thanos

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# This file has been modified by Chainguard, Inc.

# Chainguard, Inc. modifications are subject to the license

# available at: https://www.chainguard.dev/legal/software-license-agreement

# SPDX-License-Identifier: APACHE-2.0

## @section Global parameters

## Global Docker image parameters

## Please, note that this will override the image parameters, including dependencies, configured to use the global value

## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global Docker image registry

## @param global.imagePullSecrets Global Docker registry secret names as an array

## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)

global:

imageRegistry: ""

## e.g:

## imagePullSecrets:

## - myRegistryKeySecretName

imagePullSecrets: []

defaultStorageClass: ""

## Security parameters

security:

## @param global.security.allowInsecureImages Allows skipping image verification

allowInsecureImages: false

## Compatibility adaptations for Kubernetes platforms

compatibility:

## Compatibility adaptations for Openshift

openshift:

## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

adaptSecurityContext: auto

org: ""

## @section Common parameters

## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)

kubeVersion: ""

## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)

nameOverride: ""

## @param fullnameOverride String to fully override common.names.fullname template

fullnameOverride: ""

## @param commonLabels Add labels to all the deployed resources

commonLabels: {}

## @param commonAnnotations Add annotations to all the deployed resources

commonAnnotations: {}

## @param clusterDomain Kubernetes Cluster Domain

clusterDomain: cluster.local

## @param extraDeploy Array of extra objects to deploy with the release

extraDeploy: []

## @section Thanos common parameters

## Iamguarded Thanos image

## @param image.registry [default: REGISTRY_NAME] Thanos image registry

## @param image.repository [default: REPOSITORY_NAME/thanos] Thanos image repository

## @skip image.tag Thanos image tag (immutable tags are recommended)

## @param image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

## @param image.pullPolicy Thanos image pull policy

## @param image.pullSecrets Specify docker-registry secret names as an array

image:

registry: cgr.dev

repository: chainguard-private/thanos-iamguarded

tag: 0.41.0

digest: ""

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

pullPolicy: IfNotPresent

## Optionally specify an array of imagePullSecrets.

## Secrets must be manually created in the namespace.

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

## e.g:

## pullSecrets:

## - myRegistryKeySecretName

pullSecrets: []

## @param objstoreConfig The [objstore configuration](https://thanos.io/tip/thanos/storage.md/)

## Specify content for objstore.yml

objstoreConfig: ""

## @param indexCacheConfig The [index cache configuration](https://thanos.io/tip/components/store.md/)

## Specify content for index-cache.yml

indexCacheConfig: ""

## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/tip/components/store.md/)

100

## Specify content for bucket-cache.yml

101

102

bucketCacheConfig: ""

103

## @param existingObjstoreSecret Secret with Objstore Configuration

104

## Note: This will override objstoreConfig

105

106

existingObjstoreSecret: ""

107

## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml

108

109

existingObjstoreSecretItems: []

110

## @param httpConfig The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/)

111

## If provided, overrides settings under https.* and auth.*

112

httpConfig: ""

113

## @param existingHttpConfigSecret Secret containing the HTTPS and Basic auth configuration

114

115

existingHttpConfigSecret: ""

116

## HTTPS configuration (Experimental)

117

## Ref: https://thanos.io/tip/operating/https.md/

118

119

https:

120

## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key.

121

122

enabled: false

123

## @param https.autoGenerated Create self-signed TLS certificates.

124

125

autoGenerated: false

126

## @param https.existingSecret Existing secret containing your own server key and certificate

127

128

existingSecret: ""

129

## @param https.certFilename

130

131

certFilename: "tls.crt"

132

## @param https.keyFilename

133

134

keyFilename: "tls.key"

135

## @param https.caFilename

136

137

caFilename: "ca.crt"

138

## @param https.key TLS Key for Thanos HTTPS - ignored if existingSecret is provided

139

## @param https.cert TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided

140

## @param https.ca (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided

141

142

key: ""

143

cert: ""

144

ca: ""

145

## @param https.clientAuthType Server policy for client authentication using certificates. Maps to ClientAuth Policies.

146

## For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType

147

clientAuthType: ""

148

## @param https.extraTlsServerConfig Extra tls_server_config options

149

## For more detail on possible options: https://thanos.io/tip/operating/https.md

150

extraTlsServerConfig: {}

151

## Thanos Basic authentication (Experimental)

152

153

auth:

154

## @param auth.basicAuthUsers Object containing <user>:<passwords> key-value pairs for each user that will have access via basic authentication

155

## Note: Passwords will be later encrypted using bcrypt

156

basicAuthUsers: {}

157

## @section Thanos Query parameters

158

query:

159

## @param query.enabled Set to true to enable Thanos Query component

160

161

enabled: true

162

## @param query.logLevel Thanos Query log level

163

164

logLevel: info

165

## @param query.logFormat Thanos Query log format

166

167

logFormat: logfmt

168

## @param query.replicaLabel Replica indicator(s) along which data is de-duplicated

169

170

replicaLabel: [replica]

171

## Dynamically configure store APIs using DNS discovery

172

## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS

173

## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery

174

## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery

175

176

dnsDiscovery:

177

enabled: true

178

sidecarsService: ""

179

sidecarsNamespace: ""

180

## @param query.stores Statically configure store APIs to connect with Thanos Query

181

182

stores: []

183

## @param query.sdConfig Query Service Discovery Configuration

184

## Specify content for servicediscovery.yml

185

186

sdConfig: ""

187

## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration

188

## NOTE: This will override query.sdConfig

189

190

existingSDConfigmap: ""

191

## @param query.extraEnvVars Extra environment variables for Thanos Query container

192

## e.g:

193

## extraEnvVars:

194

## - name: FOO

195

## value: "bar"

196

197

extraEnvVars: []

198

## @param query.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query nodes

199

200

extraEnvVarsCM: ""

201

## @param query.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query nodes

202

203

extraEnvVarsSecret: ""

204

## @param query.extraFlags Extra Flags to passed to Thanos Query

205

206

extraFlags: []

207

## @param query.command Override default container command (useful when using custom images)

208

209

command: []

210

## @param query.args Override default container args (useful when using custom images)

211

212

args: []

213

## @param query.replicaCount Number of Thanos Query replicas to deploy

214

215

replicaCount: 1

216

## @param query.revisionHistoryLimit The number of old history to retain to allow rollback

217

218

revisionHistoryLimit: 10

219

## @param query.updateStrategy.type Update strategy type for Thanos Query replicas

220

221

updateStrategy:

222

type: RollingUpdate

223

## @param query.containerPorts.http HTTP container port

224

## @param query.containerPorts.grpc HTTP container port

225

226

containerPorts:

227

http: 10902

228

grpc: 10901

229

## K8s Pod Security Context for Thanos Query pods

230

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

231

## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods

232

## @param query.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

233

## @param query.podSecurityContext.sysctls Set kernel settings using the sysctl interface

234

## @param query.podSecurityContext.supplementalGroups Set filesystem extra groups

235

## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query pods

236

237

podSecurityContext:

238

enabled: true

239

fsGroupChangePolicy: Always

240

sysctls: []

241

supplementalGroups: []

242

fsGroup: 1001

243

## K8s containers' Security Context for Thanos Query containers

244

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

245

## @param query.containerSecurityContext.enabled Enabled containers' Security Context

246

## @param query.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

247

## @param query.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

248

## @param query.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

249

## @param query.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

250

## @param query.containerSecurityContext.privileged Set container's Security Context privileged

251

## @param query.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

252

## @param query.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

253

## @param query.containerSecurityContext.capabilities.drop List of capabilities to be dropped

254

## @param query.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

255

256

containerSecurityContext:

257

enabled: true

258

seLinuxOptions: {}

259

runAsUser: 1001

260

runAsGroup: 1001

261

runAsNonRoot: true

262

privileged: false

263

readOnlyRootFilesystem: true

264

allowPrivilegeEscalation: false

265

capabilities:

266

drop: ["ALL"]

267

seccompProfile:

268

type: "RuntimeDefault"

269

## Thanos Query containers' resource requests and limits

270

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

271

## @param query.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if query.resources is set (query.resources is recommended for production).

272

273

resourcesPreset: "nano"

274

## @param query.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

275

## Example:

276

## resources:

277

## requests:

278

## cpu: 2

279

## memory: 512Mi

280

## limits:

281

## cpu: 3

282

## memory: 1024Mi

283

284

resources: {}

285

## Configure extra options for Thanos Query containers' liveness and readiness probes

286

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

287

## @param query.livenessProbe.enabled Enable livenessProbe on Thanos Query containers

288

## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

289

## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe

290

## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

291

## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe

292

## @param query.livenessProbe.successThreshold Success threshold for livenessProbe

293

294

livenessProbe:

295

enabled: true

296

initialDelaySeconds: 30

297

timeoutSeconds: 30

298

periodSeconds: 10

299

successThreshold: 1

300

failureThreshold: 6

301

## @param query.readinessProbe.enabled Enable readinessProbe on Thanos Query containers

302

## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

303

## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe

304

## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

305

## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe

306

## @param query.readinessProbe.successThreshold Success threshold for readinessProbe

307

308

readinessProbe:

309

enabled: true

310

initialDelaySeconds: 30

311

timeoutSeconds: 30

312

periodSeconds: 10

313

successThreshold: 1

314

failureThreshold: 6

315

## @param query.startupProbe.enabled Enable startupProbe on Thanos Query containers

316

## @param query.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

317

## @param query.startupProbe.periodSeconds Period seconds for startupProbe

318

## @param query.startupProbe.timeoutSeconds Timeout seconds for startupProbe

319

## @param query.startupProbe.failureThreshold Failure threshold for startupProbe

320

## @param query.startupProbe.successThreshold Success threshold for startupProbe

321

322

startupProbe:

323

enabled: false

324

initialDelaySeconds: 5

325

periodSeconds: 5

326

timeoutSeconds: 1

327

failureThreshold: 15

328

successThreshold: 1

329

## @param query.customLivenessProbe Custom livenessProbe that overrides the default one

330

331

customLivenessProbe: {}

332

## @param query.customReadinessProbe Custom readinessProbe that overrides the default one

333

334

customReadinessProbe: {}

335

## @param query.customStartupProbe Custom startupProbe that overrides the default one

336

337

customStartupProbe: {}

338

## @param query.initContainers Add additional init containers to the Thanos Query pods

339

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

340

## e.g:

341

## initContainers:

342

## - name: your-image-name

343

## image: your-image

344

## imagePullPolicy: Always

345

## command: ['sh', '-c', 'echo "hello world"']

346

347

initContainers: []

348

## @param query.sidecars Extra containers running as sidecars to Thanos Query pods

349

## e.g:

350

## sidecars:

351

## - name: your-image-name

352

## image: your-image

353

## imagePullPolicy: Always

354

## ports:

355

## - name: portname

356

## containerPort: 1234

357

358

sidecars: []

359

## @param query.extraVolumes Extra volumes to add to Thanos Query

360

361

extraVolumes: []

362

## @param query.extraVolumeMounts Extra volume mounts to add to the query container

363

364

extraVolumeMounts: []

365

## @param query.podAffinityPreset Thanos Query pod affinity preset

366

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

367

368

podAffinityPreset: ""

369

## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard`

370

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

371

372

podAntiAffinityPreset: soft

373

## @param query.podAntiAffinityPresetTopologyKey Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set.

374

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

375

376

podAntiAffinityPresetTopologyKey: ""

377

## Thanos Query node affinity preset

378

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

379

380

nodeAffinityPreset:

381

## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard`

382

383

type: ""

384

## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set.

385

## e.g:

386

## key: "kubernetes.io/e2e-az-name"

387

388

key: ""

389

## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set.

390

## e.g:

391

## values:

392

## - e2e-az1

393

## - e2e-az2

394

395

values: []

396

## @param query.affinity Thanos Query affinity for pod assignment

397

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

398

## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set

399

400

affinity: {}

401

## @param query.nodeSelector Thanos Query node labels for pod assignment

402

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

403

404

nodeSelector: {}

405

## @param query.tolerations Thanos Query tolerations for pod assignment

406

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

407

408

tolerations: []

409

## @param query.podLabels Thanos Query pod labels

410

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

411

412

podLabels: {}

413

## @param query.podAnnotations Annotations for Thanos Query pods

414

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

415

416

podAnnotations: {}

417

## @param query.dnsConfig Deployment pod DNS config

418

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

419

## E.g.

420

## dnsConfig:

421

## options:

422

## - name: ndots

423

## value: "4"

424

## - name: single-request-reopen

425

426

dnsConfig: {}

427

## @param query.dnsPolicy Deployment pod DNS policy

428

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

429

## E.g.

430

## dnsPolicy: ClusterFirstWithHostNet

431

432

dnsPolicy: ""

433

## @param query.hostAliases Deployment pod host aliases

434

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

435

436

hostAliases: []

437

## @param query.lifecycleHooks for the Thanos Query container(s) to automate configuration before or after startup

438

439

lifecycleHooks: {}

440

## @param query.priorityClassName Thanos Query priorityClassName

441

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

442

443

priorityClassName: ""

444

## @param query.schedulerName Name of the k8s scheduler (other than default) for Thanos Query pods

445

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

446

447

schedulerName: ""

448

## @param query.topologySpreadConstraints Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains

449

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

450

451

topologySpreadConstraints: []

452

## Thanos Query GRPC parameters

453

## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags

454

455

grpc:

456

## GRPC server side

457

458

server:

459

## TLS configuration

460

## @param query.grpc.server.tls.enabled Enable TLS encryption in the GRPC server

461

## @param query.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates

462

## @param query.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided

463

## @param query.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided

464

## @param query.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided

465

## @param query.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA

466

## @param query.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates

467

## e.g:

468

## existingSecret:

469

## name: foo

470

## keyMapping:

471

## ca-cert: ca.pem

472

## tls-cert: cert.pem

473

## tls-key: key.pem

474

475

tls:

476

enabled: false

477

autoGenerated: false

478

cert: ""

479

key: ""

480

ca: ""

481

clientAuthEnabled: true

482

existingSecret: {}

483

## GRPC client side

484

485

client:

486

## @param query.grpc.client.serverName Server name to verify the hostname on the returned GRPC certificates

487

488

serverName: ""

489

## TLS configuration

490

## @param query.grpc.client.tls.enabled Enable TLS encryption in the GRPC server

491

## @param query.grpc.client.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates

492

## @param query.grpc.client.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided

493

## @param query.grpc.client.tls.key TLS Key for GRPC server - ignored if existingSecret is provided

494

## @param query.grpc.client.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided

495

## @param query.grpc.client.tls.existingSecret Existing secret containing your own TLS certificates

496

## e.g:

497

## existingSecret:

498

## name: foo

499

## keyMapping:

500

## ca-cert: ca.pem

501

## tls-cert: cert.pem

502

## tls-key: key.pem

503

504

tls:

505

enabled: false

506

autoGenerated: false

507

cert: ""

508

key: ""

509

ca: ""

510

existingSecret: {}

511

## Network Policies

512

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

513

514

networkPolicy:

515

## @param query.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

516

517

enabled: true

518

## @param query.networkPolicy.allowExternal Don't require client label for connections

519

## The Policy model to apply. When set to false, only pods with the correct

520

## client label will have network access to the ports the application is listening

521

## on. When true, the app will accept connections from any source

522

## (with the correct destination port).

523

524

allowExternal: true

525

## @param query.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

526

527

allowExternalEgress: true

528

## @param query.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

529

## e.g:

530

## extraIngress:

531

## - ports:

532

## - port: 1234

533

## from:

534

## - podSelector:

535

## - matchLabels:

536

## - role: frontend

537

## - podSelector:

538

## - matchExpressions:

539

## - key: role

540

## operator: In

541

## values:

542

## - frontend

543

extraIngress: []

544

## @param query.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

545

## e.g:

546

## extraEgress:

547

## - ports:

548

## - port: 1234

549

## to:

550

## - podSelector:

551

## - matchLabels:

552

## - role: frontend

553

## - podSelector:

554

## - matchExpressions:

555

## - key: role

556

## operator: In

557

## values:

558

## - frontend

559

560

extraEgress: []

561

## @param query.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

562

## @param query.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

563

564

ingressNSMatchLabels: {}

565

ingressNSPodMatchLabels: {}

566

## Service parameters

567

568

service:

569

## @param query.service.type Kubernetes service type

570

571

type: ClusterIP

572

## @param query.service.ports.http Thanos Query service HTTP port

573

574

ports:

575

http: 9090

576

## @param query.service.nodePorts.http Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types

577

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

578

579

nodePorts:

580

http: ""

581

## @param query.service.clusterIP Thanos Query service clusterIP IP

582

## e.g:

583

## clusterIP: None

584

585

clusterIP: ""

586

## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

587

## Set the LoadBalancer service type to internal only

588

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

589

590

loadBalancerIP: ""

591

## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer

592

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

593

## e.g:

594

## loadBalancerSourceRanges:

595

## - 10.10.10.0/24

596

597

loadBalancerSourceRanges: []

598

## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy

599

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

600

601

externalTrafficPolicy: Cluster

602

## @param query.service.labels Labels for Thanos Query service

603

604

labels: {}

605

## @param query.service.annotations Annotations for Thanos Query service

606

607

annotations: {}

608

## @param query.service.extraPorts Extra ports to expose in the Thanos Query service

609

610

extraPorts: []

611

## @param query.service.labelSelectorsOverride Selector for Thanos Query service

612

613

labelSelectorsOverride: {}

614

## @param query.service.additionalHeadless Additional Headless service

615

616

additionalHeadless: false

617

## Headless service properties

618

619

headless:

620

## @param query.service.headless.annotations Annotations for the headless service.

621

622

annotations: {}

623

## @param query.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

624

625

ipFamilyPolicy: ""

626

## @param query.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

627

628

ipFamilies: []

629

## Service GRPC parameters

630

631

serviceGrpc:

632

## @param query.serviceGrpc.type Kubernetes service type

633

634

type: ClusterIP

635

## @param query.serviceGrpc.ports.grpc Thanos Query service GRPC port

636

637

ports:

638

grpc: 10901

639

## @param query.serviceGrpc.nodePorts.grpc Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types

640

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

641

642

nodePorts:

643

grpc: ""

644

## @param query.serviceGrpc.clusterIP Thanos Query service clusterIP IP

645

## e.g:

646

## clusterIP: None

647

648

clusterIP: ""

649

## @param query.serviceGrpc.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

650

## Set the LoadBalancer service type to internal only

651

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

652

653

loadBalancerIP: ""

654

## @param query.serviceGrpc.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer

655

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

656

## e.g:

657

## loadBalancerSourceRanges:

658

## - 10.10.10.0/24

659

660

loadBalancerSourceRanges: []

661

## @param query.serviceGrpc.externalTrafficPolicy Thanos Query service externalTrafficPolicy

662

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

663

664

externalTrafficPolicy: Cluster

665

## @param query.serviceGrpc.labels Labels for Thanos Query service GRPC

666

667

labels: {}

668

## @param query.serviceGrpc.annotations Annotations for Thanos Query service

669

670

annotations: {}

671

## @param query.serviceGrpc.extraPorts Extra ports to expose in the Thanos Query service

672

673

extraPorts: []

674

## @param query.serviceGrpc.labelSelectorsOverride Selector for Thanos Query service

675

676

labelSelectorsOverride: {}

677

## @param query.serviceGrpc.additionalHeadless Additional Headless service

678

679

additionalHeadless: false

680

## Headless service properties

681

682

headless:

683

## @param query.serviceGrpc.headless.annotations Annotations for the headless service.

684

685

annotations: {}

686

## @param query.serviceGrpc.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

687

688

ipFamilyPolicy: ""

689

## @param query.serviceGrpc.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

690

691

ipFamilies: []

692

## Autoscaling parameters

693

## @param query.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment

694

695

automountServiceAccountToken: true

696

## ServiceAccount configuration

697

## @param query.serviceAccount.create Specifies whether a ServiceAccount should be created

698

## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

699

## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account

700

## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

701

702

serviceAccount:

