Refactor Prometheus setup

Preferring Kustomize to make last-mile alterations, instead of relying
on the Helm template generation, allows the helm chart to be included in
the base.

deploy/base/kustomization.yaml

@@ -15,3 +15,9 @@ helmCharts:
           annotations:
             prometheus.io/scrape: "true"
             prometheus.io/port: "10254"
+- name: prometheus
+  version: "15.8.5"
+  repo: https://prometheus-community.github.io/helm-charts
+  includeCRDs: true
+  releaseName: prometheus
+  valuesInline: {}

deploy/dev/kustomization.yaml

@@ -4,29 +4,11 @@ resources:
 - ../base
 - svc-db.yaml
 
-helmCharts:
-# Currently, Kustomize does not support inflating Helm charts with multiple values files.
-# See: https://github.com/kubernetes-sigs/kustomize/issues/4219
-# This is required by the Prometheus chart which builds a long stringified
-# prometheus.yml config based on these values. This config file is difficult to
-# patch later. For now, the best solution is to define the helm chart in full
-# in both dev and prod stages.
-- name: prometheus
-  version: "15.8.5"
-  repo: https://prometheus-community.github.io/helm-charts
-  includeCRDs: true
-  releaseName: prometheus
-  valuesInline: {}
-- name: postgresql
-  version: "11.1.25"
-  repo: https://charts.bitnami.com/bitnami
-  releaseName: postgresql
-  valuesInline:
-    metrics:
-      enabled: true
-    auth:
-      database: default
-      postgresPassword: testme
+configMapGenerator:
+- name: prometheus-server
+  behavior: merge
+  files:
+  - prometheus.yml=prometheus.yaml
 
 patches:
 # Patch the ingress-nginx deployment to allow it to use a service with a

deploy/dev/prometheus.yaml

@@ -0,0 +1,310 @@
+global:
+  evaluation_interval: 1m
+  scrape_interval: 1m
+  scrape_timeout: 10s
+rule_files:
+- /etc/config/recording_rules.yml
+- /etc/config/alerting_rules.yml
+- /etc/config/rules
+- /etc/config/alerts
+scrape_configs:
+- job_name: prometheus
+  static_configs:
+  - targets:
+    - localhost:9090
+- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  job_name: kubernetes-apiservers
+  kubernetes_sd_configs:
+  - role: endpoints
+  relabel_configs:
+  - action: keep
+    regex: default;kubernetes;https
+    source_labels:
+    - __meta_kubernetes_namespace
+    - __meta_kubernetes_service_name
+    - __meta_kubernetes_endpoint_port_name
+  scheme: https
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    insecure_skip_verify: true
+- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  job_name: kubernetes-nodes
+  kubernetes_sd_configs:
+  - role: node
+  relabel_configs:
+  - action: labelmap
+    regex: __meta_kubernetes_node_label_(.+)
+  - replacement: kubernetes.default.svc:443
+    target_label: __address__
+  - regex: (.+)
+    replacement: /api/v1/nodes/$1/proxy/metrics
+    source_labels:
+    - __meta_kubernetes_node_name
+    target_label: __metrics_path__
+  scheme: https
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    insecure_skip_verify: true
+- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  job_name: kubernetes-nodes-cadvisor
+  kubernetes_sd_configs:
+  - role: node
+  relabel_configs:
+  - action: labelmap
+    regex: __meta_kubernetes_node_label_(.+)
+  - replacement: kubernetes.default.svc:443
+    target_label: __address__
+  - regex: (.+)
+    replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+    source_labels:
+    - __meta_kubernetes_node_name
+    target_label: __metrics_path__
+  scheme: https
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    insecure_skip_verify: true
+- honor_labels: true
+  job_name: kubernetes-service-endpoints
+  kubernetes_sd_configs:
+  - role: endpoints
+  relabel_configs:
+  - action: keep
+    regex: true
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_scrape
+  - action: drop
+    regex: true
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
+  - action: replace
+    regex: (https?)
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_scheme
+    target_label: __scheme__
+  - action: replace
+    regex: (.+)
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_path
+    target_label: __metrics_path__
+  - action: replace
+    regex: ([^:]+)(?::\d+)?;(\d+)
+    replacement: $1:$2
+    source_labels:
+    - __address__
+    - __meta_kubernetes_service_annotation_prometheus_io_port
+    target_label: __address__
+  - action: labelmap
+    regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
+    replacement: __param_$1
+  - action: labelmap
+    regex: __meta_kubernetes_service_label_(.+)
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_namespace
+    target_label: namespace
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_service_name
+    target_label: service
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_pod_node_name
+    target_label: node
+- honor_labels: true
+  job_name: kubernetes-service-endpoints-slow
+  kubernetes_sd_configs:
+  - role: endpoints
+  relabel_configs:
+  - action: keep
+    regex: true
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
+  - action: replace
+    regex: (https?)
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_scheme
+    target_label: __scheme__
+  - action: replace
+    regex: (.+)
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_path
+    target_label: __metrics_path__
+  - action: replace
+    regex: ([^:]+)(?::\d+)?;(\d+)
+    replacement: $1:$2
+    source_labels:
+    - __address__
+    - __meta_kubernetes_service_annotation_prometheus_io_port
+    target_label: __address__
+  - action: labelmap
+    regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
+    replacement: __param_$1
+  - action: labelmap
+    regex: __meta_kubernetes_service_label_(.+)
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_namespace
+    target_label: namespace
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_service_name
+    target_label: service
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_pod_node_name
+    target_label: node
+  scrape_interval: 5m
+  scrape_timeout: 30s
+- honor_labels: true
+  job_name: prometheus-pushgateway
+  kubernetes_sd_configs:
+  - role: service
+  relabel_configs:
+  - action: keep
+    regex: pushgateway
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_probe
+- honor_labels: true
+  job_name: kubernetes-services
+  kubernetes_sd_configs:
+  - role: service
+  metrics_path: /probe
+  params:
+    module:
+    - http_2xx
+  relabel_configs:
+  - action: keep
+    regex: true
+    source_labels:
+    - __meta_kubernetes_service_annotation_prometheus_io_probe
+  - source_labels:
+    - __address__
+    target_label: __param_target
+  - replacement: blackbox
+    target_label: __address__
+  - source_labels:
+    - __param_target
+    target_label: instance
+  - action: labelmap
+    regex: __meta_kubernetes_service_label_(.+)
+  - source_labels:
+    - __meta_kubernetes_namespace
+    target_label: namespace
+  - source_labels:
+    - __meta_kubernetes_service_name
+    target_label: service
+- honor_labels: true
+  job_name: kubernetes-pods
+  kubernetes_sd_configs:
+  - role: pod
+  relabel_configs:
+  - action: keep
+    regex: true
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_scrape
+  - action: drop
+    regex: true
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
+  - action: replace
+    regex: (https?)
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_scheme
+    target_label: __scheme__
+  - action: replace
+    regex: (.+)
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_path
+    target_label: __metrics_path__
+  - action: replace
+    regex: ([^:]+)(?::\d+)?;(\d+)
+    replacement: $1:$2
+    source_labels:
+    - __address__
+    - __meta_kubernetes_pod_annotation_prometheus_io_port
+    target_label: __address__
+  - action: labelmap
+    regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
+    replacement: __param_$1
+  - action: labelmap
+    regex: __meta_kubernetes_pod_label_(.+)
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_namespace
+    target_label: namespace
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_pod_name
+    target_label: pod
+  - action: drop
+    regex: Pending|Succeeded|Failed|Completed
+    source_labels:
+    - __meta_kubernetes_pod_phase
+- honor_labels: true
+  job_name: kubernetes-pods-slow
+  kubernetes_sd_configs:
+  - role: pod
+  relabel_configs:
+  - action: keep
+    regex: true
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
+  - action: replace
+    regex: (https?)
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_scheme
+    target_label: __scheme__
+  - action: replace
+    regex: (.+)
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_path
+    target_label: __metrics_path__
+  - action: replace
+    regex: ([^:]+)(?::\d+)?;(\d+)
+    replacement: $1:$2
+    source_labels:
+    - __address__
+    - __meta_kubernetes_pod_annotation_prometheus_io_port
+    target_label: __address__
+  - action: labelmap
+    regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
+    replacement: __param_$1
+  - action: labelmap
+    regex: __meta_kubernetes_pod_label_(.+)
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_namespace
+    target_label: namespace
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_pod_name
+    target_label: pod
+  - action: drop
+    regex: Pending|Succeeded|Failed|Completed
+    source_labels:
+    - __meta_kubernetes_pod_phase
+  scrape_interval: 5m
+  scrape_timeout: 30s
+alerting:
+  alertmanagers:
+  - kubernetes_sd_configs:
+      - role: pod
+    tls_config:
+      ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+    relabel_configs:
+    - source_labels: [__meta_kubernetes_namespace]
+      regex: default
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_label_app]
+      regex: prometheus
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_label_component]
+      regex: alertmanager
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe]
+      regex: .*
+      action: keep
+    - source_labels: [__meta_kubernetes_pod_container_port_number]
+      regex: "9093"
+      action: keep

