-metrics pod's Security Context fsGroup
290
##
291
podSecurityContext:
292
enabled: true
293
fsGroupChangePolicy: Always
294
sysctls: []
295
supplementalGroups: []
296
fsGroup: 1001
297
## Configure Container Security Context
298
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
299
## @param containerSecurityContext.enabled Enabled containers' Security Context
300
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
301
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
302
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
303
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
304
## @param containerSecurityContext.privileged Set container's Security Context privileged
305
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
306
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
307
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
308
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
309
##
310
containerSecurityContext:
311
enabled: true
312
seLinuxOptions: {}
313
runAsUser: 1001
314
runAsGroup: 1001
315
runAsNonRoot: true
316
privileged: false
317
readOnlyRootFilesystem: true
318
allowPrivilegeEscalation: false
319
capabilities:
320
drop: ["ALL"]
321
seccompProfile:
322
type: "RuntimeDefault"
323
## Container ports
324
## @param containerPorts.http HTTP container port
325
## @param containerPorts.telemetry Telemetry container port
326
containerPorts:
327
http: 8080
328
telemetry: 8081
329
## Network Policies
330
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
331
##
332
networkPolicy:
333
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
334
##
335
enabled: true
336
## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
337
##
338
kubeAPIServerPorts: [443, 6443, 8443]
339
## @param networkPolicy.allowExternal Don't require server label for connections
340
## The Policy model to apply. When set to false, only pods with the correct
341
## server label will have network access to the ports server is listening
342
## on. When true, server will accept connections from any source
343
## (with the correct destination port).
344
##
345
allowExternal: true
346
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
347
##
348
allowExternalEgress: true
349
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
350
## e.g:
351
## extraIngress:
352
## - ports:
353
## - port: 1234
354
## from:
355
## - podSelector:
356
## - matchLabels:
357
## - role: frontend
358
## - podSelector:
359
## - matchExpressions:
360
## - key: role
361
## operator: In
362
## values:
363
## - frontend
364
extraIngress: []
365
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
366
## e.g:
367
## extraEgress:
368
## - ports:
369
## - port: 1234
370
## to:
371
## - podSelector:
372
## - matchLabels:
373
## - role: frontend
374
## - podSelector:
375
## - matchExpressions:
376
## - key: role
377
## operator: In
378
## values:
379
## - frontend
380
##
381
extraEgress: []
382
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
383
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
384
##
385
ingressNSMatchLabels: {}
386
ingressNSPodMatchLabels: {}
387
## kube-state-metrics Service
388
##
389
service:
390
## @param service.type Kubernetes service type
391
##
392
type: ClusterIP
393
## @param service.ports.http kube-state-metrics service port
394
##
395
ports:
396
http: 8080
397
## @param service.nodePorts.http Specify the nodePort value for the LoadBalancer and NodePort service types.
398
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
399
## e.g:
400
## nodePort: 30080
401
##
402
nodePorts:
403
http: ""
404
## @param service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service
405
## e.g:
406
## clusterIP: None
407
##
408
clusterIP: ""
409
## @param service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
410
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
411
##
412
loadBalancerIP: ""
413
## @param service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer`
414
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
415
## e.g:
416
## loadBalancerSourceRanges:
417
## - 10.10.10.0/24
418
##
419
loadBalancerSourceRanges: []
420
## @param service.externalTrafficPolicy kube-state-metrics service external traffic policy
421
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
422
##
423
externalTrafficPolicy: Cluster
424
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
425
##
426
extraPorts: []
427
## @param service.annotations Additional annotations for kube-state-metrics service
428
##
429
annotations: {}
430
## @param service.labels Additional labels for kube-state-metrics service
431
##
432
labels: {}
433
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
434
## If "ClientIP", consecutive client requests will be directed to the same Pod
435
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
436
##
437
sessionAffinity: None
438
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
439
## sessionAffinityConfig:
440
## clientIP:
441
## timeoutSeconds: 300
442
##
443
sessionAffinityConfig: {}
444
## @param hostNetwork Enable hostNetwork mode
445
##
446
hostNetwork: false
447
## @param priorityClassName Priority class assigned to the Pods
448
##
449
priorityClassName: ""
450
## @param schedulerName Name of the k8s scheduler (other than default)
451
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
452
##
453
schedulerName: ""
454
## @param terminationGracePeriodSeconds In seconds, time the given to the kube-state-metrics pod needs to terminate gracefully
455
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
456
##
457
terminationGracePeriodSeconds: ""
458
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
459
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
460
## The value is evaluated as a template
461
##
462
topologySpreadConstraints: []
463
## Resource requests and limits
464
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
465
## choice for the user. This also increases chances charts run on environments with little
466
## resources, such as Minikube. If you do want to specify resources, uncomment the following
467
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
468
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
469
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
470
##
471
resourcesPreset: "micro"
472
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
473
## Example:
474
## resources:
475
## requests:
476
## cpu: 2
477
## memory: 512Mi
478
## limits:
479
## cpu: 3
480
## memory: 1024Mi
481
##
482
resources: {}
483
## @param replicaCount Desired number of controller pods
484
##
485
replicaCount: 1
486
## @param podLabels Pod labels
487
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
488
##
489
podLabels: {}
490
## @param podAnnotations Pod annotations
491
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
492
##
493
podAnnotations: {}
494
## @param updateStrategy Allows setting of `RollingUpdate` strategy
495
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
496
##
497
updateStrategy: {}
498
## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update
499
##
500
minReadySeconds: 0
501
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
502
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
503
##
504
podAffinityPreset: ""
505
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
506
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
507
##
508
podAntiAffinityPreset: soft
509
## Node affinity preset
510
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
511
##
512
nodeAffinityPreset:
513
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
514
##
515
type: ""