703

create: true

704

705

annotations: {}

706

automountServiceAccountToken: false

707

## RBAC configuration

708

709

rbac:

710

## @param query.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account

711

712

create: false

713

## @param query.rbac.rules Custom RBAC rules to set

714

## e.g:

715

## rules:

716

## - apiGroups:

717

## - ""

718

## resources:

719

## - pods

720

## verbs:

721

## - get

722

## - list

723

724

rules: []

725

## @param query.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query

726

## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later

727

728

pspEnabled: false

729

## Thanos Query Autoscaling configuration

730

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

731

## @param query.autoscaling.enabled Enable autoscaling for Thanos Query

732

## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas

733

## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas

734

## @param query.autoscaling.targetCPU Target CPU utilization percentage

735

## @param query.autoscaling.targetMemory Target Memory utilization percentage

736

## @param query.autoscaling.targetPodMetrics [array] List of custom pod metrics name and averageValue to evaluate for scaling

737

## @param query.autoscaling.behavior HPA Behavior

738

## @param query.externalAutoscaler Specifies whether the Thanos Query deployment is scaled by an external autoscaler

739

## e.g.

740

## targetPodMetrics:

741

## - name: thanos_query_range_query_duration

742

## averageValue: 2

743

## - name: thanos_query_promql_duration_metric

744

## averageValue: 0.5

745

746

autoscaling:

747

enabled: false

748

minReplicas: ""

749

maxReplicas: ""

750

targetCPU: ""

751

targetMemory: ""

752

targetPodMetrics: []

753

behavior: {}

754

externalAutoscaler: false

755

## Thanos Query Pod Disruption Budget configuration

756

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

757

## @param query.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query

758

## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

759

## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

760

761

pdb:

762

create: true

763

minAvailable: ""

764

maxUnavailable: ""

765

## Configure the ingress resource that allows you to access Thanos Query

766

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

767

768

ingress:

769

## @param query.ingress.enabled Enable ingress controller resource

770

771

enabled: false

772

## @param query.ingress.hostname Default host for the ingress resource

773

774

hostname: thanos.local

775

## @param query.ingress.secretName Custom secretName for the ingress resource

776

## If query.ingress.secretName is not set, the secret will be named as follows: query.ingress.hostname-tls

777

secretName: ""

778

## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

779

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

780

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

781

782

ingressClassName: ""

783

## @param query.ingress.labels Additional label for the Ingress resource.

784

## Use this parameter to set the required labels for your needs

785

## e.g:

786

## labels:

787

## dns-managed-by-external-dns: 'true'

788

789

labels: {}

790

## @param query.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

791

## For a full list of possible ingress annotations, please see

792

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

793

## Use this parameter to set the required annotations for cert-manager, see

794

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

795

796

## e.g:

797

## annotations:

798

## kubernetes.io/ingress.class: nginx

799

## cert-manager.io/cluster-issuer: cluster-issuer-name

800

801

annotations: {}

802

## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

803

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

804

## extraHosts:

805

## - name: thanos.local

806

## path: /

807

## pathType: ImplementationSpecific

808

809

extraHosts: []

810

## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

811

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

812

## extraTls:

813

## - hosts:

814

## - thanos.local

815

## secretName: thanos.local-tls

816

817

extraTls: []

818

## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

819

## key and certificate should start with -----BEGIN CERTIFICATE----- or

820

## -----BEGIN RSA PRIVATE KEY-----

821

822

## name should line up with a tlsSecret set further up

823

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

824

825

## It is also possible to create and manage the certificates outside of this helm chart

826

## Please see README.md for more information

827

## e.g:

828

## - name: thanos.local-tls

829

## key:

830

## certificate:

831

832

secrets: []

833

## @param query.ingress.extraRules Additional rules to be covered with this ingress record

834

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

835

## e.g:

836

## extraRules:

837

## - host: example.local

838

## http:

839

## path: /

840

## backend:

841

## service:

842

## name: example-svc

843

## port:

844

## name: http

845

846

extraRules: []

847

## @param query.ingress.tls Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter

848

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.hostname }}`

849

## You can:

850

## - Use the `query.ingress.secrets` parameter to create this TLS secret

851

## - Rely on cert-manager to create it by setting the corresponding annotations

852

## - Rely on Helm to create self-signed certificates by setting `query.ingress.selfSigned=true`

853

854

tls: false

855

## @param query.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

856

857

selfSigned: false

858

## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set)

859

860

apiVersion: ""

861

## @param query.ingress.path Ingress path

862

863

path: /

864

## @param query.ingress.pathType Ingress path type

865

866

pathType: ImplementationSpecific

867

## Create an ingress object for the GRPC service. This requires an HTTP/2

868

## capable Ingress controller (eg. traefik using AWS NLB). Example annotations

869

## - ingress.kubernetes.io/protocol: h2c

870

## - service.beta.kubernetes.io/aws-load-balancer-type: nlb

871

## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp

872

## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/

873

## and also the documentation for your ingress controller.

874

875

## The options that are accepted are identical to the HTTP one listed above

876

877

grpc:

878

## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC)

879

880

enabled: false

881

## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC)

882

883

hostname: thanos-grpc.local

884

## @param query.ingress.grpc.secretName Custom secretName for the ingress resource (GRPC)

885

## If query.ingress.grpc.secretName is not set, the secret will be named as follows: query.ingress.grpc.hostname-tls

886

secretName: ""

887

## @param query.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

888

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

889

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

890

891

ingressClassName: ""

892

## @param query.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations.

893

## For a full list of possible ingress annotations, please see

894

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

895

## Use this parameter to set the required annotations for cert-manager, see

896

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

897

898

## Examples:

899

## kubernetes.io/ingress.class: nginx

900

## cert-manager.io/cluster-issuer: cluster-issuer-name

901

902

annotations: {}

903

## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record.

904

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

905

## extraHosts:

906

## - name: thanos-grpc.local

907

## path: /

908

909

extraHosts: []

910

## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

911

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

912

## extraTls:

913

## - hosts:

914

## - thanos-grpc.local

915

## secretName: thanos-grpc.local-tls

916

917

extraTls: []

918

## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets

919

## key and certificate should start with -----BEGIN CERTIFICATE----- or

920

## -----BEGIN RSA PRIVATE KEY-----

921

922

## name should line up with a tlsSecret set further up

923

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

924

925

## It is also possible to create and manage the certificates outside of this helm chart

926

## Please see README.md for more information

927

## e.g:

928

## - name: thanos-grpc.local-tls

929

## key:

930

## certificate:

931

932

secrets: []

933

## @param query.ingress.grpc.extraRules Additional rules to be covered with this ingress record

934

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

935

## e.g:

936

## extraRules:

937

## - host: example.local

938

## http:

939

## path: /

940

## backend:

941

## service:

942

## name: example-svc

943

## port:

944

## name: http

945

946

extraRules: []

947

## @param query.ingress.grpc.tls Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter

948

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.grpc.hostname }}`

949

## You can:

950

## - Use the `query.ingress.grpc.secrets` parameter to create this TLS secret

951

## - Rely on cert-manager to create it by setting the corresponding annotations

952

## - Rely on Helm to create self-signed certificates by setting `query.ingress.grpc.selfSigned=true`

953

954

tls: false

955

## @param query.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

956

957

selfSigned: false

958

## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set)

959

960

apiVersion: ""

961

## @param query.ingress.grpc.path Ingress Path

962

963

path: /

964

## @param query.ingress.grpc.pathType Ingress Path type

965

966

pathType: ImplementationSpecific

967

## @section Thanos Query Frontend parameters

968

queryFrontend:

969

## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component

970

971

enabled: true

972

## @param queryFrontend.logLevel Thanos Query Frontend log level

973

974

logLevel: info

975

## @param queryFrontend.logFormat Thanos Query Frontend log format

976

977

logFormat: logfmt

978

## @param queryFrontend.config Thanos Query Frontend configuration

979

## Specify content for config.yml

980

981

config: ""

982

## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend configuration

983

## NOTE: This will override queryFrontend.config

984

985

existingConfigmap: ""

986

## @param queryFrontend.extraEnvVars Extra environment variables for Thanos Query Frontend container

987

## e.g:

988

## extraEnvVars:

989

## - name: FOO

990

## value: "bar"

991

992

extraEnvVars: []

993

## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes

994

995

extraEnvVarsCM: ""

996

## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query Frontend nodes

997

998

extraEnvVarsSecret: ""

999

## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend

1000

1001

extraFlags: []

1002

## @param queryFrontend.command Override default container command (useful when using custom images)

1003

1004

command: []

1005

## @param queryFrontend.args Override default container args (useful when using custom images)

1006

1007

args: []

1008

## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy

1009

1010

replicaCount: 1

1011

## @param queryFrontend.revisionHistoryLimit The number of old history to retain to allow rollback

1012

1013

revisionHistoryLimit: 10

1014

## @param queryFrontend.updateStrategy.type Update strategy type for Thanos Query Frontend replicas

1015

1016

updateStrategy:

1017

type: RollingUpdate

1018

## @param queryFrontend.containerPorts.http HTTP container port

1019

1020

containerPorts:

1021

http: 9090

1022

## K8s Pod Security Context for Thanos Query Frontend pods

1023

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1024

## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods

1025

## @param queryFrontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1026

## @param queryFrontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface

1027

## @param queryFrontend.podSecurityContext.supplementalGroups Set filesystem extra groups

1028

## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query Frontend pods

1029

1030

podSecurityContext:

1031

enabled: true

1032

fsGroupChangePolicy: Always

1033

sysctls: []

1034

supplementalGroups: []

1035

fsGroup: 1001

1036

## K8s containers' Security Context for Thanos Query Frontend containers

1037

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

1038

## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context

1039

## @param queryFrontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1040

## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

1041

## @param queryFrontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

1042

## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

1043

## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged

1044

## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

1045

## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

1046

## @param queryFrontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped

1047

## @param queryFrontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1048

1049

containerSecurityContext:

1050

enabled: true

1051

seLinuxOptions: {}

1052

runAsUser: 1001

1053

runAsGroup: 1001

1054

runAsNonRoot: true

1055

privileged: false

1056

readOnlyRootFilesystem: true

1057

allowPrivilegeEscalation: false

1058

capabilities:

1059

drop: ["ALL"]

1060

seccompProfile:

1061

type: "RuntimeDefault"

1062

## Thanos Query Frontend containers' resource requests and limits

1063

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1064

## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production).

1065

1066

resourcesPreset: "nano"

1067

## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1068

## Example:

1069

## resources:

1070

## requests:

1071

## cpu: 2

1072

## memory: 512Mi

1073

## limits:

1074

## cpu: 3

1075

## memory: 1024Mi

1076

1077

resources: {}

1078

## Configure extra options for Thanos Query Frontend containers' liveness and readiness probes

1079

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1080

## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on Thanos Query Frontend containers

1081

## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1082

## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe

1083

## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1084

## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe

1085

## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe

1086

1087

livenessProbe:

1088

enabled: true

1089

initialDelaySeconds: 30

1090

timeoutSeconds: 30

1091

periodSeconds: 10

1092

successThreshold: 1

1093

failureThreshold: 6

1094

## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on Thanos Query Frontend containers

1095

## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1096

## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe

1097

## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1098

## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe

1099

## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe

1100

1101

readinessProbe:

1102

enabled: true

1103

initialDelaySeconds: 30

1104

timeoutSeconds: 30

1105

periodSeconds: 10

1106

successThreshold: 1

1107

failureThreshold: 6

1108

## @param queryFrontend.startupProbe.enabled Enable startupProbe on Thanos Query Frontend containers

1109

## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1110

## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe

1111

## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1112

## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe

1113

## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe

1114

1115

startupProbe:

1116

enabled: false

1117

initialDelaySeconds: 5

1118

periodSeconds: 5

1119

timeoutSeconds: 1

1120

failureThreshold: 15

1121

successThreshold: 1

1122

## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one

1123

1124

customLivenessProbe: {}

1125

## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one

1126

1127

customReadinessProbe: {}

1128

## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one

1129

1130

customStartupProbe: {}

1131

## @param queryFrontend.initContainers Add additional init containers to the Thanos Query Frontend pods

1132

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

1133

## e.g:

1134

## initContainers:

1135

## - name: your-image-name

1136

## image: your-image

1137

## imagePullPolicy: Always

1138

## command: ['sh', '-c', 'echo "hello world"']

1139

1140

initContainers: []

1141

## @param queryFrontend.sidecars Extra containers running as sidecars to Thanos Query Frontend pods

1142

## e.g:

1143

## sidecars:

1144

## - name: your-image-name

1145

## image: your-image

1146

## imagePullPolicy: Always

1147

## ports:

1148

## - name: portname

1149

## containerPort: 1234

1150

1151

sidecars: []

1152

## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend

1153

1154

extraVolumes: []

1155

## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container

1156

1157

extraVolumeMounts: []

1158

## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset

1159

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1160

1161

podAffinityPreset: ""

1162

## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`

1163

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1164

1165

podAntiAffinityPreset: soft

1166

## Thanos Query Frontend node affinity preset

1167

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1168

1169

nodeAffinityPreset:

1170

## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`

1171

1172

type: ""

1173

## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set.

1174

## e.g:

1175

## key: "kubernetes.io/e2e-az-name"

1176

1177

key: ""

1178

## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set.

1179

## e.g:

1180

## values:

1181

## - e2e-az1

1182

## - e2e-az2

1183

1184

values: []

1185

## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment

1186

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1187

## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set

1188

1189

affinity: {}

1190

## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment

1191

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1192

1193

nodeSelector: {}

1194

## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment

1195

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1196

1197

tolerations: []

1198

## @param queryFrontend.podLabels Thanos Query Frontend pod labels

1199

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1200

1201

podLabels: {}

1202

## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods

1203

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1204

1205

podAnnotations: {}

1206

## @param queryFrontend.dnsConfig Deployment pod DNS config

1207

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

1208

## E.g.

1209

## dnsConfig:

1210

## options:

1211

## - name: ndots

1212

## value: "4"

1213

## - name: single-request-reopen

1214

1215

dnsConfig: {}

1216

## @param queryFrontend.dnsPolicy Deployment pod DNS policy

1217

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

1218

## E.g.

1219

## dnsPolicy: ClusterFirstWithHostNet

1220

1221

dnsPolicy: ""

1222

## @param queryFrontend.hostAliases Deployment pod host aliases

1223

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1224

1225

hostAliases: []

1226

## @param queryFrontend.lifecycleHooks for the Thanos Query Frontend container(s) to automate configuration before or after startup

1227

1228

lifecycleHooks: {}

1229

## @param queryFrontend.priorityClassName Thanos Query Frontend priorityClassName

1230

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

1231

1232

priorityClassName: ""

1233

## @param queryFrontend.schedulerName Name of the k8s scheduler (other than default) for Thanos Query Frontend pods

1234

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

1235

1236

schedulerName: ""

1237

## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains

1238

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

1239

1240

topologySpreadConstraints: []

1241

## Network Policies

1242

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1243

1244

networkPolicy:

1245

## @param queryFrontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1246

1247

enabled: true

1248

## @param queryFrontend.networkPolicy.allowExternal Don't require client label for connections

1249

## The Policy model to apply. When set to false, only pods with the correct

1250

## client label will have network access to the ports the application is listening

1251

## on. When true, the app will accept connections from any source

1252

## (with the correct destination port).

1253

1254

allowExternal: true

1255

## @param queryFrontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1256

1257

allowExternalEgress: true

1258

## @param queryFrontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1259

## e.g:

1260

## extraIngress:

1261

## - ports:

1262

## - port: 1234

1263

## from:

1264

## - podSelector:

1265

## - matchLabels:

1266

## - role: frontend

1267

## - podSelector:

1268

## - matchExpressions:

1269

## - key: role

1270

## operator: In

1271

## values:

1272

## - frontend

1273

extraIngress: []

1274

## @param queryFrontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

1275

## e.g:

1276

## extraEgress:

1277

## - ports:

1278

## - port: 1234

1279

## to:

1280

## - podSelector:

1281

## - matchLabels:

1282

## - role: frontend

1283

## - podSelector:

1284

## - matchExpressions:

1285

## - key: role

1286

## operator: In

1287

## values:

1288

## - frontend

1289

1290

extraEgress: []

1291

## @param queryFrontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

1292

## @param queryFrontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

1293

1294

ingressNSMatchLabels: {}

1295

ingressNSPodMatchLabels: {}

1296

## Service parameters

1297

1298

service:

1299

## @param queryFrontend.service.type Kubernetes service type

1300

1301

type: ClusterIP

1302

## @param queryFrontend.service.ports.http Thanos Query Frontend service HTTP port

1303

1304

ports:

1305

http: 9090

1306

## @param queryFrontend.service.nodePorts.http Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types

1307

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

1308

1309

nodePorts:

1310

http: ""

1311

## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP

1312

## e.g:

1313

## clusterIP: None

1314

1315

clusterIP: ""

1316

## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

1317

## Set the LoadBalancer service type to internal only

1318

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

1319

1320

loadBalancerIP: ""

1321

## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer

1322

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

1323

## e.g:

1324

## loadBalancerSourceRanges:

1325

## - 10.10.10.0/24

1326

1327

loadBalancerSourceRanges: []

1328

## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy

1329

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

1330

1331

externalTrafficPolicy: Cluster

1332

## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service

1333

1334

annotations: {}

1335

## @param queryFrontend.service.labels Labels for Thanos Query Frontend service

1336

1337

labels: {}

1338

## @param queryFrontend.service.extraPorts Extra ports to expose in the Thanos Query Frontend service

1339

1340

extraPorts: []

1341

## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos Query service

1342

1343

labelSelectorsOverride: {}

1344

## @param queryFrontend.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

1345

1346

ipFamilyPolicy: ""

1347

## @param queryFrontend.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

1348

1349

ipFamilies: []

1350

## @param queryFrontend.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment

1351

1352

automountServiceAccountToken: true

1353

## ServiceAccount configuration

1354

## @param queryFrontend.serviceAccount.create Specifies whether a ServiceAccount should be created

1355

## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

1356

## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account

1357

## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

1358

1359

serviceAccount:

1360

create: true

1361

1362

annotations: {}

1363

automountServiceAccountToken: false

1364

## RBAC configuration

1365

1366

rbac:

1367

## @param queryFrontend.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account

1368

1369

create: false

1370

## @param queryFrontend.rbac.rules Custom RBAC rules to set

1371

## e.g:

1372

## rules:

1373

## - apiGroups:

1374

## - ""

1375

## resources:

1376

## - pods

1377

## verbs:

1378

## - get

1379

## - list

1380

1381

rules: []

1382

## @param queryFrontend.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query Frontend

1383

## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later

1384

1385

pspEnabled: false

1386

## Thanos Query Frontend Autoscaling configuration

1387

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

1388

## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend

1389

## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas

1390

## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas

1391

## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage

1392

## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage

1393

## @param queryFrontend.autoscaling.behavior HPA Behavior

1394

## @param queryFrontend.externalAutoscaler Specifies whether the Thanos Query Frontend deployment is scaled by an external autoscaler

1395

1396

autoscaling:

1397

enabled: false

1398

minReplicas: ""

1399

maxReplicas: ""

1400

targetCPU: ""

1401

targetMemory: ""

1402

behavior: {}

1403

externalAutoscaler: false

1404

## Thanos Query Frontend Pod Disruption Budget configuration

1405

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

1406

## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend

1407

## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1408

## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

1409

1410

pdb:

1411

create: true

1412

minAvailable: ""

1413

maxUnavailable: ""

1414

## Configure the ingress resource that allows you to access Thanos Query Frontend

1415

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

1416

1417

ingress:

1418

## @param queryFrontend.ingress.enabled Enable ingress controller resource

1419

1420

enabled: false

1421

## @param queryFrontend.ingress.hostname Default host for the ingress resource

1422

1423

hostname: thanos.local

1424

## @param queryFrontend.ingress.overrideAlertQueryURL Automatically use query-frontend's ingress hostname as --alert.queryURL for both Query and Ruler.

1425

## This is used in order for the expression url on alerts/rules to be correctly rendered on UI as Frontend's hostname, instead of http://localhost:10902

1426

1427

overrideAlertQueryURL: true

1428

## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

1429

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

1430

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

1431

1432

ingressClassName: ""

1433

## @param queryFrontend.ingress.labels Additional label for the Ingress resource.

1434

## Use this parameter to set the required labels for your needs

1435

## e.g:

1436

## labels:

1437

## dns-managed-by-external-dns: 'true'

1438

1439

labels: {}

1440

## @param queryFrontend.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

1441

## For a full list of possible ingress annotations, please see

1442

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

1443

## Use this parameter to set the required annotations for cert-manager, see

1444

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

1445

1446

## e.g:

1447

## annotations:

1448

## kubernetes.io/ingress.class: nginx

1449

## cert-manager.io/cluster-issuer: cluster-issuer-name

1450

1451

annotations: {}

1452

## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

1453

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

1454

## extraHosts:

1455

## - name: thanos.local

1456

## path: /

1457

## pathType: ImplementationSpecific

1458

1459

extraHosts: []

1460

## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

1461

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

1462

## extraTls:

1463

## - hosts:

1464

## - thanos.local

1465

## secretName: thanos.local-tls

1466

1467

extraTls: []

1468

## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

1469

## key and certificate should start with -----BEGIN CERTIFICATE----- or

1470

## -----BEGIN RSA PRIVATE KEY-----

1471

1472

## name should line up with a tlsSecret set further up

1473

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

1474

1475

## It is also possible to create and manage the certificates outside of this helm chart

1476

## Please see README.md for more information

1477

## e.g:

1478

## - name: thanos.local-tls

1479

## key:

1480

## certificate:

1481

1482

secrets: []

1483

## @param queryFrontend.ingress.extraRules Additional rules to be covered with this ingress record

1484

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

1485

## e.g:

1486

## extraRules:

1487

## - host: example.local

1488

## http:

1489

## path: /

1490

## backend:

1491

## service:

1492

## name: example-svc

1493

## port:

1494

## name: http

1495

1496

extraRules: []

1497

## @param queryFrontend.ingress.tls Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter

1498

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.queryFrontend.ingress.hostname }}`

1499

## You can:

1500

## - Use the `queryFrontend.ingress.secrets` parameter to create this TLS secret

1501

## - Rely on cert-manager to create it by setting the corresponding annotations

1502

## - Rely on Helm to create self-signed certificates by setting `queryFrontend.ingress.selfSigned=true`

1503

1504

tls: false

1505

## @param queryFrontend.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

1506

1507

selfSigned: false

1508

## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set)

1509

1510

apiVersion: ""

1511

## @param queryFrontend.ingress.path Ingress path

1512

1513

path: /

1514

## @param queryFrontend.ingress.pathType Ingress path type

1515

1516

pathType: ImplementationSpecific

1517

## @section Thanos Bucket Web parameters

1518

bucketweb:

1519

## @param bucketweb.enabled Enable/disable Thanos Bucket Web component

1520

1521

enabled: false

1522

## @param bucketweb.logLevel Thanos Bucket Web log level

1523

1524

logLevel: info

1525

## @param bucketweb.logFormat Thanos Bucket Web log format

1526

1527

logFormat: logfmt

1528

## @param bucketweb.refresh Refresh interval to download metadata from remote storage

1529

1530

refresh: 30m

1531

## @param bucketweb.timeout Timeout to download metadata from remote storage

1532

1533

timeout: 5m

1534

## @param bucketweb.extraEnvVars Extra environment variables for Thanos Bucket Web container

1535

## e.g:

1536

## extraEnvVars:

1537

## - name: FOO

1538

## value: "bar"

1539

1540

extraEnvVars: []

1541

## @param bucketweb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes

1542

1543

extraEnvVarsCM: ""

1544

## @param bucketweb.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Bucket Web nodes

1545

1546

extraEnvVarsSecret: ""

1547

## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web

1548

1549

extraFlags: []

1550

## @param bucketweb.command Override default container command (useful when using custom images)

1551

1552

command: []

1553

## @param bucketweb.args Override default container args (useful when using custom images)

1554

1555

args: []

1556

## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy

1557

1558

replicaCount: 1

1559

## @param bucketweb.revisionHistoryLimit The number of old history to retain to allow rollback

1560

1561

revisionHistoryLimit: 10

1562

## @param bucketweb.updateStrategy.type Update strategy type for Thanos Bucket Web replicas

1563

1564

updateStrategy:

1565

type: RollingUpdate

1566

## @param bucketweb.containerPorts.http HTTP container port

1567

1568

containerPorts:

1569

http: 8080

1570

## K8s Pod Security Context for Thanos Bucket Web pods

1571

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1572

## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods

1573

## @param bucketweb.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1574

## @param bucketweb.podSecurityContext.sysctls Set kernel settings using the sysctl interface

1575

## @param bucketweb.podSecurityContext.supplementalGroups Set filesystem extra groups

1576

## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Bucket Web pods

1577

1578

podSecurityContext:

1579

enabled: true

1580

fsGroupChangePolicy: Always

1581

sysctls: []

1582

supplementalGroups: []

1583

fsGroup: 1001

1584

## K8s containers' Security Context for Thanos Bucket Web containers

1585

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

1586

## @param bucketweb.containerSecurityContext.enabled Enabled containers' Security Context

1587

## @param bucketweb.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1588

## @param bucketweb.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

1589

## @param bucketweb.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

1590

## @param bucketweb.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

1591

## @param bucketweb.containerSecurityContext.privileged Set container's Security Context privileged

1592

## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

1593

## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

1594

## @param bucketweb.containerSecurityContext.capabilities.drop List of capabilities to be dropped

1595

## @param bucketweb.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1596

1597

containerSecurityContext:

1598

enabled: true

1599

seLinuxOptions: {}

1600

runAsUser: 1001

1601

runAsGroup: 1001

1602

runAsNonRoot: true

1603

privileged: false

1604

readOnlyRootFilesystem: true

1605

allowPrivilegeEscalation: false

1606

capabilities:

1607

drop: ["ALL"]

1608

seccompProfile:

1609

type: "RuntimeDefault"

1610

## Thanos Bucket Web containers' resource requests and limits

1611

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1612

## @param bucketweb.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if bucketweb.resources is set (bucketweb.resources is recommended for production).

1613

1614

resourcesPreset: "nano"

1615

## @param bucketweb.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1616

## Example:

1617

## resources:

1618

## requests:

1619

## cpu: 2

1620

## memory: 512Mi

1621

## limits:

1622

## cpu: 3

1623

## memory: 1024Mi

1624

1625

resources: {}

1626

## Configure extra options for Thanos Bucket Web containers' liveness and readiness probes

1627

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1628

## @param bucketweb.livenessProbe.enabled Enable livenessProbe on Thanos Bucket Web containers

1629

## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1630

## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe

1631

## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1632

## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe

1633

## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe

1634

1635

livenessProbe:

1636

enabled: true

1637

initialDelaySeconds: 30

1638

timeoutSeconds: 30

1639

periodSeconds: 10

1640

successThreshold: 1

1641

failureThreshold: 6

1642

## @param bucketweb.readinessProbe.enabled Enable readinessProbe on Thanos Bucket Web containers

1643

## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1644

## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe

1645

## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1646

## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe

1647

## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe

1648

1649

readinessProbe:

1650

enabled: true

1651

initialDelaySeconds: 30

1652

timeoutSeconds: 30

1653

periodSeconds: 10

1654

successThreshold: 1

1655

failureThreshold: 6

1656

## @param bucketweb.startupProbe.enabled Enable startupProbe on Thanos Bucket Web containers

1657

## @param bucketweb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1658

## @param bucketweb.startupProbe.periodSeconds Period seconds for startupProbe

1659

## @param bucketweb.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1660

## @param bucketweb.startupProbe.failureThreshold Failure threshold for startupProbe

1661

## @param bucketweb.startupProbe.successThreshold Success threshold for startupProbe

1662

1663

startupProbe:

1664

enabled: false

1665

initialDelaySeconds: 5

1666

periodSeconds: 5

1667

timeoutSeconds: 1

1668

failureThreshold: 15

1669

successThreshold: 1

1670

## @param bucketweb.customLivenessProbe Custom livenessProbe that overrides the default one

1671

1672

customLivenessProbe: {}

1673

## @param bucketweb.customReadinessProbe Custom readinessProbe that overrides the default one

1674

1675

customReadinessProbe: {}

1676

## @param bucketweb.customStartupProbe Custom startupProbe that overrides the default one

1677

1678

customStartupProbe: {}

1679

## @param bucketweb.initContainers Add additional init containers to the Thanos Bucket Web pods

1680

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

1681

## e.g:

1682

## initContainers:

1683

## - name: your-image-name

1684

## image: your-image

1685

## imagePullPolicy: Always

1686

## command: ['sh', '-c', 'echo "hello world"']

1687

1688

initContainers: []

1689

## @param bucketweb.sidecars Extra containers running as sidecars to Thanos Bucket Web pods

1690

## e.g:

1691

## sidecars:

1692

## - name: your-image-name

1693

## image: your-image

1694

## imagePullPolicy: Always

1695

## ports:

1696

## - name: portname

1697

## containerPort: 1234

1698

1699

sidecars: []

1700

## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web

1701

1702

extraVolumes: []

1703

## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container

1704

1705

extraVolumeMounts: []

1706

## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset

1707

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1708

1709

podAffinityPreset: ""

1710

## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard`

1711

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1712

1713

podAntiAffinityPreset: soft

1714

## Thanos Bucket Web node affinity preset

1715

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1716

1717

nodeAffinityPreset:

1718

## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard`

1719

1720

type: ""

1721

## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set.

1722

## e.g:

1723

## key: "kubernetes.io/e2e-az-name"

1724

1725

key: ""

1726

## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set.

1727

## e.g:

1728

## values:

1729

## - e2e-az1

1730

## - e2e-az2

1731

1732

values: []

1733

## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment

1734

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1735

## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set

1736

1737

affinity: {}

1738

## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment

1739

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1740

1741

nodeSelector: {}

1742

## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment

1743

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1744

1745

tolerations: []

1746

## @param bucketweb.podLabels Thanos Bucket Web pod labels

1747

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1748

1749

podLabels: {}

1750

## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods

1751

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1752

1753

podAnnotations: {}

1754

## @param bucketweb.dnsConfig Deployment pod DNS config

1755

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

1756

## E.g.

1757

## dnsConfig:

1758

## options:

1759

## - name: ndots

1760

## value: "4"

1761

## - name: single-request-reopen

1762

1763

dnsConfig: {}

1764

## @param bucketweb.dnsPolicy Deployment pod DNS policy

1765

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

1766

## E.g.

1767

## dnsPolicy: ClusterFirstWithHostNet

1768

1769

dnsPolicy: ""

1770

## @param bucketweb.hostAliases Deployment pod host aliases

1771

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1772

1773

hostAliases: []

1774

## @param bucketweb.lifecycleHooks for the Thanos Bucket Web container(s) to automate configuration before or after startup

1775

1776

lifecycleHooks: {}

1777

## @param bucketweb.priorityClassName Thanos Bucket Web priorityClassName

1778

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

1779

1780

priorityClassName: ""

1781

## @param bucketweb.schedulerName Name of the k8s scheduler (other than default) for Thanos Bucket Web pods

1782

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

1783

1784

schedulerName: ""

1785

## @param bucketweb.topologySpreadConstraints Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains

1786

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

1787

1788

topologySpreadConstraints: []

1789

## Network Policies

1790

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1791

1792

networkPolicy:

1793

## @param bucketweb.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1794

1795

enabled: true

1796

## @param bucketweb.networkPolicy.allowExternal Don't require client label for connections

1797

## The Policy model to apply. When set to false, only pods with the correct

1798

## client label will have network access to the ports the application is listening

1799

## on. When true, the app will accept connections from any source

1800

## (with the correct destination port).

1801

1802

allowExternal: true

1803

## @param bucketweb.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1804

1805

allowExternalEgress: true

1806

## @param bucketweb.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1807

## e.g:

1808

## extraIngress:

1809

## - ports:

1810

## - port: 1234

1811

## from:

1812

## - podSelector:

1813

## - matchLabels:

1814

## - role: frontend

1815

## - podSelector:

1816

## - matchExpressions:

1817

## - key: role

1818

## operator: In

1819

## values:

1820

## - frontend

1821

extraIngress: []

1822

## @param bucketweb.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

1823

## e.g:

1824

## extraEgress:

1825

## - ports:

1826

## - port: 1234

1827

## to:

1828

## - podSelector:

1829

## - matchLabels:

1830

## - role: frontend

1831

## - podSelector:

1832

## - matchExpressions:

1833

## - key: role

1834

## operator: In

1835

## values:

1836

## - frontend

1837

1838

extraEgress: []

1839

## @param bucketweb.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

1840

## @param bucketweb.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

1841

1842

ingressNSMatchLabels: {}

1843

ingressNSPodMatchLabels: {}

1844

## Service parameters

1845

1846

service:

1847

## @param bucketweb.service.type Kubernetes service type

1848

1849

type: ClusterIP

1850

## @param bucketweb.service.ports.http Thanos Bucket Web service HTTP port

1851

1852

ports:

1853

http: 8080

1854

## @param bucketweb.service.nodePorts.http Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types

1855

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

1856

1857

nodePorts:

1858

http: ""

1859

## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP

1860

## e.g:

1861

## clusterIP: None

1862

1863

clusterIP: ""

1864

## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

1865

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

1866

1867

loadBalancerIP: ""

1868

## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer

1869

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

1870

1871

## loadBalancerSourceRanges:

1872

## - 10.10.10.0/24

1873

1874

loadBalancerSourceRanges: []

1875

## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy

1876

1877

externalTrafficPolicy: Cluster

1878

## @param bucketweb.service.labels Extra labels for Thanos Bucket Web service

1879

1880

labels: {}

1881

## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service

1882

1883

annotations: {}

1884

## @param bucketweb.service.extraPorts Extra ports to expose in the Thanos Bucket Web service

1885

1886

extraPorts: []

1887

## @param bucketweb.service.labelSelectorsOverride Selector for Thanos Query service

1888

1889

labelSelectorsOverride: {}

1890

## @param bucketweb.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

1891

1892

ipFamilyPolicy: ""

1893

## @param bucketweb.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

1894

1895

ipFamilies: []

1896

## @param bucketweb.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment

1897

1898

automountServiceAccountToken: true

1899

## ServiceAccount configuration

1900

## @param bucketweb.serviceAccount.create Specifies whether a ServiceAccount should be created

1901

## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

1902

## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account

1903

## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

1904

1905

serviceAccount:

1906

create: true

1907

1908

annotations: {}

1909

automountServiceAccountToken: false

1910

## Thanos Bucket Web Autoscaling configuration

1911

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

1912

## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web

1913

## @param bucketweb.autoscaling.minReplicas Minimum number of Thanos Bucket Web replicas

1914

## @param bucketweb.autoscaling.maxReplicas Maximum number of Thanos Bucket Web replicas

1915

## @param bucketweb.autoscaling.targetCPU Target CPU utilization percentage

1916

## @param bucketweb.autoscaling.targetMemory Target Memory utilization percentage

1917

## @param bucketweb.autoscaling.behavior HPA Behavior

1918

## @param bucketweb.externalAutoscaler Specifies whether the Thanos Bucket Web deployment is scaled by an external autoscaler

1919

1920

autoscaling:

1921

enabled: false

1922

minReplicas: ""

1923

maxReplicas: ""

1924

targetCPU: ""

1925

targetMemory: ""

1926

behavior: {}

1927

externalAutoscaler: false

1928

## Thanos Bucket Web Pod Disruption Budget configuration

1929

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

1930

## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web

1931

## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1932

## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

1933

1934

pdb:

1935

create: true

1936

minAvailable: ""

1937

maxUnavailable: ""

1938

## Configure the ingress resource that allows you to access Thanos Bucketweb

1939

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

1940

1941

ingress:

1942

## @param bucketweb.ingress.enabled Enable ingress controller resource

1943

1944

enabled: false

1945

## @param bucketweb.ingress.hostname Default host for the ingress resource

1946

1947

hostname: thanos-bucketweb.local

1948

## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

1949

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

1950

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

1951

1952

ingressClassName: ""

1953

## @param bucketweb.ingress.labels Additional label for the Ingress resource.

1954

## Use this parameter to set the required labels for your needs

1955

## e.g:

1956

## labels:

1957

## dns-managed-by-external-dns: 'true'

1958

1959

labels: {}

1960

## @param bucketweb.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

1961

## For a full list of possible ingress annotations, please see

1962

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

1963

## Use this parameter to set the required annotations for cert-manager, see

1964

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

1965

1966

## e.g:

1967

## annotations:

1968

## kubernetes.io/ingress.class: nginx

1969

## cert-manager.io/cluster-issuer: cluster-issuer-name

1970

1971

annotations: {}

1972

## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

1973

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

1974

## extraHosts:

1975

## - name: thanos-bucketweb.local

1976

## path: /

1977

## pathType: ImplementationSpecific

1978

1979

extraHosts: []

1980

## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

1981

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

1982

## extraTls:

1983

## - hosts:

1984

## - thanos-bucketweb.local

1985

## secretName: thanos-bucketweb.local-tls

1986

1987

extraTls: []

1988

## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

1989

## key and certificate should start with -----BEGIN CERTIFICATE----- or

1990

## -----BEGIN RSA PRIVATE KEY-----

1991

1992

## name should line up with a tlsSecret set further up

1993

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

1994

1995

## It is also possible to create and manage the certificates outside of this helm chart

1996

## Please see README.md for more information

1997

## e.g:

1998

## - name: thanos-bucketweb.local-tls

1999

## key:

2000

## certificate:

2001

2002

secrets: []

2003

## @param bucketweb.ingress.extraRules Additional rules to be covered with this ingress record

2004

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

2005

## e.g:

2006

## extraRules:

2007

## - host: example.local

2008

## http:

2009

## path: /

2010

## backend:

2011

## service:

2012

## name: example-svc

2013

## port:

2014

## name: http

2015

2016

extraRules: []

2017

## @param bucketweb.ingress.tls Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter

2018

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.bucketweb.ingress.hostname }}`

2019

## You can:

2020

## - Use the `bucketweb.ingress.secrets` parameter to create this TLS secret

2021

## - Rely on cert-manager to create it by setting the corresponding annotations

2022

## - Rely on Helm to create self-signed certificates by setting `bucketweb.ingress.selfSigned=true`

2023

2024

tls: false

2025

## @param bucketweb.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

2026

2027

selfSigned: false

2028

## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set)

2029

2030

apiVersion: ""

2031

## @param bucketweb.ingress.path Ingress path

2032

2033

path: /

2034

## @param bucketweb.ingress.pathType Ingress path type

2035

2036

pathType: ImplementationSpecific

2037

## @section Thanos Compactor parameters

2038

compactor:

2039

## @param compactor.enabled Enable/disable Thanos Compactor component

2040

2041

enabled: false

2042

## @param compactor.logLevel Thanos Compactor log level

2043

2044

logLevel: info

2045

## @param compactor.logFormat Thanos Compactor log format

2046

2047

logFormat: logfmt

2048

## @param compactor.dataDir Thanos Compactor data directory

2049

2050

dataDir: /data

2051

## Resolution and Retention flags

2052

## @param compactor.retentionResolutionRaw Resolution and Retention flag

2053

## @param compactor.retentionResolution5m Resolution and Retention flag

2054

## @param compactor.retentionResolution1h Resolution and Retention flag

2055

2056

retentionResolutionRaw: 30d

2057

retentionResolution5m: 30d

2058

retentionResolution1h: 10y

2059

## @param compactor.concurrency Number of goroutines to use when compacting groups.

2060

concurrency: 1

2061

## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed

2062

2063

consistencyDelay: 30m

2064

## @param compactor.extraEnvVars Extra environment variables for Thanos Compactor container

2065

## e.g:

2066

## extraEnvVars:

2067

## - name: FOO

2068

## value: "bar"

2069

2070

extraEnvVars: []