516
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
517
## E.g.
518
## key: "kubernetes.io/e2e-az-name"
519
##
520
key: ""
521
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
522
## E.g.
523
## values:
524
## - e2e-az1
525
## - e2e-az2
526
##
527
values: []
528
## @param affinity Affinity for pod assignment
529
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
530
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
531
##
532
affinity: {}
533
## @param nodeSelector Node labels for pod assignment
534
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
535
##
536
nodeSelector: {}
537
## @param tolerations Tolerations for pod assignment
538
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
539
##
540
tolerations: []
541
## Configure extra options for liveness probe
542
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
543
## @param livenessProbe.enabled Turn on and off liveness probe
544
## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
545
## @param livenessProbe.periodSeconds How often to perform the probe
546
## @param livenessProbe.timeoutSeconds When the probe times out
547
## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe
548
## @param livenessProbe.successThreshold Minimum consecutive successes for the probe
549
##
550
livenessProbe:
551
enabled: true
552
initialDelaySeconds: 120
553
periodSeconds: 10
554
timeoutSeconds: 5
555
failureThreshold: 6
556
successThreshold: 1
557
## Configure extra options for readiness probe
558
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
559
## @param readinessProbe.enabled Turn on and off readiness probe
560
## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
561
## @param readinessProbe.periodSeconds How often to perform the probe
562
## @param readinessProbe.timeoutSeconds When the probe times out
563
## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe
564
## @param readinessProbe.successThreshold Minimum consecutive successes for the probe
565
##
566
readinessProbe:
567
enabled: true
568
initialDelaySeconds: 30
569
periodSeconds: 10
570
timeoutSeconds: 5
571
failureThreshold: 6
572
successThreshold: 1
573
## Configure extra options for startup probe
574
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
575
## @param startupProbe.enabled Turn on and off startup probe
576
## @param startupProbe.initialDelaySeconds Delay before startup probe is initiated
577
## @param startupProbe.periodSeconds How often to perform the probe
578
## @param startupProbe.timeoutSeconds When the probe times out
579
## @param startupProbe.failureThreshold Minimum consecutive failures for the probe
580
## @param startupProbe.successThreshold Minimum consecutive successes for the probe
581
##
582
startupProbe:
583
enabled: false
584
initialDelaySeconds: 30
585
periodSeconds: 10
586
timeoutSeconds: 5
587
failureThreshold: 6
588
successThreshold: 1
589
## @param customStartupProbe Custom liveness probe for the Web component
590
##
591
customStartupProbe: {}
592
## @param customLivenessProbe Custom liveness probe for the Web component
593
##
594
customLivenessProbe: {}
595
## @param customReadinessProbe Custom readiness probe for the Web component
596
##
597
customReadinessProbe: {}
598
## ServiceMonitor configuration
599
##
600
serviceMonitor:
601
## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics
602
##
603
enabled: false
604
## @param serviceMonitor.namespace Namespace in which Prometheus is running
605
## e.g:
606
## namespace: monitoring
607
##
608
namespace: ""
609
## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
610
##
611
jobLabel: ""
612
## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
613
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
614
## e.g:
615
## interval: 10s
616
##
617
interval: ""
618
## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
619
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
620
## e.g:
621
## scrapeTimeout: 10s
622
##
623
scrapeTimeout: ""
624
## @param serviceMonitor.selector ServiceMonitor selector labels
625
## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration
626
## e.g:
627
## selector:
628
## prometheus: my-prometheus
629
##
630
selector: {}
631
## @param serviceMonitor.honorLabels Honor metrics labels
632
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
633
## e.g:
634
## honorLabels: false
635
##
636
honorLabels: false
637
## @param serviceMonitor.relabelings ServiceMonitor relabelings
638
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
639
##
640
relabelings: []
641
## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings
642
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
643
##
644
metricRelabelings: []
645
## @param serviceMonitor.labels Extra labels for the ServiceMonitor
646
##
647
labels: {}
648
## @param serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor
649
## (e.g. tlsConfig for further customization of the HTTPS behavior)
650
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint
651
##
652
extraParameters: {}
653
## @param serviceMonitor.sampleLimit Per-scrape limit on number of scraped samples that will be accepted.
654
##
655
sampleLimit: ""
656
## selfMonitor configuration
657
##
658
selfMonitor:
659
## @param selfMonitor.enabled Creates a selfMonitor to monitor kube-state-metrics itself
660
##
661
enabled: false
662
## @param selfMonitor.telemetryNodePort Kube-state-metrics Node Port
663
##
664
telemetryNodePort: ""
665

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.