2071

## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes

2072

2073

extraEnvVarsCM: ""

2074

## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Compactor nodes

2075

2076

extraEnvVarsSecret: ""

2077

## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor

2078

2079

extraFlags: []

2080

## @param compactor.command Override default container command (useful when using custom images)

2081

2082

command: []

2083

## @param compactor.args Override default container args (useful when using custom images)

2084

2085

args: []

2086

## @param compactor.revisionHistoryLimit The number of old history to retain to allow rollback

2087

2088

revisionHistoryLimit: 10

2089

## K8s CronJob configuration

2090

## ref: https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/

2091

## @param compactor.cronJob.enabled Run compactor as a CronJob rather than a Deployment

2092

## @param compactor.cronJob.schedule The schedule in Cron format, see <https://en.wikipedia.org/wiki/Cron>

2093

## @param compactor.cronJob.timeZone The time zone name for the given schedule, see <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>

2094

## @param compactor.cronJob.concurrencyPolicy Specifies how to treat concurrent executions of a Job

2095

## @param compactor.cronJob.startingDeadlineSeconds Optional deadline in seconds for starting the job if it misses scheduled time for any reason

2096

## @param compactor.cronJob.suspend This flag tells the controller to suspend subsequent executions

2097

## @param compactor.cronJob.successfulJobsHistoryLimit The number of successful finished jobs to retain

2098

## @param compactor.cronJob.failedJobsHistoryLimit The number of failed finished jobs to retain

2099

## @param compactor.cronJob.backoffLimit The number of retries before marking this job failed

2100

## @param compactor.cronJob.ttlSecondsAfterFinished The maximum retention before removing the job

2101

2102

cronJob:

2103

enabled: false

2104

schedule: "0 */6 * * *"

2105

timeZone: ""

2106

startingDeadlineSeconds: ""

2107

concurrencyPolicy: Forbid

2108

suspend: ""

2109

successfulJobsHistoryLimit: ""

2110

failedJobsHistoryLimit: ""

2111

backoffLimit: ""

2112

ttlSecondsAfterFinished: ""

2113

## @param compactor.restartPolicy Compactor container restart policy.

2114

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

2115

2116

restartPolicy: ""

2117

## @param compactor.updateStrategy.type Update strategy type for Thanos Compactor replicas

2118

2119

updateStrategy:

2120

type: Recreate

2121

## @param compactor.containerPorts.http HTTP container port

2122

2123

containerPorts:

2124

http: 10902

2125

## K8s Pod Security Context for Thanos Compactor pods

2126

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

2127

## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods

2128

## @param compactor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

2129

## @param compactor.podSecurityContext.sysctls Set kernel settings using the sysctl interface

2130

## @param compactor.podSecurityContext.supplementalGroups Set filesystem extra groups

2131

## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Compactor pods

2132

2133

podSecurityContext:

2134

enabled: true

2135

fsGroupChangePolicy: Always

2136

sysctls: []

2137

supplementalGroups: []

2138

fsGroup: 1001

2139

## K8s containers' Security Context for Thanos Compactor containers

2140

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

2141

## @param compactor.containerSecurityContext.enabled Enabled containers' Security Context

2142

## @param compactor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

2143

## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

2144

## @param compactor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

2145

## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

2146

## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged

2147

## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

2148

## @param compactor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

2149

## @param compactor.containerSecurityContext.capabilities.drop List of capabilities to be dropped

2150

## @param compactor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

2151

2152

containerSecurityContext:

2153

enabled: true

2154

seLinuxOptions: {}

2155

runAsUser: 1001

2156

runAsGroup: 1001

2157

runAsNonRoot: true

2158

privileged: false

2159

readOnlyRootFilesystem: true

2160

allowPrivilegeEscalation: false

2161

capabilities:

2162

drop: ["ALL"]

2163

seccompProfile:

2164

type: "RuntimeDefault"

2165

## Thanos Compactor containers' resource requests and limits

2166

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2167

## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production).

2168

2169

resourcesPreset: "nano"

2170

## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

2171

## Example:

2172

## resources:

2173

## requests:

2174

## cpu: 2

2175

## memory: 512Mi

2176

## limits:

2177

## cpu: 3

2178

## memory: 1024Mi

2179

2180

resources: {}

2181

## Configure extra options for Thanos Compactor containers' liveness and readiness probes

2182

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

2183

## @param compactor.livenessProbe.enabled Enable livenessProbe on Thanos Compactor containers

2184

## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

2185

## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe

2186

## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

2187

## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe

2188

## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe

2189

2190

livenessProbe:

2191

enabled: true

2192

initialDelaySeconds: 30

2193

timeoutSeconds: 30

2194

periodSeconds: 10

2195

successThreshold: 1

2196

failureThreshold: 6

2197

## @param compactor.readinessProbe.enabled Enable readinessProbe on Thanos Compactor containers

2198

## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

2199

## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe

2200

## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

2201

## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe

2202

## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe

2203

2204

readinessProbe:

2205

enabled: true

2206

initialDelaySeconds: 30

2207

timeoutSeconds: 30

2208

periodSeconds: 10

2209

successThreshold: 1

2210

failureThreshold: 6

2211

## @param compactor.startupProbe.enabled Enable startupProbe on Thanos Compactor containers

2212

## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

2213

## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe

2214

## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe

2215

## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe

2216

## @param compactor.startupProbe.successThreshold Success threshold for startupProbe

2217

2218

startupProbe:

2219

enabled: false

2220

initialDelaySeconds: 5

2221

periodSeconds: 5

2222

timeoutSeconds: 1

2223

failureThreshold: 15

2224

successThreshold: 1

2225

## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one

2226

2227

customLivenessProbe: {}

2228

## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one

2229

2230

customReadinessProbe: {}

2231

## @param compactor.customStartupProbe Custom startupProbe that overrides the default one

2232

2233

customStartupProbe: {}

2234

## @param compactor.initContainers Add additional init containers to the Thanos Compactor pods

2235

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

2236

## e.g:

2237

## initContainers:

2238

## - name: your-image-name

2239

## image: your-image

2240

## imagePullPolicy: Always

2241

## command: ['sh', '-c', 'echo "hello world"']

2242

2243

initContainers: []

2244

## @param compactor.sidecars Extra containers running as sidecars to Thanos Compactor pods

2245

## e.g:

2246

## sidecars:

2247

## - name: your-image-name

2248

## image: your-image

2249

## imagePullPolicy: Always

2250

## ports:

2251

## - name: portname

2252

## containerPort: 1234

2253

2254

sidecars: []

2255

## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor

2256

2257

extraVolumes: []

2258

## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container

2259

2260

extraVolumeMounts: []

2261

## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset

2262

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2263

2264

podAffinityPreset: ""

2265

## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`

2266

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2267

2268

podAntiAffinityPreset: soft

2269

## Thanos Compactor node affinity preset

2270

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

2271

2272

nodeAffinityPreset:

2273

## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`

2274

2275

type: ""

2276

## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set.

2277

## e.g:

2278

## key: "kubernetes.io/e2e-az-name"

2279

2280

key: ""

2281

## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set.

2282

## e.g:

2283

## values:

2284

## - e2e-az1

2285

## - e2e-az2

2286

2287

values: []

2288

## @param compactor.affinity Thanos Compactor affinity for pod assignment

2289

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

2290

## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set

2291

2292

affinity: {}

2293

## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment

2294

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

2295

2296

nodeSelector: {}

2297

## @param compactor.tolerations Thanos Compactor tolerations for pod assignment

2298

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

2299

2300

tolerations: []

2301

## @param compactor.podLabels Thanos Compactor pod labels

2302

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

2303

2304

podLabels: {}

2305

## @param compactor.podAnnotations Annotations for Thanos Compactor pods

2306

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

2307

2308

podAnnotations: {}

2309

## @param compactor.deploymentAnnotations Thanos Compactor deployment annotations

2310

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

2311

2312

deploymentAnnotations: {}

2313

## @param compactor.dnsConfig Deployment pod DNS config

2314

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

2315

## E.g.

2316

## dnsConfig:

2317

## options:

2318

## - name: ndots

2319

## value: "4"

2320

## - name: single-request-reopen

2321

2322

dnsConfig: {}

2323

## @param compactor.dnsPolicy Deployment pod DNS policy

2324

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

2325

## E.g.

2326

## dnsPolicy: ClusterFirstWithHostNet

2327

2328

dnsPolicy: ""

2329

## @param compactor.hostAliases Deployment pod host aliases

2330

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

2331

2332

hostAliases: []

2333

## @param compactor.lifecycleHooks for the Thanos Compactor container(s) to automate configuration before or after startup

2334

2335

lifecycleHooks: {}

2336

## @param compactor.priorityClassName Thanos Compactor priorityClassName

2337

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

2338

2339

priorityClassName: ""

2340

## @param compactor.schedulerName Name of the k8s scheduler (other than default) for Thanos Compactor pods

2341

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

2342

2343

schedulerName: ""

2344

## @param compactor.topologySpreadConstraints Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains

2345

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

2346

2347

topologySpreadConstraints: []

2348

## Network Policies

2349

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

2350

2351

networkPolicy:

2352

## @param compactor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

2353

2354

enabled: true

2355

## @param compactor.networkPolicy.allowExternal Don't require client label for connections

2356

## The Policy model to apply. When set to false, only pods with the correct

2357

## client label will have network access to the ports the application is listening

2358

## on. When true, the app will accept connections from any source

2359

## (with the correct destination port).

2360

2361

allowExternal: true

2362

## @param compactor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

2363

2364

allowExternalEgress: true

2365

## @param compactor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

2366

## e.g:

2367

## extraIngress:

2368

## - ports:

2369

## - port: 1234

2370

## from:

2371

## - podSelector:

2372

## - matchLabels:

2373

## - role: frontend

2374

## - podSelector:

2375

## - matchExpressions:

2376

## - key: role

2377

## operator: In

2378

## values:

2379

## - frontend

2380

extraIngress: []

2381

## @param compactor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

2382

## e.g:

2383

## extraEgress:

2384

## - ports:

2385

## - port: 1234

2386

## to:

2387

## - podSelector:

2388

## - matchLabels:

2389

## - role: frontend

2390

## - podSelector:

2391

## - matchExpressions:

2392

## - key: role

2393

## operator: In

2394

## values:

2395

## - frontend

2396

2397

extraEgress: []

2398

## @param compactor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

2399

## @param compactor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

2400

2401

ingressNSMatchLabels: {}

2402

ingressNSPodMatchLabels: {}

2403

## Service parameters

2404

2405

service:

2406

## @param compactor.service.type Kubernetes service type

2407

2408

type: ClusterIP

2409

## @param compactor.service.ports.http Thanos Compactor service HTTP port

2410

2411

ports:

2412

http: 9090

2413

## @param compactor.service.nodePorts.http Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types

2414

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

2415

2416

nodePorts:

2417

http: ""

2418

## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP

2419

## e.g:

2420

## clusterIP: None

2421

2422

clusterIP: ""

2423

## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

2424

## Set the LoadBalancer service type to internal only

2425

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

2426

2427

loadBalancerIP: ""

2428

## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer

2429

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

2430

## e.g:

2431

## loadBalancerSourceRanges:

2432

## - 10.10.10.0/24

2433

2434

loadBalancerSourceRanges: []

2435

## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy

2436

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

2437

2438

externalTrafficPolicy: Cluster

2439

## @param compactor.service.labels Labels for Thanos Compactor service

2440

2441

labels: {}

2442

## @param compactor.service.annotations Annotations for Thanos Compactor service

2443

2444

annotations: {}

2445

## @param compactor.service.extraPorts Extra ports to expose in the Thanos Compactor service

2446

2447

extraPorts: []

2448

## @param compactor.service.labelSelectorsOverride Selector for Thanos Query service

2449

2450

labelSelectorsOverride: {}

2451

## @param compactor.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

2452

2453

ipFamilyPolicy: ""

2454

## @param compactor.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

2455

2456

ipFamilies: []

2457

## @param compactor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment

2458

2459

automountServiceAccountToken: true

2460

## ServiceAccount configuration

2461

## @param compactor.serviceAccount.create Specifies whether a ServiceAccount should be created

2462

## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

2463

## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account

2464

## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

2465

2466

serviceAccount:

2467

create: true

2468

2469

annotations: {}

2470

automountServiceAccountToken: false

2471

## Configure the ingress resource that allows you to access Thanos Query Frontend

2472

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

2473

2474

ingress:

2475

## @param compactor.ingress.enabled Enable ingress controller resource

2476

2477

enabled: false

2478

## @param compactor.ingress.hostname Default host for the ingress resource

2479

2480

hostname: thanos-compactor.local

2481

## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

2482

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

2483

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

2484

2485

ingressClassName: ""

2486

## @param compactor.ingress.labels Additional label for the Ingress resource.

2487

## Use this parameter to set the required labels for your needs

2488

## e.g:

2489

## labels:

2490

## dns-managed-by-external-dns: 'true'

2491

2492

labels: {}

2493

## @param compactor.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

2494

## For a full list of possible ingress annotations, please see

2495

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

2496

## Use this parameter to set the required annotations for cert-manager, see

2497

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

2498

2499

## e.g:

2500

## annotations:

2501

## kubernetes.io/ingress.class: nginx

2502

## cert-manager.io/cluster-issuer: cluster-issuer-name

2503

2504

annotations: {}

2505

## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

2506

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

2507

## extraHosts:

2508

## - name: thanos.local

2509

## path: /

2510

## pathType: ImplementationSpecific

2511

2512

extraHosts: []

2513

## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

2514

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

2515

## extraTls:

2516

## - hosts:

2517

## - thanos.local

2518

## secretName: thanos.local-tls

2519

2520

extraTls: []

2521

## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

2522

## key and certificate should start with -----BEGIN CERTIFICATE----- or

2523

## -----BEGIN RSA PRIVATE KEY-----

2524

2525

## name should line up with a tlsSecret set further up

2526

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

2527

2528

## It is also possible to create and manage the certificates outside of this helm chart

2529

## Please see README.md for more information

2530

## e.g:

2531

## - name: thanos.local-tls

2532

## key:

2533

## certificate:

2534

2535

secrets: []

2536

## @param compactor.ingress.extraRules Additional rules to be covered with this ingress record

2537

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

2538

## e.g:

2539

## extraRules:

2540

## - host: example.local

2541

## http:

2542

## path: /

2543

## backend:

2544

## service:

2545

## name: example-svc

2546

## port:

2547

## name: http

2548

2549

extraRules: []

2550

## @param compactor.ingress.tls Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter

2551

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.compactor.ingress.hostname }}`

2552

## You can:

2553

## - Use the `compactor.ingress.secrets` parameter to create this TLS secret

2554

## - Rely on cert-manager to create it by setting the corresponding annotations

2555

## - Rely on Helm to create self-signed certificates by setting `compactor.ingress.selfSigned=true`

2556

2557

tls: false

2558

## @param compactor.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

2559

2560

selfSigned: false

2561

## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set)

2562

2563

apiVersion: ""

2564

## @param compactor.ingress.path Ingress path

2565

2566

path: /

2567

## @param compactor.ingress.pathType Ingress path type

2568

2569

pathType: ImplementationSpecific

2570

## Persistence parameters

2571

2572

persistence:

2573

## @param compactor.persistence.enabled Enable data persistence using PVC(s) on Thanos Compactor pods

2574

2575

enabled: true

2576

## @param compactor.persistence.ephemeral Use ephemeral volume for data persistence using PVC(s) on Thanos Compactor pods

2577

2578

ephemeral: false

2579

## @param compactor.persistence.defaultEmptyDir Defaults to emptyDir if persistence is disabled.

2580

2581

defaultEmptyDir: true

2582

## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume

2583

## If defined, storageClassName: <storageClass>

2584

## If set to "-", storageClassName: "", which disables dynamic provisioning

2585

## If undefined (the default) or set to null, no storageClassName spec is

2586

## set, choosing the default provisioner.

2587

2588

storageClass: ""

2589

## @param compactor.persistence.accessModes PVC Access Modes for data volume

2590

2591

accessModes:

2592

- ReadWriteOnce

2593

## @param compactor.persistence.size PVC Storage Request for data volume

2594

2595

size: 8Gi

2596

## @param compactor.persistence.labels Labels for the PVC

2597

2598

labels: {}

2599

## @param compactor.persistence.annotations Annotations for the PVC

2600

2601

annotations: {}

2602

## @param compactor.persistence.existingClaim Name of an existing PVC to use

2603

## If defined, PVC must be created manually before volume will be bound

2604

2605

existingClaim: ""

2606

## @section Thanos Store Gateway parameters

2607

storegateway:

2608

## @param storegateway.enabled Enable/disable Thanos Store Gateway component

2609

2610

enabled: false

2611

## @param storegateway.logLevel Thanos Store Gateway log level

2612

2613

logLevel: info

2614

## @param storegateway.logFormat Thanos Store Gateway log format

2615

2616

logFormat: logfmt

2617

## @param storegateway.useEndpointGroup Specify whether to use `endpoint-group` when querying the Store API of HA Store Gateway replicas

2618

## NOTE: This will take effect in the querier configuration

2619

2620

useEndpointGroup: false

2621

## @param storegateway.config Thanos Store Gateway configuration

2622

## Specify content for config.yml

2623

2624

config: ""

2625

## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway configuration

2626

## NOTE: This will override storegateway.config

2627

2628

existingConfigmap: ""

2629

## Thanos Store Gateway GRPC parameters

2630

## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/store.md#flags

2631

2632

grpc:

2633

## GRPC server side

2634

2635

server:

2636

## TLS configuration

2637

## @param storegateway.grpc.server.tls.enabled Enable TLS encryption in the GRPC server

2638

## @param storegateway.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates

2639

## @param storegateway.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided

2640

## @param storegateway.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided

2641

## @param storegateway.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided

2642

## @param storegateway.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA

2643

## @param storegateway.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates

2644

## e.g:

2645

## existingSecret:

2646

## name: foo

2647

## keyMapping:

2648

## ca-cert: ca.pem

2649

## tls-cert: cert.pem

2650

## tls-key: key.pem

2651

2652

tls:

2653

enabled: false

2654

autoGenerated: false

2655

cert: ""

2656

key: ""

2657

ca: ""

2658

clientAuthEnabled: true

2659

existingSecret: {}

2660

## @param storegateway.extraEnvVars Extra environment variables for Thanos Store Gateway container

2661

## e.g:

2662

## extraEnvVars:

2663

## - name: FOO

2664

## value: "bar"

2665

2666

extraEnvVars: []

2667

## @param storegateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes

2668

2669

extraEnvVarsCM: ""

2670

## @param storegateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Store Gateway nodes

2671

2672

extraEnvVarsSecret: ""

2673

## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway

2674

2675

extraFlags: []

2676

## @param storegateway.command Override default container command (useful when using custom images)

2677

2678

command: []

2679

## @param storegateway.args Override default container args (useful when using custom images)

2680

2681

args: []

2682

## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy

2683

2684

replicaCount: 1

2685

## @param storegateway.revisionHistoryLimit The number of old history to retain to allow rollback

2686

2687

revisionHistoryLimit: 10

2688

## @param storegateway.updateStrategy.type Update strategy type for Thanos Store Gateway replicas

2689

2690

updateStrategy:

2691

type: RollingUpdate

2692

## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel

2693

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

2694

2695

podManagementPolicy: OrderedReady

2696

## @param storegateway.containerPorts.http HTTP container port

2697

## @param storegateway.containerPorts.grpc GRPC container port

2698

2699

containerPorts:

2700

http: 10902

2701

grpc: 10901

2702

## K8s Pod Security Context for Thanos Store Gateway pods

2703

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

2704

## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods

2705

## @param storegateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

2706

## @param storegateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface

2707

## @param storegateway.podSecurityContext.supplementalGroups Set filesystem extra groups

2708

## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Store Gateway pods

2709

2710

podSecurityContext:

2711

enabled: true

2712

fsGroupChangePolicy: Always

2713

sysctls: []

2714

supplementalGroups: []

2715

fsGroup: 1001

2716

## K8s containers' Security Context for Thanos Store Gateway containers

2717

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

2718

## @param storegateway.containerSecurityContext.enabled Enabled containers' Security Context

2719

## @param storegateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

2720

## @param storegateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

2721

## @param storegateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

2722

## @param storegateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

2723

## @param storegateway.containerSecurityContext.privileged Set container's Security Context privileged

2724

## @param storegateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

2725

## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

2726

## @param storegateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped

2727

## @param storegateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

2728

2729

containerSecurityContext:

2730

enabled: true

2731

seLinuxOptions: {}

2732

runAsUser: 1001

2733

runAsGroup: 1001

2734

runAsNonRoot: true

2735

privileged: false

2736

readOnlyRootFilesystem: true

2737

allowPrivilegeEscalation: false

2738

capabilities:

2739

drop: ["ALL"]

2740

seccompProfile:

2741

type: "RuntimeDefault"

2742

## Thanos Store Gateway containers' resource requests and limits

2743

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2744

## @param storegateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if storegateway.resources is set (storegateway.resources is recommended for production).

2745

2746

resourcesPreset: "nano"

2747

## @param storegateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

2748

## Example:

2749

## resources:

2750

## requests:

2751

## cpu: 2

2752

## memory: 512Mi

2753

## limits:

2754

## cpu: 3

2755

## memory: 1024Mi

2756

2757

resources: {}

2758

## Configure extra options for Thanos Store Gateway containers' liveness and readiness probes

2759

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

2760

## @param storegateway.livenessProbe.enabled Enable livenessProbe on Thanos Store Gateway containers

2761

## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

2762

## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe

2763

## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

2764

## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe

2765

## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe

2766

2767

livenessProbe:

2768

enabled: true

2769

initialDelaySeconds: 30

2770

timeoutSeconds: 30

2771

periodSeconds: 10

2772

successThreshold: 1

2773

failureThreshold: 6

2774

## @param storegateway.readinessProbe.enabled Enable readinessProbe on Thanos Store Gateway containers

2775

## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

2776

## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe

2777

## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

2778

## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe

2779

## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe

2780

2781

readinessProbe:

2782

enabled: true

2783

initialDelaySeconds: 30

2784

timeoutSeconds: 30

2785

periodSeconds: 10

2786

successThreshold: 1

2787

failureThreshold: 6

2788

## @param storegateway.startupProbe.enabled Enable startupProbe on Thanos Store Gateway containers

2789

## @param storegateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

2790

## @param storegateway.startupProbe.periodSeconds Period seconds for startupProbe

2791

## @param storegateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe

2792

## @param storegateway.startupProbe.failureThreshold Failure threshold for startupProbe

2793

## @param storegateway.startupProbe.successThreshold Success threshold for startupProbe

2794

2795

startupProbe:

2796

enabled: false

2797

initialDelaySeconds: 5

2798

periodSeconds: 5

2799

timeoutSeconds: 1

2800

failureThreshold: 15

2801

successThreshold: 1

2802

## @param storegateway.customLivenessProbe Custom livenessProbe that overrides the default one

2803

2804

customLivenessProbe: {}

2805

## @param storegateway.customReadinessProbe Custom readinessProbe that overrides the default one

2806

2807

customReadinessProbe: {}

2808

## @param storegateway.customStartupProbe Custom startupProbe that overrides the default one

2809

2810

customStartupProbe: {}

2811

## @param storegateway.initContainers Add additional init containers to the Thanos Store Gateway pods

2812

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

2813

## e.g:

2814

## initContainers:

2815

## - name: your-image-name

2816

## image: your-image

2817

## imagePullPolicy: Always

2818

## command: ['sh', '-c', 'echo "hello world"']

2819

2820

initContainers: []

2821

## @param storegateway.sidecars Extra containers running as sidecars to Thanos Store Gateway pods

2822

## e.g:

2823

## sidecars:

2824

## - name: your-image-name

2825

## image: your-image

2826

## imagePullPolicy: Always

2827

## ports:

2828

## - name: portname

2829

## containerPort: 1234

2830

2831

sidecars: []

2832

## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway

2833

2834

extraVolumes: []

2835

## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container

2836

2837

extraVolumeMounts: []

2838

## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset

2839

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2840

2841

podAffinityPreset: ""

2842

## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard`

2843

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2844

2845

podAntiAffinityPreset: soft

2846

## Thanos Store Gateway node affinity preset

2847

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

2848

2849

nodeAffinityPreset:

2850

## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard`

2851

2852

type: ""

2853

## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set.

2854

## e.g:

2855

## key: "kubernetes.io/e2e-az-name"

2856

2857

key: ""

2858

## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set.

2859

## e.g:

2860

## values:

2861

## - e2e-az1

2862

## - e2e-az2

2863

2864

values: []

2865

## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment

2866

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

2867

## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set

2868

2869

affinity: {}

2870

## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment

2871

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

2872

2873

nodeSelector: {}

2874

## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment

2875

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

2876

2877

tolerations: []

2878

## @param storegateway.podLabels Thanos Store Gateway pod labels

2879

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

2880

2881

podLabels: {}

2882

## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods

2883

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

2884

2885

podAnnotations: {}

2886

## @param storegateway.statefulsetLabels Thanos Store Gateway statefulset labels

2887

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

2888

2889

statefulsetLabels: {}

2890

## @param storegateway.statefulsetAnnotations Thanos Store Gateway statefulset annotations

2891

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

2892

2893

statefulsetAnnotations: {}

2894

## @param storegateway.dnsConfig Deployment pod DNS config

2895

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

2896

## E.g.

2897

## dnsConfig:

2898

## options:

2899

## - name: ndots

2900

## value: "4"

2901

## - name: single-request-reopen

2902

2903

dnsConfig: {}

2904

## @param storegateway.dnsPolicy Deployment pod DNS policy

2905

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

2906

## E.g.

2907

## dnsPolicy: ClusterFirstWithHostNet

2908

2909

dnsPolicy: ""

2910

## @param storegateway.hostAliases Deployment pod host aliases

2911

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

2912

2913

hostAliases: []

2914

## @param storegateway.lifecycleHooks for the Thanos Store Gateway container(s) to automate configuration before or after startup

2915

2916

lifecycleHooks: {}

2917

## @param storegateway.priorityClassName Thanos Store Gateway priorityClassName

2918

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

2919

2920

priorityClassName: ""

2921

## @param storegateway.topologySpreadConstraints Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains

2922

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

2923

2924

topologySpreadConstraints: []

2925

## @param storegateway.schedulerName Name of the k8s scheduler (other than default) for Thanos Store Gateway pods

2926

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

2927

2928

schedulerName: ""

2929

## Network Policies

2930

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

2931

2932

networkPolicy:

2933

## @param storegateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

2934

2935

enabled: true

2936

## @param storegateway.networkPolicy.allowExternal Don't require client label for connections

2937

## The Policy model to apply. When set to false, only pods with the correct

2938

## client label will have network access to the ports the application is listening

2939

## on. When true, the app will accept connections from any source

2940

## (with the correct destination port).

2941

2942

allowExternal: true

2943

## @param storegateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

2944

2945

allowExternalEgress: true

2946

## @param storegateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

2947

## e.g:

2948

## extraIngress:

2949

## - ports:

2950

## - port: 1234

2951

## from:

2952

## - podSelector:

2953

## - matchLabels:

2954

## - role: frontend

2955

## - podSelector:

2956

## - matchExpressions:

2957

## - key: role

2958

## operator: In

2959

## values:

2960

## - frontend

2961

extraIngress: []

2962

## @param storegateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

2963

## e.g:

2964

## extraEgress:

2965

## - ports:

2966

## - port: 1234

2967

## to:

2968

## - podSelector:

2969

## - matchLabels:

2970

## - role: frontend

2971

## - podSelector:

2972

## - matchExpressions:

2973

## - key: role

2974

## operator: In

2975

## values:

2976

## - frontend

2977

2978

extraEgress: []

2979

## @param storegateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

2980

## @param storegateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

2981

2982

ingressNSMatchLabels: {}

2983

ingressNSPodMatchLabels: {}

2984

## Service parameters

2985

2986

service:

2987

## @param storegateway.service.type Kubernetes service type

2988

2989

type: ClusterIP

2990

## @param storegateway.service.ports.http Thanos Store Gateway service HTTP port

2991

## @param storegateway.service.ports.grpc Thanos Store Gateway service GRPC port

2992

2993

ports:

2994

http: 9090

2995

grpc: 10901

2996

## @param storegateway.service.nodePorts.http Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types

2997

## @param storegateway.service.nodePorts.grpc Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types

2998

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

2999

3000

nodePorts:

3001

http: ""

3002

grpc: ""

3003

## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP

3004

## e.g:

3005

## clusterIP: None

3006

3007

clusterIP: ""

3008

## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

3009

## Set the LoadBalancer service type to internal only

3010

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

3011

3012

loadBalancerIP: ""

3013

## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer

3014

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

3015

## e.g:

3016

## loadBalancerSourceRanges:

3017

## - 10.10.10.0/24

3018

3019

loadBalancerSourceRanges: []

3020

## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy

3021

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

3022

3023

externalTrafficPolicy: Cluster

3024

## @param storegateway.service.labels Extra labels for Thanos Store Gateway service

3025

3026

labels: {}

3027

## @param storegateway.service.annotations Annotations for Thanos Store Gateway service

3028

3029

annotations: {}

3030

## @param storegateway.service.extraPorts Extra ports to expose in the Thanos Store Gateway service

3031

3032

extraPorts: []

3033

## @param storegateway.service.labelSelectorsOverride Selector for Thanos Query service

3034

3035

labelSelectorsOverride: {}

3036

## @param storegateway.service.additionalHeadless Additional Headless service

3037

3038

additionalHeadless: false

3039

## Headless service properties

3040

3041

headless:

3042

## @param storegateway.service.headless.annotations Annotations for the headless service.

3043

3044

annotations: {}

3045

## @param storegateway.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

3046

3047

ipFamilyPolicy: ""

3048

## @param storegateway.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

3049

3050

ipFamilies: []

3051

## Persistence parameters

3052

3053

persistence:

3054

## @param storegateway.persistence.enabled Enable data persistence using PVC(s) on Thanos Store Gateway pods

3055

3056

enabled: true

3057

## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume

3058

## If defined, storageClassName: <storageClass>

3059

## If set to "-", storageClassName: "", which disables dynamic provisioning

3060

## If undefined (the default) or set to null, no storageClassName spec is

3061

## set, choosing the default provisioner.

3062

3063

storageClass: ""

3064

## @param storegateway.persistence.accessModes PVC Access Modes for data volume

3065

3066

accessModes:

3067

- ReadWriteOnce

3068

## @param storegateway.persistence.size PVC Storage Request for data volume

3069

3070

size: 8Gi

3071

## @param storegateway.persistence.labels Labels for the PVC

3072

3073

labels: {}

3074

## @param storegateway.persistence.annotations Annotations for the PVC

3075

3076

annotations: {}

3077

## @param storegateway.persistence.existingClaim Name of an existing PVC to use

3078

## If defined, PVC must be created manually before volume will be bound

3079

3080

existingClaim: ""

3081

## Persistent Volume Claim Retention Policy

3082

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention

3083

3084

persistentVolumeClaimRetentionPolicy:

3085

## @param storegateway.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Store Gateway Statefulset

3086

3087

enabled: false

3088

## @param storegateway.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced

3089

3090

whenScaled: Retain

3091

## @param storegateway.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted

3092

3093

whenDeleted: Retain

3094

## @param storegateway.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts

3095

3096

automountServiceAccountToken: true

3097

## ServiceAccount configuration

3098

## @param storegateway.serviceAccount.create Specifies whether a ServiceAccount should be created

3099

## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

3100

## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account

3101

## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

3102

3103

serviceAccount:

3104

create: true

3105

3106

annotations: {}

3107

automountServiceAccountToken: false

3108

## Thanos Store Gateway Autoscaling configuration

3109

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

3110

## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway

3111

## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas

3112

## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas

3113

## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage

3114

## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage

3115

## @param storegateway.autoscaling.behavior HPA Behavior

3116

## @param storegateway.externalAutoscaler Specifies whether the Thanos Store Gateway statefulset is scaled by an external autoscaler

3117

3118

autoscaling:

3119

enabled: false

3120

minReplicas: ""

3121

maxReplicas: ""

3122

targetCPU: ""

3123

targetMemory: ""

3124

behavior: {}

3125

externalAutoscaler: false

3126

## Thanos Store Gateway Pod Disruption Budget configuration

3127

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

3128

## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway

3129

## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

3130

## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

3131

3132

pdb:

3133

create: true

3134

minAvailable: ""

3135

maxUnavailable: ""

3136

## Configure the ingress resource that allows you to access Thanos Query Frontend

3137

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

3138

3139

ingress:

3140

## @param storegateway.ingress.enabled Enable ingress controller resource

3141

3142

enabled: false

3143

## @param storegateway.ingress.hostname Default host for the ingress resource

3144

3145

hostname: thanos-storegateway.local

3146

## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

3147

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

3148

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

3149

3150

ingressClassName: ""

3151

## @param storegateway.ingress.labels Additional label for the Ingress resource.

3152

## Use this parameter to set the required labels for your needs

3153

## e.g:

3154

## labels:

3155

## dns-managed-by-external-dns: 'true'

3156

3157

labels: {}

3158

## @param storegateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

3159

## For a full list of possible ingress annotations, please see

3160

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

3161

## Use this parameter to set the required annotations for cert-manager, see

3162

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

3163

3164

## e.g:

3165

## annotations:

3166

## kubernetes.io/ingress.class: nginx

3167

## cert-manager.io/cluster-issuer: cluster-issuer-name

3168

3169

annotations: {}

3170

## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

3171

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

3172

## extraHosts:

3173

## - name: thanos.local

3174

## path: /

3175

## pathType: ImplementationSpecific

3176

3177

extraHosts: []

3178

## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

3179

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

3180

## extraTls:

3181

## - hosts:

3182

## - thanos.local

3183

## secretName: thanos.local-tls

3184

3185

extraTls: []

3186

## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

3187

## key and certificate should start with -----BEGIN CERTIFICATE----- or

3188

## -----BEGIN RSA PRIVATE KEY-----

3189

3190

## name should line up with a tlsSecret set further up

3191

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

3192

3193

## It is also possible to create and manage the certificates outside of this helm chart

3194

## Please see README.md for more information

3195

## e.g:

3196

## - name: thanos.local-tls

3197

## key:

3198

## certificate:

3199

3200

secrets: []

3201

## @param storegateway.ingress.extraRules Additional rules to be covered with this ingress record

3202

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

3203

## e.g:

3204

## extraRules:

3205

## - host: example.local

3206

## http:

3207

## path: /

3208

## backend:

3209

## service:

3210

## name: example-svc

3211

## port:

3212

## name: http

3213

3214

extraRules: []

3215

## @param storegateway.ingress.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter

3216

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.hostname }}`

3217

## You can:

3218

## - Use the `storegateway.ingress.secrets` parameter to create this TLS secret

3219

## - Rely on cert-manager to create it by setting the corresponding annotations

3220

## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.selfSigned=true`

3221

3222

tls: false

3223

## @param storegateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

3224

3225

selfSigned: false

3226

## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set)

3227

3228

apiVersion: ""

3229

## @param storegateway.ingress.path Ingress path

3230

3231

path: /

3232

## @param storegateway.ingress.pathType Ingress path type

3233

3234

pathType: ImplementationSpecific

3235

## Create an ingress object for the GRPC service. This requires an HTTP/2

3236

## capable Ingress controller (eg. traefik using AWS NLB). Example annotations

3237

## - ingress.kubernetes.io/protocol: h2c

3238

## - service.beta.kubernetes.io/aws-load-balancer-type: nlb

3239

## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp

3240

## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/

3241

## and also the documentation for your ingress controller.

3242

3243

## The options that are accepted are identical to the HTTP one listed above

3244

3245

grpc:

3246

## @param storegateway.ingress.grpc.enabled Enable ingress controller resource (GRPC)

3247

3248

enabled: false

3249

## @param storegateway.ingress.grpc.hostname Default host for the ingress resource (GRPC)

3250

3251

hostname: thanos-grpc.local

3252

## @param storegateway.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

3253

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

3254

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

3255

3256

ingressClassName: ""

3257

## @param storegateway.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations.

3258

## For a full list of possible ingress annotations, please see

3259

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

3260

## Use this parameter to set the required annotations for cert-manager, see

3261

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

3262

3263

## Examples:

3264

## kubernetes.io/ingress.class: nginx

3265

## cert-manager.io/cluster-issuer: cluster-issuer-name

3266

3267

annotations: {}

3268

## @param storegateway.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record.

3269

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

3270

## extraHosts:

3271

## - name: thanos-grpc.local

3272

## path: /

3273

3274

extraHosts: []

3275

## @param storegateway.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

3276

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

3277

## extraTls:

3278

## - hosts:

3279

## - thanos-grpc.local

3280

## secretName: thanos-grpc.local-tls

3281

3282

extraTls: []

3283

## @param storegateway.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets

3284

## key and certificate should start with -----BEGIN CERTIFICATE----- or

3285

## -----BEGIN RSA PRIVATE KEY-----

3286

3287

## name should line up with a tlsSecret set further up

3288

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

3289

3290

## It is also possible to create and manage the certificates outside of this helm chart

3291

## Please see README.md for more information

3292

## e.g:

3293

## - name: thanos-grpc.local-tls

3294

## key:

3295

## certificate:

3296

3297

secrets: []

3298

## @param storegateway.ingress.grpc.extraRules Additional rules to be covered with this ingress record

3299

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

3300

## e.g:

3301

## extraRules:

3302

## - host: example.local

3303

## http:

3304

## path: /

3305

## backend:

3306

## service:

3307

## name: example-svc

3308

## port:

3309

## name: http

3310

3311

extraRules: []

3312

## @param storegateway.ingress.grpc.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter

3313

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }}`

3314

## You can:

3315

## - Use the `storegateway.ingress.grpc.secrets` parameter to create this TLS secret

3316

## - Rely on cert-manager to create it by setting the corresponding annotations

3317

## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.grpc.selfSigned=true`

3318

3319

tls: false

3320

## @param storegateway.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

3321

3322

selfSigned: false

3323

## @param storegateway.ingress.grpc.apiVersion Override API Version (automatically detected if not set)

3324

3325

apiVersion: ""

3326

## @param storegateway.ingress.grpc.path Ingress Path

3327

3328

path: /

3329

## @param storegateway.ingress.grpc.pathType Ingress Path type

3330

3331

pathType: ImplementationSpecific

3332

## Sharded parameters

3333

## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway

3334

## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks

3335

## @param storegateway.sharded.hashPartitioning.extraRelabelingConfigs Setting extra relabel config

3336

## e,g:

3337

## extraRelabelingConfigs:

3338

## - action: keep

3339

## source_labels: ["region"]

3340

## regex: cn-zhangjiakou

3341

## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions

3342

## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards

3343

## e.g:

3344

## clusterIPs:

3345

## - X.X.X.X

3346

## - Y.Y.Y.Y

3347

## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards

3348

## e.g:

3349

## loadBalancerIPs:

3350

## - X.X.X.X

3351

## - Y.Y.Y.Y

3352

## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards

3353

## e.g:

3354

## nodePorts:

3355

## - 30001

3356

## - 30002

3357

## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards

3358

## e.g:

3359

## nodePorts:

3360

## - 30011

3361

## - 30012

3362

3363

sharded:

3364

enabled: false

3365

hashPartitioning:

3366

shards: ""

3367

extraRelabelingConfigs: []

3368

timePartitioning:

3369

- min: ""

3370

max: ""

3371

service:

3372

clusterIPs: []

3373

loadBalancerIPs: []

3374

http:

3375

nodePorts: []

3376

grpc:

3377

nodePorts: []

3378

## @section Thanos Ruler parameters

3379

ruler:

3380

## @param ruler.enabled Enable/disable Thanos Ruler component

3381

3382

enabled: false

3383

## @param ruler.logLevel Thanos Ruler log level

3384

3385

logLevel: info

3386

## @param ruler.logFormat Thanos Ruler log format

3387

3388

logFormat: logfmt

3389

## @param ruler.replicaLabel Label to treat as a replica indicator along which data is de-duplicated

3390

3391

replicaLabel: replica

3392

## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery

3393

3394

dnsDiscovery:

3395

enabled: true

3396

## @param ruler.queryURL Thanos query/query-frontend URL to link in Ruler UI.

3397

3398

queryURL: ""

3399

## @param ruler.alertmanagers Alert managers URLs array

3400

## NOTE: This is only used when ruler.alertmanagersConfig is not set

3401

3402

alertmanagers: []

3403

## @param ruler.alertmanagersConfig Alert managers configuration

3404

## NOTE: This is only used when ruler.alertmanagers is not set

3405

## ref: https://thanos.io/tip/components/rule.md/#alertmanager

3406

## e.g:

3407

## alertmanagersConfig:

3408

## alertmanagers:

3409

## - http_config:

3410

## basic_auth:

3411

## username: some_user

3412

## password: some_pass

3413

## static_configs:

3414

## - alertmanager.thanos.io

3415

## scheme: http

3416

## timeout: 10s

3417

## api_version: v2

3418

3419

alertmanagersConfig: {}

3420

## @param ruler.evalInterval The default evaluation interval to use

3421

3422

evalInterval: 1m

3423

## @param ruler.clusterName Used to set the 'ruler_cluster' label

3424

3425

clusterName: ""

3426

## @param ruler.ruleFile Change the location Thanos checks for rule files

3427

3428

ruleFile: "/conf/rules/*.yml"

3429

## @param ruler.config Ruler configuration

3430

## Specify content for ruler.yml

3431

3432

config: ""

3433

## @param ruler.dataPath Path to the data directory

3434

3435

## e.g. /data

3436

dataPath: ""

3437

## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration

3438

## NOTE: This will override ruler.config

3439

3440

existingConfigmap: ""

3441

## @param ruler.extraEnvVars Extra environment variables for Thanos Ruler container

3442

## e.g:

3443

## extraEnvVars:

3444

## - name: FOO

3445

## value: "bar"

3446

3447

extraEnvVars: []

3448

## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes

3449

3450

extraEnvVarsCM: ""

3451

## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Ruler nodes

3452

3453

extraEnvVarsSecret: ""

3454

## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler

3455

3456

extraFlags: []

3457

## @param ruler.command Override default container command (useful when using custom images)

3458

3459

command: []

3460

## @param ruler.args Override default container args (useful when using custom images)

3461

3462

args: []

3463

## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy

3464

3465

replicaCount: 1

3466

## @param ruler.revisionHistoryLimit The number of old history to retain to allow rollback

3467

3468

revisionHistoryLimit: 10

3469

## @param ruler.updateStrategy.type Update strategy type for Thanos Ruler replicas

3470

3471

updateStrategy:

3472

type: RollingUpdate

3473

## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type

3474

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

3475

3476

podManagementPolicy: OrderedReady

3477

## @param ruler.containerPorts.http HTTP container port

3478

## @param ruler.containerPorts.grpc GRPC container port

3479

3480

containerPorts:

3481

http: 10902

3482

grpc: 10901

3483

## K8s Pod Security Context for Thanos Ruler pods

3484

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

3485

## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods

3486

## @param ruler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

3487

## @param ruler.podSecurityContext.sysctls Set kernel settings using the sysctl interface

3488

## @param ruler.podSecurityContext.supplementalGroups Set filesystem extra groups

3489

## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Ruler pods

3490

3491

podSecurityContext:

3492

enabled: true

3493

fsGroupChangePolicy: Always

3494

sysctls: []

3495

supplementalGroups: []

3496

fsGroup: 1001

3497

## K8s containers' Security Context for Thanos Ruler containers

3498

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

3499

## @param ruler.containerSecurityContext.enabled Enabled containers' Security Context

3500

## @param ruler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

3501

## @param ruler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

3502

## @param ruler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

3503

## @param ruler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

3504

## @param ruler.containerSecurityContext.privileged Set container's Security Context privileged

3505

## @param ruler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

3506

## @param ruler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

3507

## @param ruler.containerSecurityContext.capabilities.drop List of capabilities to be dropped

3508

## @param ruler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

3509

3510

containerSecurityContext:

3511

enabled: true

3512

seLinuxOptions: {}

3513

runAsUser: 1001

3514

runAsGroup: 1001

3515

runAsNonRoot: true

3516

privileged: false

3517

readOnlyRootFilesystem: true

3518

allowPrivilegeEscalation: false

3519

capabilities:

3520

drop: ["ALL"]

3521

seccompProfile:

3522

type: "RuntimeDefault"

3523

## Thanos Ruler containers' resource requests and limits

3524

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

3525

## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production).

3526

3527

resourcesPreset: "nano"

3528

## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

3529

## Example:

3530

## resources:

3531

## requests:

3532

## cpu: 2

3533

## memory: 512Mi

3534

## limits:

3535

## cpu: 3

3536

## memory: 1024Mi

3537

3538

resources: {}

3539

## Configure extra options for Thanos Ruler containers' liveness and readiness probes

3540

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

3541

## @param ruler.livenessProbe.enabled Enable livenessProbe on Thanos Ruler containers

3542

## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

3543

## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe

3544

## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

3545

## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe

3546

## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe

3547

3548

livenessProbe:

3549

enabled: true

3550

initialDelaySeconds: 30

3551

timeoutSeconds: 30

3552

periodSeconds: 10

3553

successThreshold: 1

3554

failureThreshold: 6

3555

## @param ruler.readinessProbe.enabled Enable readinessProbe on Thanos Ruler containers

3556

## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

3557

## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe

3558

## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

3559

## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe

3560

## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe

3561

3562

readinessProbe:

3563

enabled: true

3564

initialDelaySeconds: 30

3565

timeoutSeconds: 30

3566

periodSeconds: 10

3567

successThreshold: 1

3568

failureThreshold: 6

3569

## @param ruler.startupProbe.enabled Enable startupProbe on Thanos Ruler containers

3570

## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

3571

## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe

3572

## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe

3573

## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe

3574

## @param ruler.startupProbe.successThreshold Success threshold for startupProbe

3575

3576

startupProbe:

3577

enabled: false

3578

initialDelaySeconds: 5

3579

periodSeconds: 5

3580

timeoutSeconds: 1

3581

failureThreshold: 15

3582

successThreshold: 1

3583

## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one

3584

3585

customLivenessProbe: {}

3586

## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one

3587

3588

customReadinessProbe: {}

3589

## @param ruler.customStartupProbe Custom startupProbe that overrides the default one

3590

3591

customStartupProbe: {}

3592

## @param ruler.initContainers Add additional init containers to the Thanos Ruler pods

3593

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

3594

## e.g:

3595

## initContainers:

3596

## - name: your-image-name

3597

## image: your-image

3598

## imagePullPolicy: Always

3599

## command: ['sh', '-c', 'echo "hello world"']

3600

3601

initContainers: []

3602

## @param ruler.sidecars Extra containers running as sidecars to Thanos Ruler pods

3603

## e.g:

3604

## sidecars:

3605

## - name: your-image-name

3606

## image: your-image

3607

## imagePullPolicy: Always

3608

## ports:

3609

## - name: portname

3610

## containerPort: 1234

3611

3612

sidecars: []

3613

## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler

3614

3615

extraVolumes: []

3616

## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container

3617

3618

extraVolumeMounts: []

3619

## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset

3620

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

3621

3622

podAffinityPreset: ""

3623

## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`

3624

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

3625

3626

podAntiAffinityPreset: soft

3627

## Thanos Ruler node affinity preset

3628

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

3629

3630

nodeAffinityPreset:

3631

## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`

3632

3633

type: ""

3634

## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set.

3635

## e.g:

3636

## key: "kubernetes.io/e2e-az-name"

3637

3638

key: ""

3639

## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set.

3640

## e.g:

3641

## values:

3642

## - e2e-az1

3643

## - e2e-az2

3644

3645

values: []

3646

## @param ruler.affinity Thanos Ruler affinity for pod assignment

3647

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

3648

## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set

3649

3650

affinity: {}

3651

## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment

3652

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

3653

3654

nodeSelector: {}

3655

## @param ruler.tolerations Thanos Ruler tolerations for pod assignment

3656

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

3657

3658

tolerations: []

3659

## @param ruler.podLabels Thanos Ruler pod labels

3660

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

3661

3662

podLabels: {}

3663

## @param ruler.podAnnotations Annotations for Thanos Ruler pods

3664

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

3665

3666

podAnnotations: {}

3667

## @param ruler.statefulsetLabels Thanos Ruler statefulset labels

3668

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

3669

3670

statefulsetLabels: {}

3671

## @param ruler.statefulsetAnnotations Thanos Ruler statefulset annotations

3672

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

3673

3674

statefulsetAnnotations: {}

3675

## @param ruler.dnsConfig Deployment pod DNS config

3676

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

3677

## E.g.

3678

## dnsConfig:

3679

## options:

3680

## - name: ndots

3681

## value: "4"

3682

## - name: single-request-reopen

3683

3684

dnsConfig: {}

3685

## @param ruler.dnsPolicy Deployment pod DNS policy

3686

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

3687

## E.g.

3688

## dnsPolicy: ClusterFirstWithHostNet

3689

3690

dnsPolicy: ""

3691

## @param ruler.hostAliases Deployment pod host aliases

3692

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

3693

3694

hostAliases: []

3695

## @param ruler.lifecycleHooks for the Thanos Ruler container(s) to automate configuration before or after startup

3696

3697

lifecycleHooks: {}

3698

## @param ruler.priorityClassName Thanos Ruler priorityClassName

3699

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

3700

3701

priorityClassName: ""

3702

## @param ruler.schedulerName Name of the k8s scheduler (other than default) for Thanos Ruler pods

3703

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

3704

3705

schedulerName: ""

3706

## @param ruler.topologySpreadConstraints Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains

3707

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

3708

3709

topologySpreadConstraints: []

3710

## Network Policies

3711

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

3712

3713

networkPolicy:

3714

## @param ruler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

3715

3716

enabled: true

3717

## @param ruler.networkPolicy.allowExternal Don't require client label for connections

3718

## The Policy model to apply. When set to false, only pods with the correct

3719

## client label will have network access to the ports the application is listening

3720

## on. When true, the app will accept connections from any source

3721

## (with the correct destination port).

3722

3723

allowExternal: true

3724

## @param ruler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

3725

3726

allowExternalEgress: true

3727

## @param ruler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

3728

## e.g:

3729

## extraIngress:

3730

## - ports:

3731

## - port: 1234

3732

## from:

3733

## - podSelector:

3734

## - matchLabels:

3735

## - role: frontend

3736

## - podSelector:

3737

## - matchExpressions:

3738

## - key: role

3739

## operator: In

3740

## values:

3741

## - frontend

3742

extraIngress: []

3743

## @param ruler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

3744

## e.g:

3745

## extraEgress:

3746

## - ports:

3747

## - port: 1234

3748

## to:

3749

## - podSelector:

3750

## - matchLabels:

3751

## - role: frontend

3752

## - podSelector:

3753

## - matchExpressions:

3754

## - key: role

3755

## operator: In

3756

## values:

3757

## - frontend

3758

3759

extraEgress: []

3760

## @param ruler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

3761

## @param ruler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

3762

3763

ingressNSMatchLabels: {}

3764

ingressNSPodMatchLabels: {}

3765

## Service parameters

3766

3767

service:

3768

## @param ruler.service.type Kubernetes service type

3769

3770

type: ClusterIP

3771

## @param ruler.service.ports.http Thanos Ruler service HTTP port

3772

## @param ruler.service.ports.grpc Thanos Ruler service GRPC port

3773

3774

ports:

3775

http: 9090

3776

grpc: 10901

3777

## @param ruler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types

3778

## @param ruler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types

3779

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

3780

3781

nodePorts:

3782

http: ""

3783

grpc: ""

3784

## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP

3785

## e.g:

3786

## clusterIP: None

3787

3788

clusterIP: ""

3789

## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

3790

## Set the LoadBalancer service type to internal only

3791

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

3792

3793

loadBalancerIP: ""

3794

## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer

3795

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

3796

## e.g:

3797

## loadBalancerSourceRanges:

3798

## - 10.10.10.0/24

3799

3800

loadBalancerSourceRanges: []

3801

## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy

3802

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

3803

3804

externalTrafficPolicy: Cluster

3805

## @param ruler.service.labels Extra labels for Thanos Ruler service

3806

3807

labels: {}

3808

## @param ruler.service.annotations Annotations for Thanos Ruler service

3809

3810

annotations: {}

3811

## @param ruler.service.extraPorts Extra ports to expose in the Thanos Ruler service

3812

3813

extraPorts: []

3814

## @param ruler.service.labelSelectorsOverride Selector for Thanos Query service

3815

3816

labelSelectorsOverride: {}

3817

## @param ruler.service.additionalHeadless Additional Headless service

3818

3819

additionalHeadless: false

3820

## Headless service properties

3821

3822

headless:

3823

## @param ruler.service.headless.annotations Annotations for the headless service.

3824

3825

annotations: {}

3826

## @param ruler.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

3827

3828

ipFamilyPolicy: ""

3829

## @param ruler.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

3830

3831

ipFamilies: []

3832

## Persistence parameters

3833

3834

persistence:

3835

## @param ruler.persistence.enabled Enable data persistence using PVC(s) on Thanos Ruler pods

3836

3837

enabled: true

3838

## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume

3839

## If defined, storageClassName: <storageClass>

3840

## If set to "-", storageClassName: "", which disables dynamic provisioning

3841

## If undefined (the default) or set to null, no storageClassName spec is

3842

## set, choosing the default provisioner.

3843

3844

storageClass: ""

3845

## @param ruler.persistence.accessModes PVC Access Modes for data volume

3846

3847

accessModes:

3848

- ReadWriteOnce

3849

## @param ruler.persistence.size PVC Storage Request for data volume

3850

3851

size: 8Gi

3852

## @param ruler.persistence.annotations Annotations for the PVC

3853

3854

annotations: {}

3855

## @param ruler.persistence.existingClaim Name of an existing PVC to use

3856

## If defined, PVC must be created manually before volume will be bound

3857

3858

existingClaim: ""

3859

## Persistent Volume Claim Retention Policy

3860

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention

3861

3862

persistentVolumeClaimRetentionPolicy:

3863

## @param ruler.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Ruler Statefulset

3864

3865

enabled: false

3866

## @param ruler.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced

3867

3868

whenScaled: Retain

3869

## @param ruler.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted

3870

3871

whenDeleted: Retain

3872

## @param ruler.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts

3873

3874

automountServiceAccountToken: true

3875

## ServiceAccount configuration

3876

## @param ruler.serviceAccount.create Specifies whether a ServiceAccount should be created

3877

## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

3878

## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account

3879

## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

3880

3881

serviceAccount:

3882

create: true

3883

3884

annotations: {}

3885

automountServiceAccountToken: false

3886

## Thanos Ruler Autoscaling configuration

3887

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

3888

## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler

3889

## @param ruler.autoscaling.minReplicas Minimum number of Thanos Ruler replicas

3890

## @param ruler.autoscaling.maxReplicas Maximum number of Thanos Ruler replicas

3891

## @param ruler.autoscaling.targetCPU Target CPU utilization percentage

3892

## @param ruler.autoscaling.targetMemory Target Memory utilization percentage

3893

## @param ruler.autoscaling.behavior HPA Behavior

3894

## @param ruler.externalAutoscaler Specifies whether the Thanos Ruler statefulset is scaled by an external autoscaler

3895

3896

autoscaling:

3897

enabled: false

3898

minReplicas: ""

3899

maxReplicas: ""

3900

targetCPU: ""

3901

targetMemory: ""

3902

behavior: {}

3903

externalAutoscaler: false

3904

## Thanos Ruler Pod Disruption Budget configuration

3905

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

3906

## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler

3907

## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

3908

## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

3909

3910

pdb:

3911

create: true

3912

minAvailable: ""

3913

maxUnavailable: ""

3914

## Configure the ingress resource that allows you to access Thanos Ruler

3915

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

3916

3917

ingress:

3918

## @param ruler.ingress.enabled Enable ingress controller resource

3919

3920

enabled: false

3921

## @param ruler.ingress.hostname Default host for the ingress resource

3922

3923

hostname: thanos-ruler.local

3924

## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

3925

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

3926

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

3927

3928

ingressClassName: ""

3929

## @param ruler.ingress.labels Additional label for the Ingress resource.

3930

## Use this parameter to set the required labels for your needs

3931

## e.g:

3932

## labels:

3933

## dns-managed-by-external-dns: 'true'

3934

3935

labels: {}

3936

## @param ruler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

3937

## For a full list of possible ingress annotations, please see

3938

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

3939

## Use this parameter to set the required annotations for cert-manager, see

3940

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

3941

3942

## e.g:

3943

## annotations:

3944

## kubernetes.io/ingress.class: nginx

3945

## cert-manager.io/cluster-issuer: cluster-issuer-name

3946

3947

annotations: {}

3948

## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

3949

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

3950

## extraHosts:

3951

## - name: thanos.local

3952

## path: /

3953

## pathType: ImplementationSpecific

3954

3955

extraHosts: []

3956

## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

3957

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

3958

## extraTls:

3959

## - hosts:

3960

## - thanos.local

3961

## secretName: thanos.local-tls

3962

3963

extraTls: []

3964

## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

3965

## key and certificate should start with -----BEGIN CERTIFICATE----- or

3966

## -----BEGIN RSA PRIVATE KEY-----

3967

3968

## name should line up with a tlsSecret set further up

3969

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

3970

3971

## It is also possible to create and manage the certificates outside of this helm chart

3972

## Please see README.md for more information

3973

## e.g:

3974

## - name: thanos.local-tls

3975

## key:

3976

## certificate:

3977

3978

secrets: []

3979

## @param ruler.ingress.extraRules Additional rules to be covered with this ingress record

3980

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

3981

## e.g:

3982

## extraRules:

3983

## - host: example.local

3984

## http:

3985

## path: /

3986

## backend:

3987

## service:

3988

## name: example-svc

3989

## port:

3990

## name: http

3991

3992

extraRules: []

3993

## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set)

3994

3995

apiVersion: ""

3996

## @param ruler.ingress.path Ingress path

3997

3998

path: /

3999

## @param ruler.ingress.pathType Ingress path type

4000

4001

pathType: ImplementationSpecific

4002

## @section Thanos Receive parameters

4003

receive:

4004

## @param receive.enabled Enable/disable Thanos Receive component

4005

4006

enabled: false

4007

## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode"

4008

## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md

4009

## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for

4010

## the stateless thanos distributor.

4011

mode: standalone

4012

## @param receive.logLevel Thanos Receive log level

4013

4014

logLevel: info

4015

## @param receive.logFormat Thanos Receive log format

4016

4017

logFormat: logfmt

4018

## @param receive.tsdbRetention Thanos Receive TSDB retention period

4019

4020

tsdbRetention: 15d

4021

## @param receive.replicationProtocol Thanos Receive replication-protocol

4022

## ref: https://thanos.io/tip/components/receive.md/#replication-protocols

4023

4024

replicationProtocol: capnproto

4025

## @param receive.replicationFactor Thanos Receive replication-factor

4026

4027

replicationFactor: 1

4028

## @param receive.config Receive Hashring configuration

4029

## Note: json formatted string and yaml allowed.

4030

## e.g:

4031

## config:

4032

## - endpoints:

4033

## - "127.0.0.1:10901"

4034

4035

config: []

4036

## @param receive.tsdbPath Thanos Receive path to the time series database

4037

4038

## e.g.: /var/thanos/receive

4039

tsdbPath: ""

4040

## @param receive.existingConfigmap Name of existing ConfigMap with Thanos Receive Hashring configuration

4041

## NOTE: This will override receive.config

4042

4043

existingConfigmap: ""

4044

## @param receive.replicaLabel Label to treat as a replica indicator along which data is de-duplicated

4045

4046

replicaLabel: replica

4047

## Thanos Receive parameters

4048

## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags

4049

4050

grpc:

4051

## GRPC server side

4052

4053

server:

4054

## TLS configuration

4055

## @param receive.grpc.server.tls.enabled Enable TLS encryption in the GRPC server

4056

## @param receive.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates

4057

## @param receive.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided

4058

## @param receive.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided

4059

## @param receive.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided

4060

## @param receive.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA

4061

## @param receive.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates

4062

## e.g:

4063

## existingSecret:

4064

## name: foo

4065

## keyMapping:

4066

## ca-cert: ca.pem

4067

## tls-cert: cert.pem

4068

## tls-key: key.pem

4069

4070

tls:

4071

enabled: false

4072

autoGenerated: false

4073

cert: ""

4074

key: ""

4075

ca: ""

4076

clientAuthEnabled: true

4077

existingSecret: {}

4078

## @param receive.extraEnvVars Extra environment variables for Thanos Receive container

4079

## e.g:

4080

## extraEnvVars:

4081

## - name: FOO

4082

## value: "bar"

4083

4084

extraEnvVars: []

4085

## @param receive.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive nodes

4086

4087

extraEnvVarsCM: ""

4088

## @param receive.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive nodes

4089

4090

extraEnvVarsSecret: ""

4091

## @param receive.extraFlags Extra Flags to passed to Thanos Receive

4092

4093

extraFlags: []

4094

## @param receive.command Override default container command (useful when using custom images)

4095

4096

command: []

4097

## @param receive.args Override default container args (useful when using custom images)

4098

4099

args: []

4100

## @param receive.replicaCount Number of Thanos Receive replicas to deploy

4101

4102

replicaCount: 1

4103

## @param receive.revisionHistoryLimit The number of old history to retain to allow rollback

4104

4105

revisionHistoryLimit: 10

4106

## @param receive.updateStrategy.type Update strategy type for Thanos Receive replicas

4107

4108

updateStrategy:

4109

type: RollingUpdate

4110

## @param receive.podManagementPolicy

4111

## @param receive.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel

4112

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

4113

4114

podManagementPolicy: OrderedReady

4115

## @param receive.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update

4116

4117

minReadySeconds: 0

4118

## @param receive.containerPorts.http HTTP container port

4119

## @param receive.containerPorts.grpc GRPC container port

4120

## @param receive.containerPorts.remote Remote-write container port

4121

## @param receive.containerPorts.capnproto Cap'n'Proto container port

4122

4123

containerPorts:

4124

http: 10902

4125

grpc: 10901

4126

remote: 19291

4127

capnproto: 19391

4128

## K8s Pod Security Context for Thanos Receive pods

4129

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

4130

## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods

4131

## @param receive.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

4132

## @param receive.podSecurityContext.sysctls Set kernel settings using the sysctl interface

4133

## @param receive.podSecurityContext.supplementalGroups Set filesystem extra groups

4134

## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive pods

4135

4136

podSecurityContext:

4137

enabled: true

4138

fsGroupChangePolicy: Always

4139

sysctls: []

4140

supplementalGroups: []

4141

fsGroup: 1001

4142

## K8s containers' Security Context for Thanos Receive containers

4143

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

4144

## @param receive.containerSecurityContext.enabled Enabled containers' Security Context

4145

## @param receive.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

4146

## @param receive.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

4147

## @param receive.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

4148

## @param receive.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

4149

## @param receive.containerSecurityContext.privileged Set container's Security Context privileged

4150

## @param receive.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

4151

## @param receive.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

4152

## @param receive.containerSecurityContext.capabilities.drop List of capabilities to be dropped

4153

## @param receive.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

4154

4155

containerSecurityContext:

4156

enabled: true

4157

seLinuxOptions: {}

4158

runAsUser: 1001

4159

runAsGroup: 1001

4160

runAsNonRoot: true

4161

privileged: false

4162

readOnlyRootFilesystem: true

4163

allowPrivilegeEscalation: false

4164

capabilities:

4165

drop: ["ALL"]

4166

seccompProfile:

4167

type: "RuntimeDefault"

4168

## Thanos Receive containers' resource requests and limits

4169

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

4170

## @param receive.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receive.resources is set (receive.resources is recommended for production).

4171

4172

resourcesPreset: "nano"

4173

## @param receive.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

4174

## Example:

4175

## resources:

4176

## requests:

4177

## cpu: 2

4178

## memory: 512Mi

4179

## limits:

4180

## cpu: 3

4181

## memory: 1024Mi

4182

4183

resources: {}

4184

## Configure extra options for Thanos Receive containers' liveness and readiness probes

4185

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

4186

## @param receive.livenessProbe.enabled Enable livenessProbe on Thanos Receive containers

4187

## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

4188

## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe

4189

## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

4190

## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe

4191

## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe

4192

4193

livenessProbe:

4194

enabled: true

4195

initialDelaySeconds: 30

4196

timeoutSeconds: 30

4197

periodSeconds: 10

4198

successThreshold: 1

4199

failureThreshold: 6

4200

## @param receive.readinessProbe.enabled Enable readinessProbe on Thanos Receive containers

4201

## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

4202

## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe

4203

## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

4204

## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe

4205

## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe

4206

4207

readinessProbe:

4208

enabled: true

4209

initialDelaySeconds: 30

4210

timeoutSeconds: 30

4211

periodSeconds: 10

4212

successThreshold: 1

4213

failureThreshold: 6

4214

## @param receive.startupProbe.enabled Enable startupProbe on Thanos Receive containers

4215

## @param receive.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

4216

## @param receive.startupProbe.periodSeconds Period seconds for startupProbe

4217

## @param receive.startupProbe.timeoutSeconds Timeout seconds for startupProbe

4218

## @param receive.startupProbe.failureThreshold Failure threshold for startupProbe

4219

## @param receive.startupProbe.successThreshold Success threshold for startupProbe

4220

4221

startupProbe:

4222

enabled: false

4223

initialDelaySeconds: 5

4224

periodSeconds: 5

4225

timeoutSeconds: 1

4226

failureThreshold: 15

4227

successThreshold: 1

4228

## @param receive.customLivenessProbe Custom livenessProbe that overrides the default one

4229

4230

customLivenessProbe: {}

4231

## @param receive.customReadinessProbe Custom readinessProbe that overrides the default one

4232

4233

customReadinessProbe: {}

4234

## @param receive.customStartupProbe Custom startupProbe that overrides the default one

4235

4236

customStartupProbe: {}

4237

## @param receive.initContainers Add additional init containers to the Thanos Receive pods

4238

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

4239

## e.g:

4240

## initContainers:

4241

## - name: your-image-name

4242

## image: your-image

4243

## imagePullPolicy: Always

4244

## command: ['sh', '-c', 'echo "hello world"']

4245

4246

initContainers: []

4247

## @param receive.sidecars Extra containers running as sidecars to Thanos Receive pods

4248

## e.g:

4249

## sidecars:

4250

## - name: your-image-name

4251

## image: your-image

4252

## imagePullPolicy: Always

4253

## ports:

4254

## - name: portname

4255

## containerPort: 1234

4256

4257

sidecars: []

4258

## @param receive.extraVolumes Extra volumes to add to Thanos Receive

4259

4260

extraVolumes: []

4261

## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container

4262

4263

extraVolumeMounts: []

4264

## @param receive.podAffinityPreset Thanos Receive pod affinity preset

4265

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

4266

## Allowed values: soft, hard

4267

4268

podAffinityPreset: ""

4269

## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`

4270

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

4271

4272

podAntiAffinityPreset: soft

4273

## Thanos Receive node affinity preset

4274

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

4275

4276

nodeAffinityPreset:

4277

## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard`

4278

4279

type: ""

4280

## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receive.affinity` is set.

4281

## e.g:

4282

## key: "kubernetes.io/e2e-az-name"

4283

4284

key: ""

4285

## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receive.affinity` is set.

4286

## e.g:

4287

## values:

4288

## - e2e-az1

4289

## - e2e-az2

4290

4291

values: []

4292

## @param receive.affinity Thanos Receive affinity for pod assignment

4293

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

4294

## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set

4295

4296

affinity: {}

4297

## @param receive.nodeSelector Thanos Receive node labels for pod assignment

4298

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

4299

4300

nodeSelector: {}

4301

## @param receive.tolerations Thanos Receive tolerations for pod assignment

4302

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

4303

4304

tolerations: []

4305

## @param receive.statefulsetLabels Thanos Receive statefulset labels

4306

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

4307

4308

statefulsetLabels: {}

4309

## @param receive.statefulsetAnnotations Thanos Receive statefulset annotations

4310

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

4311

4312

statefulsetAnnotations: {}

4313

## @param receive.podLabels Thanos Receive pod labels

4314

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

4315

4316

podLabels: {}

4317

## @param receive.podAnnotations Annotations for Thanos Receive pods

4318

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

4319

4320

podAnnotations: {}

4321

## @param receive.dnsConfig Deployment pod DNS config

4322

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

4323

## E.g.

4324

## dnsConfig:

4325

## options:

4326

## - name: ndots

4327

## value: "4"

4328

## - name: single-request-reopen

4329

4330

dnsConfig: {}

4331

## @param receive.dnsPolicy Deployment pod DNS policy

4332

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

4333

## E.g.

4334

## dnsPolicy: ClusterFirstWithHostNet

4335

4336

dnsPolicy: ""

4337

## @param receive.hostAliases Deployment pod host aliases

4338

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

4339

4340

hostAliases: []

4341

## @param receive.terminationGracePeriodSeconds for the Thanos Receive containers(s) to extend the grace period

4342

4343

terminationGracePeriodSeconds: ""

4344

## @param receive.lifecycleHooks for the Thanos Receive container(s) to automate configuration before or after startup

4345

4346

lifecycleHooks: {}

4347

## @param receive.priorityClassName Thanos Receive priorityClassName

4348

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

4349

4350

priorityClassName: ""

4351

## @param receive.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive pods

4352

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

4353

4354

schedulerName: ""

4355

## @param receive.topologySpreadConstraints Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains

4356

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

4357

4358

topologySpreadConstraints: []

4359

## Network Policies

4360

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

4361

4362

networkPolicy:

4363

## @param receive.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

4364

4365

enabled: true

4366

## @param receive.networkPolicy.allowExternal Don't require client label for connections

4367

## The Policy model to apply. When set to false, only pods with the correct

4368

## client label will have network access to the ports the application is listening

4369

## on. When true, the app will accept connections from any source

4370

## (with the correct destination port).

4371

4372

allowExternal: true

4373

## @param receive.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

4374

4375

allowExternalEgress: true

4376

## @param receive.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

4377

## e.g:

4378

## extraIngress:

4379

## - ports:

4380

## - port: 1234

4381

## from:

4382

## - podSelector:

4383

## - matchLabels:

4384

## - role: frontend

4385

## - podSelector:

4386

## - matchExpressions:

4387

## - key: role

4388

## operator: In

4389

## values:

4390

## - frontend

4391

extraIngress: []

4392

## @param receive.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

4393

## e.g:

4394

## extraEgress:

4395

## - ports:

4396

## - port: 1234

4397

## to:

4398

## - podSelector:

4399

## - matchLabels:

4400

## - role: frontend

4401

## - podSelector:

4402

## - matchExpressions:

4403

## - key: role

4404

## operator: In

4405

## values:

4406

## - frontend

4407

4408

extraEgress: []

4409

## @param receive.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

4410

## @param receive.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

4411

4412

ingressNSMatchLabels: {}

4413

ingressNSPodMatchLabels: {}

4414

## Service parameters

4415

4416

service:

4417

## @param receive.service.type Kubernetes service type

4418

4419

type: ClusterIP

4420

## @param receive.service.ports.http Thanos Receive service HTTP port

4421

## @param receive.service.ports.grpc Thanos Receive service GRPC port

4422

## @param receive.service.ports.remote Thanos Receive service Remote-write port

4423

## @param receive.service.ports.capnproto Thanos Receive service Cap'n'Proto port

4424

4425

ports:

4426

http: 10902

4427

grpc: 10901

4428

remote: 19291

4429

capnproto: 19391

4430

## @param receive.service.nodePorts.http Specify the Thanos Receive HTTP nodePort value for the LoadBalancer and NodePort service types

4431

## @param receive.service.nodePorts.grpc Specify the Thanos Receive GRPC nodePort value for the LoadBalancer and NodePort service types

4432

## @param receive.service.nodePorts.remote Specify the Thanos Receive Remote-write nodePort value for the LoadBalancer and NodePort service types

4433

## @param receive.service.nodePorts.capnproto Specify the Thanos Receive Cap'n'Proto nodePort value for the LoadBalancer and NodePort service types

4434

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

4435

4436

nodePorts:

4437

http: ""

4438

grpc: ""

4439

remote: ""

4440

capnproto: ""

4441

## @param receive.service.clusterIP Thanos Receive service clusterIP IP

4442

## e.g:

4443

## clusterIP: None

4444

4445

clusterIP: ""

4446

## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

4447

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

4448

4449

loadBalancerIP: ""

4450

## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer

4451

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

4452

## e.g:

4453

## loadBalancerSourceRanges:

4454

## - 10.10.10.0/24

4455

4456

loadBalancerSourceRanges: []

4457

## @param receive.service.externalTrafficPolicy Thanos Receive service externalTrafficPolicy

4458

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

4459

4460

externalTrafficPolicy: Cluster

4461

## @param receive.service.labels Extra labels for Thanos Receive service

4462

4463

labels: {}

4464

## @param receive.service.annotations Annotations for Thanos Receive service

4465

4466

annotations: {}

4467

## @param receive.service.extraPorts Extra ports to expose in the Thanos Receive service

4468

4469

extraPorts: []

4470

## @param receive.service.labelSelectorsOverride Selector for Thanos receive service

4471

4472

labelSelectorsOverride: {}

4473

## @param receive.service.additionalHeadless Additional Headless service

4474

4475

additionalHeadless: false

4476

## Headless service properties

4477

4478

headless:

4479

## @param receive.service.headless.annotations Annotations for the headless service.

4480

4481

annotations: {}

4482

## @param receive.service.ipFamilyPolicy Sets the IP family policy for the Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).

4483

4484

ipFamilyPolicy: ""

4485

## @param receive.service.ipFamilies A list of IP families for the Service that should be supported, in the order in which they should be applied. Can be "IPv4" and/or "IPv6".

4486

4487

ipFamilies: []

4488

## @param receive.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts

4489

4490

automountServiceAccountToken: true

4491

## ServiceAccount configuration

4492

## @param receive.serviceAccount.create Specifies whether a ServiceAccount should be created

4493

## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

4494

## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account

4495

## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

4496

4497

serviceAccount:

4498

create: true

4499

4500

annotations: {}

4501

automountServiceAccountToken: false

4502

## Thanos Receive Autoscaling configuration

4503

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

4504

## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive

4505

## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas

4506

## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas

4507

## @param receive.autoscaling.targetCPU Target CPU utilization percentage

4508

## @param receive.autoscaling.targetMemory Target Memory utilization percentage

4509

## @param receive.autoscaling.behavior HPA Behavior

4510

## @param receive.externalAutoscaler Specifies whether the Thanos Receive statefulset is scaled by an external autoscaler

4511

4512

autoscaling:

4513

enabled: false

4514

minReplicas: ""

4515

maxReplicas: ""

4516

targetCPU: ""

4517

targetMemory: ""

4518

behavior: {}

4519

externalAutoscaler: false

4520

## Thanos Receive Pod Disruption Budget configuration

4521

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

4522

## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive

4523

## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

4524

## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

4525

4526

pdb:

4527

create: true

4528

minAvailable: ""

4529

maxUnavailable: ""

4530

## Persistence parameters

4531

4532

persistence:

4533

## @param receive.persistence.enabled Enable data persistence using PVC(s) on Thanos Receive pods

4534

4535

enabled: true

4536

## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume

4537

## If defined, storageClassName: <storageClass>

4538

## If set to "-", storageClassName: "", which disables dynamic provisioning

4539

## If undefined (the default) or set to null, no storageClassName spec is

4540

## set, choosing the default provisioner.

4541

4542

storageClass: ""

4543

## @param receive.persistence.accessModes PVC Access Modes for data volume

4544

4545

accessModes:

4546

- ReadWriteOnce

4547

## @param receive.persistence.size PVC Storage Request for data volume

4548

4549

size: 8Gi

4550

## @param receive.persistence.labels Labels for the PVC

4551

4552

labels: {}

4553

## @param receive.persistence.annotations Annotations for the PVC

4554

4555

annotations: {}

4556

## @param receive.persistence.existingClaim Name of an existing PVC to use

4557

## If defined, PVC must be created manually before volume will be bound

4558

4559

existingClaim: ""

4560

## Persistent Volume Claim Retention Policy

4561

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention

4562

4563

persistentVolumeClaimRetentionPolicy:

4564

## @param receive.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Receive Statefulset

4565

4566

enabled: false

4567

## @param receive.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced

4568

4569

whenScaled: Retain

4570

## @param receive.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted

4571

4572

whenDeleted: Retain

4573

## Configure the ingress resource that allows you to access Thanos Receive

4574

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

4575

4576

ingress:

4577

## @param receive.ingress.enabled Set to true to enable ingress record generation

4578

4579

enabled: false

4580

## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created

4581

4582

hostname: thanos-receive.local

4583

## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

4584

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

4585

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

4586

4587

ingressClassName: ""

4588

## @param receive.ingress.labels Additional label for the Ingress resource.

4589

## Use this parameter to set the required labels for your needs

4590

## e.g:

4591

## labels:

4592

## dns-managed-by-external-dns: 'true'

4593

4594

labels: {}

4595

## @param receive.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

4596

## For a full list of possible ingress annotations, please see

4597

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

4598

## Use this parameter to set the required annotations for cert-manager, see

4599

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

4600

4601

## e.g:

4602

## annotations:

4603

## kubernetes.io/ingress.class: nginx

4604

## cert-manager.io/cluster-issuer: cluster-issuer-name

4605

4606

annotations: {}

4607

## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.

4608

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

4609

## extraHosts:

4610

## - name: thanos.local

4611

## path: /

4612

## pathType: ImplementationSpecific

4613

## portName: "http" # or "remote"

4614

4615

extraHosts: []

4616

## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.

4617

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

4618

## extraTls:

4619

## - hosts:

4620

## - thanos.local

4621

## secretName: thanos.local-tls

4622

4623

extraTls: []

4624

## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets

4625

## key and certificate should start with -----BEGIN CERTIFICATE----- or

4626

## -----BEGIN RSA PRIVATE KEY-----

4627

4628

## name should line up with a tlsSecret set further up

4629

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

4630

4631

## It is also possible to create and manage the certificates outside of this helm chart

4632

## Please see README.md for more information

4633

## e.g:

4634

## - name: thanos.local-tls

4635

## key:

4636

## certificate:

4637

4638

secrets: []

4639

## @param receive.ingress.extraRules Additional rules to be covered with this ingress record

4640

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

4641

## e.g:

4642

## extraRules:

4643

## - host: example.local

4644

## http:

4645

## path: /

4646

## backend:

4647

## service:

4648

## name: example-svc

4649

## port:

4650

## name: http

4651

4652

extraRules: []

4653

## @param receive.ingress.tls Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter

4654

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.receive.ingress.hostname }}`

4655

## You can:

4656

## - Use the `receive.ingress.secrets` parameter to create this TLS secret

4657

## - Rely on cert-manager to create it by setting the corresponding annotations

4658

## - Rely on Helm to create self-signed certificates by setting `receive.ingress.selfSigned=true`

4659

4660

tls: false

4661

## @param receive.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

4662

4663

selfSigned: false

4664

## @param receive.ingress.apiVersion Override API Version (automatically detected if not set)

4665

4666

apiVersion: ""

4667

## @param receive.ingress.path Ingress Path

4668

4669

path: /

4670

## @param receive.ingress.pathType Ingress Path type

4671

4672

pathType: ImplementationSpecific

4673

## @section Thanos Receive Distributor parameters

4674

receiveDistributor:

4675

## @param receiveDistributor.enabled Enable/disable Thanos Receive Distributor component

4676

4677

enabled: false

4678

## @param receiveDistributor.logLevel Thanos Receive Distributor log level

4679

4680

logLevel: info

4681

## @param receiveDistributor.logFormat Thanos Receive Distributor log format

4682

4683

logFormat: logfmt

4684

## @param receiveDistributor.replicaLabel Label to treat as a replica indicator along which data is de-duplicated

4685

4686

replicaLabel: replica

4687

## @param receiveDistributor.replicationProtocol Thanos Receive Distributor replication-protocol

4688

## ref: https://thanos.io/tip/components/receive.md/#replication-protocols

4689

4690

replicationProtocol: capnproto

4691

## @param receiveDistributor.replicationFactor Thanos Receive Distributor replication-factor

4692

4693

replicationFactor: 1

4694

## @param receiveDistributor.extraEnvVars Extra environment variables for Thanos Receive Distributor container

4695

## e.g:

4696

## extraEnvVars:

4697

## - name: FOO

4698

## value: "bar"

4699

4700

extraEnvVars: []

4701

## @param receiveDistributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes

4702

4703

extraEnvVarsCM: ""

4704

## @param receiveDistributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes

4705

4706

extraEnvVarsSecret: ""

4707

## @param receiveDistributor.extraFlags Extra Flags to passed to Thanos Receive Distributor

4708

4709

extraFlags: []

4710

## @param receiveDistributor.command Override default container command (useful when using custom images)

4711

4712

command: []

4713

## @param receiveDistributor.args Override default container args (useful when using custom images)

4714

4715

args: []

4716

## @param receiveDistributor.replicaCount Number of Thanos Receive Distributor replicas to deploy

4717

4718

replicaCount: 1

4719

## @param receiveDistributor.revisionHistoryLimit The number of old history to retain to allow rollback

4720

4721

revisionHistoryLimit: 10

4722

## @param receiveDistributor.updateStrategy.type Update strategy type for Thanos Receive Distributor replicas

4723

4724

updateStrategy:

4725

type: RollingUpdate

4726

## K8s Pod Security Context for Thanos Receive Distributor pods

4727

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

4728

## @param receiveDistributor.podSecurityContext.enabled Enable security context for the Thanos Receive Distributor pods

4729

## @param receiveDistributor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

4730

## @param receiveDistributor.podSecurityContext.sysctls Set kernel settings using the sysctl interface

4731

## @param receiveDistributor.podSecurityContext.supplementalGroups Set filesystem extra groups

4732

## @param receiveDistributor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive Distributor pods

4733

4734

podSecurityContext:

4735

enabled: true

4736

fsGroupChangePolicy: Always

4737

sysctls: []

4738

supplementalGroups: []

4739

fsGroup: 1001

4740

## K8s containers' Security Context for Thanos Receive Distributor containers

4741

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

4742

## @param receiveDistributor.containerSecurityContext.enabled Enabled containers' Security Context

4743

## @param receiveDistributor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

4744

## @param receiveDistributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

4745

## @param receiveDistributor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

4746

## @param receiveDistributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

4747

## @param receiveDistributor.containerSecurityContext.privileged Set container's Security Context privileged

4748

## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

4749

## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

4750

## @param receiveDistributor.containerSecurityContext.capabilities.drop List of capabilities to be dropped

4751

## @param receiveDistributor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

4752

4753

containerSecurityContext:

4754

enabled: true

4755

seLinuxOptions: {}

4756

runAsUser: 1001

4757

runAsGroup: 1001

4758

runAsNonRoot: true

4759

privileged: false

4760

readOnlyRootFilesystem: true

4761

allowPrivilegeEscalation: false

4762

capabilities:

4763

drop: ["ALL"]

4764

seccompProfile:

4765

type: "RuntimeDefault"

4766

## Thanos Receive Distributor containers' resource requests and limits

4767

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

4768

## @param receiveDistributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receiveDistributor.resources is set (receiveDistributor.resources is recommended for production).

4769

4770

resourcesPreset: "nano"

4771

## @param receiveDistributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

4772

## Example:

4773

## resources:

4774

## requests:

4775

## cpu: 2

4776

## memory: 512Mi

4777

## limits:

4778

## cpu: 3

4779

## memory: 1024Mi

4780

4781

resources: {}

4782

## Configure extra options for Thanos Receive Distributor containers' liveness and readiness probes

4783

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

4784

## @param receiveDistributor.livenessProbe.enabled Enable livenessProbe on Thanos Receive Distributor containers

4785

## @param receiveDistributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

4786

## @param receiveDistributor.livenessProbe.periodSeconds Period seconds for livenessProbe

4787

## @param receiveDistributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

4788

## @param receiveDistributor.livenessProbe.failureThreshold Failure threshold for livenessProbe

4789

## @param receiveDistributor.livenessProbe.successThreshold Success threshold for livenessProbe

4790

4791

livenessProbe:

4792

enabled: true

4793

initialDelaySeconds: 30

4794

timeoutSeconds: 30

4795

periodSeconds: 10

4796

successThreshold: 1

4797

failureThreshold: 6

4798

## @param receiveDistributor.readinessProbe.enabled Enable readinessProbe on Thanos Receive Distributor containers

4799

## @param receiveDistributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

4800

## @param receiveDistributor.readinessProbe.periodSeconds Period seconds for readinessProbe

4801

## @param receiveDistributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

4802

## @param receiveDistributor.readinessProbe.failureThreshold Failure threshold for readinessProbe

4803

## @param receiveDistributor.readinessProbe.successThreshold Success threshold for readinessProbe

4804

4805

readinessProbe:

4806

enabled: true

4807

initialDelaySeconds: 30

4808

timeoutSeconds: 30

4809

periodSeconds: 10

4810

successThreshold: 1

4811

failureThreshold: 6

4812

## @param receiveDistributor.startupProbe.enabled Enable startupProbe on Thanos Receive Distributor containers

4813

## @param receiveDistributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

4814

## @param receiveDistributor.startupProbe.periodSeconds Period seconds for startupProbe

4815

## @param receiveDistributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe

4816

## @param receiveDistributor.startupProbe.failureThreshold Failure threshold for startupProbe

4817

## @param receiveDistributor.startupProbe.successThreshold Success threshold for startupProbe

4818

4819

startupProbe:

4820

enabled: false

4821

initialDelaySeconds: 5

4822

periodSeconds: 5

4823

timeoutSeconds: 1

4824

failureThreshold: 15

4825

successThreshold: 1

4826

## @param receiveDistributor.customLivenessProbe Custom livenessProbe that overrides the default one

4827

4828

customLivenessProbe: {}

4829

## @param receiveDistributor.customReadinessProbe Custom readinessProbe that overrides the default one

4830

4831

customReadinessProbe: {}

4832

## @param receiveDistributor.customStartupProbe Custom startupProbe that overrides the default one

4833

4834

customStartupProbe: {}

4835

## @param receiveDistributor.terminationGracePeriodSeconds for the Thanos Receive containers(s) to extend the grace period

4836

4837

terminationGracePeriodSeconds: ""

4838

## @param receiveDistributor.initContainers Add additional init containers to the Thanos Receive Distributor pods

4839

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

4840

## e.g:

4841

## initContainers:

4842

## - name: your-image-name

4843

## image: your-image

4844

## imagePullPolicy: Always

4845

## command: ['sh', '-c', 'echo "hello world"']

4846

4847

initContainers: []

4848

## @param receiveDistributor.sidecars Extra containers running as sidecars to Thanos Receive Distributor pods

4849

## e.g:

4850

## sidecars:

4851

## - name: your-image-name

4852

## image: your-image

4853

## imagePullPolicy: Always

4854

## ports:

4855

## - name: portname

4856

## containerPort: 1234

4857

4858

sidecars: []

4859

## @param receiveDistributor.extraVolumes Extra volumes to add to Thanos Receive Distributor

4860

4861

extraVolumes: []

4862

## @param receiveDistributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container

4863

4864

extraVolumeMounts: []

4865

## @param receiveDistributor.podAffinityPreset Thanos Receive pod affinity preset

4866

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

4867

## Allowed values: soft, hard

4868

4869

podAffinityPreset: ""

4870

## @param receiveDistributor.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard`

4871

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

4872

4873

podAntiAffinityPreset: soft

4874

## Thanos Receive node affinity preset

4875

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

4876

4877

nodeAffinityPreset:

4878

## @param receiveDistributor.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard`

4879

4880

type: ""

4881

## @param receiveDistributor.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set.

4882

## e.g:

4883

## key: "kubernetes.io/e2e-az-name"

4884

4885

key: ""

4886

## @param receiveDistributor.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set.

4887

## e.g:

4888

## values:

4889

## - e2e-az1

4890

## - e2e-az2

4891

4892

values: []

4893

## @param receiveDistributor.affinity Thanos Receive Distributor affinity for pod assignment

4894

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

4895

## Note: receiveDistributor.podAffinityPreset, receiveDistributor.podAntiAffinityPreset, and receiveDistributor.nodeAffinityPreset will be ignored when it's set

4896

4897

affinity: {}

4898

## @param receiveDistributor.nodeSelector Thanos Receive Distributor node labels for pod assignment

4899

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

4900

4901

nodeSelector: {}

4902

## @param receiveDistributor.tolerations Thanos Receive Distributor tolerations for pod assignment

4903

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

4904

4905

tolerations: []

4906

## @param receiveDistributor.podLabels Thanos Receive Distributor pod labels

4907

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

4908

4909

podLabels: {}

4910

## @param receiveDistributor.podAnnotations Annotations for Thanos Receive Distributor pods

4911

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

4912

4913

podAnnotations: {}

4914

## @param receiveDistributor.dnsConfig Deployment pod DNS config

4915

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

4916

## E.g.

4917

## dnsConfig:

4918

## options:

4919

## - name: ndots

4920

## value: "4"

4921

## - name: single-request-reopen

4922

4923

dnsConfig: {}

4924

## @param receiveDistributor.dnsPolicy Deployment pod DNS policy

4925

## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/

4926

## E.g.

4927

## dnsPolicy: ClusterFirstWithHostNet

4928

4929

dnsPolicy: ""

4930

## @param receiveDistributor.hostAliases Deployment pod host aliases

4931

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

4932

4933

hostAliases: []

4934

## @param receiveDistributor.lifecycleHooks for the Thanos Receive Distributor container(s) to automate configuration before or after startup

4935

4936

lifecycleHooks: {}

4937

## @param receiveDistributor.priorityClassName Thanos Receive Distributor priorityClassName

4938

## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

4939

4940

priorityClassName: ""

4941

## @param receiveDistributor.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods

4942

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

4943

4944

schedulerName: ""

4945

## @param receiveDistributor.topologySpreadConstraints Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains

4946

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

4947

4948

topologySpreadConstraints: []

4949

## @param receiveDistributor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment

4950

4951

automountServiceAccountToken: true

4952

## ServiceAccount configuration

4953

## @param receiveDistributor.serviceAccount.create Specifies whether a ServiceAccount should be created

4954

## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.

4955

## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account

4956

## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token

4957

4958

serviceAccount:

4959

create: true

4960

4961

annotations: {}

4962

automountServiceAccountToken: false

4963

## Thanos Receive Distributor Autoscaling configuration

4964

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

4965

## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor

4966

## @param receiveDistributor.autoscaling.minReplicas Minimum number of Thanos Receive Distributor replicas

4967

## @param receiveDistributor.autoscaling.maxReplicas Maximum number of Thanos Receive Distributor replicas

4968

## @param receiveDistributor.autoscaling.targetCPU Target CPU utilization percentage

4969

## @param receiveDistributor.autoscaling.targetMemory Target Memory utilization percentage

4970

## @param receiveDistributor.autoscaling.behavior HPA Behavior

4971

## @param receiveDistributor.externalAutoscaler Specifies whether the Thanos Receive Distributor deployment is scaled by an external autoscaler

4972

4973

autoscaling:

4974

enabled: false

4975

minReplicas: ""

4976

maxReplicas: ""

4977

targetCPU: ""

4978

targetMemory: ""

4979

behavior: {}

4980

externalAutoscaler: false

4981

## Thanos Receive Distributor Pod Disruption Budget configuration

4982

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

4983

## @param receiveDistributor.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor

4984

## @param receiveDistributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

4985

## @param receiveDistributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

4986

4987

pdb:

4988

create: true

4989

minAvailable: ""

4990

maxUnavailable: ""

4991

## @section Metrics parameters

4992

4993

## Prometheus metrics

4994

4995

metrics:

4996

## @param metrics.enabled Enable the export of Prometheus metrics

4997

4998

enabled: false

4999

## Prometheus Operator ServiceMonitor configuration

5000

5001

serviceMonitor:

5002

## @param metrics.serviceMonitor.enabled Specify if a ServiceMonitor will be deployed for Prometheus Operator

5003

5004

enabled: false

5005

## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running

5006

5007

namespace: ""

5008

## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor

5009

5010

labels: {}

5011

## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus

5012

5013

jobLabel: ""

5014

## @param metrics.serviceMonitor.interval How frequently to scrape metrics

5015

## e.g:

5016

## interval: 10s

5017

5018

interval: ""

5019

## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

5020

## e.g:

5021

## scrapeTimeout: 10s

5022

5023

scrapeTimeout: ""

5024

## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics

5025

5026

metricRelabelings: []

5027

## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling

5028

5029

relabelings: []

5030

## @param metrics.serviceMonitor.selector Prometheus instance selector labels

5031

5032

selector: {}

5033

## @param metrics.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor

5034

## (e.g. tlsConfig for further customization of the HTTPS behavior)

5035

## Note that the 'scheme' is automatically set to 'https' when the 'https.enabled' flag is used in this chart.

5036

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint

5037

5038

extraParameters: {}

5039

## PrometheusRule CRD configuration

5040

5041

prometheusRule:

5042

## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`)

5043

5044

enabled: false

5045

## Configure prometheus rules

5046

5047

default:

5048

## @extra metrics.prometheusRule.default.absent_rules Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5049

## @extra metrics.prometheusRule.default.compaction Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5050

## @extra metrics.prometheusRule.default.query Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5051

## @extra metrics.prometheusRule.default.receive Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5052

## @extra metrics.prometheusRule.default.replicate Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5053

## @extra metrics.prometheusRule.default.ruler Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5054

## @extra metrics.prometheusRule.default.sidecar Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5055

## @param metrics.prometheusRule.default.sidecarJobRegex Allows the customization of the thanos-sidecar job name to use in the sidecar prometheus alerts

5056

sidecarJobRegex: ".*thanos-sidecar.*"

5057

## @extra metrics.prometheusRule.default.store_gateway Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)

5058

## @param metrics.prometheusRule.default.create would create all default prometheus alerts

5059

5060

create: false

5061

## @extra metrics.prometheusRule.default.disabled.ThanosCompactIsDown Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true

5062

## @extra metrics.prometheusRule.default.disabled.ThanosQueryIsDown Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true

5063

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveIsDown Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true

5064

## @extra metrics.prometheusRule.default.disabled.ThanosRuleIsDown Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true

5065

## @extra metrics.prometheusRule.default.disabled.ThanosSidecarIsDown Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true

5066

## @extra metrics.prometheusRule.default.disabled.ThanosStoreIsDown Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true

5067

## @extra metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true

5068

## @extra metrics.prometheusRule.default.disabled.ThanosCompactHalted Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true

5069

## @extra metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true

5070

## @extra metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true

5071

## @extra metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true

5072

## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5073

## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5074

## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5075

## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5076

## @extra metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5077

## @extra metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5078

## @extra metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5079

## @extra metrics.prometheusRule.default.disabled.ThanosQueryOverload Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true

5080

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5081

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5082

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5083

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5084

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5085

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5086

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5087

## @extra metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5088

## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5089

## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true

5090

## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5091

## @extra metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5092

## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5093

## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5094

## @extra metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5095

## @extra metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5096

## @extra metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5097

## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5098

## @extra metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5099

## @extra metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5100

## @extra metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true

5101

## @extra metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true

5102

## @extra metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true

5103

## @extra metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true

5104

## @extra metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true

5105

## @extra metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true

5106

## @extra metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true

5107

## @param metrics.prometheusRule.default.disabled disable one specific prometheus alert rule

5108

5109

disabled: {}

5110

## @param metrics.prometheusRule.runbookUrl Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules

5111

5112

runbookUrl: "https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-"

5113

## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created

5114

5115

namespace: ""

5116

## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule

5117

5118

additionalLabels: {}

5119

## @param metrics.prometheusRule.groups Prometheus Rule Groups for Thanos components

5120

## These are just examples rules, please adapt them to your needs.

5121

## groups:

5122

## - name: Compactor

5123

## rules:

5124

## - alert: ThanosCompactMultipleRunning

5125

## annotations:

5126

## description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running.

5127

## runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompactmultiplerunning

5128

## summary: Thanos Compact has multiple instances running.

5129

## expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1

5130

## for: 5m

5131

## labels:

5132

## severity: warning

5133

groups: []

5134

## @section Volume Permissions parameters

5135

5136

## 'volumePermissions' init container parameters

5137

## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values

5138

## based on the *podSecurityContext/*containerSecurityContext parameters

5139

5140

volumePermissions:

5141

## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`

5142

5143

enabled: false

5144

## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry

5145

## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository

5146

## @skip volumePermissions.image.tag Init container volume-permissions image tag

5147

## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

5148

## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy

5149

## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array

5150

5151

image:

5152

registry: cgr.dev

5153

repository: chainguard-private/os-shell-iamguarded

5154

tag: 1.0.0

5155

digest: ""

5156

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

5157

5158

pullPolicy: IfNotPresent

5159

## Optionally specify an array of imagePullSecrets.

5160

## Secrets must be manually created in the namespace.

5161

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

5162

## e.g:

5163

## pullSecrets:

5164

## - myRegistryKeySecretName

5165

5166

pullSecrets: []

5167

## @section MinIO® chart parameters

5168

minio:

5169

## @param minio.enabled Enable/disable MinIO® chart installation

5170

## to be used as an objstore for Thanos

5171

5172

enabled: false

5173

## MinIO® authentication parameters

5174

5175

auth:

5176

## @param minio.auth.rootUser MinIO® root username

5177

5178

rootUser: admin

5179

## @param minio.auth.rootPassword Password for MinIO® root user

5180

5181

rootPassword: ""

5182

## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create

5183

5184

defaultBuckets: "thanos"

5185

## MinIO® containers' resource requests and limits

5186

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

5187

## We usually recommend not to specify default resources and to leave this as a conscious

5188

## choice for the user. This also increases chances charts run on environments with little

5189

## resources, such as Minikube. If you do want to specify resources, uncomment the following

5190

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

5191

## @param minio.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).

5192

5193

resourcesPreset: "micro"

5194

## @param minio.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

5195

## Example:

5196

## resources:

5197

## requests:

5198

## cpu: 2

5199

## memory: 512Mi

5200

## limits:

5201

## cpu: 3

5202

## memory: 1024Mi

5203

5204

resources: {}

5205

image:

5206

registry: cgr.dev

5207

repository: chainguard-private/minio-iamguarded

5208

tag: 0.20251015.172955

5209

digest: ""

5210

clientImage:

5211

registry: cgr.dev

5212

repository: chainguard-private/minio-client-iamguarded

5213

tag: 0.20250813.083541

5214

digest: ""

5215

defaultInitContainers:

5216

volumePermissions:

5217

image:

5218

registry: cgr.dev

5219

repository: chainguard-private/os-shell-iamguarded

5220

tag: 1.0.0

5221

digest: ""

5222

## @param minio.console.enabled Enable MinIO® Console

5223

5224

console:

5225

enabled: false

5226

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

thanos

The trusted source for open source

Product

Solutions

Customers

Resources

Company