deploy/prod/charts/prometheus/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-
-OWNERS

deploy/prod/charts/prometheus/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: kube-state-metrics
-  repository: https://prometheus-community.github.io/helm-charts
-  version: 4.7.0
-digest: sha256:1ae96f01358013a1ef2df0a83c215f1c8390f10fcb64f6d014d1cd00eb7d7eeb
-generated: "2022-04-20T09:25:53.255019562Z"

deploy/prod/charts/prometheus/Chart.yaml

@@ -1,28 +0,0 @@
-apiVersion: v2
-appVersion: 2.34.0
-dependencies:
-- condition: kubeStateMetrics.enabled
-  name: kube-state-metrics
-  repository: https://prometheus-community.github.io/helm-charts
-  version: 4.7.*
-description: Prometheus is a monitoring system and time series database.
-home: https://prometheus.io/
-icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
-maintainers:
-- email: gianrubio@gmail.com
-  name: gianrubio
-- email: zanhsieh@gmail.com
-  name: zanhsieh
-- email: miroslav.hadzhiev@gmail.com
-  name: Xtigyro
-- email: naseem@transit.app
-  name: naseemkullah
-name: prometheus
-sources:
-- https://github.com/prometheus/alertmanager
-- https://github.com/prometheus/prometheus
-- https://github.com/prometheus/pushgateway
-- https://github.com/prometheus/node_exporter
-- https://github.com/kubernetes/kube-state-metrics
-type: application
-version: 15.8.5

deploy/prod/charts/prometheus/README.md

@@ -1,226 +0,0 @@
-# Prometheus
-
-[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
-
-This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes 1.16+
-- Helm 3+
-
-## Get Repo Info
-
-```console
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Install Chart
-
-```console
-helm install [RELEASE_NAME] prometheus-community/prometheus
-```
-
-_See [configuration](#configuration) below._
-
-_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
-
-## Dependencies
-
-By default this chart installs additional, dependent charts:
-
-- [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
-
-To disable the dependency during installation, set `kubeStateMetrics.enabled` to `false`.
-
-_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
-
-## Uninstall Chart
-
-```console
-helm uninstall [RELEASE_NAME]
-```
-
-This removes all the Kubernetes components associated with the chart and deletes the release.
-
-_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
-
-## Upgrading Chart
-
-```console
-helm upgrade [RELEASE_NAME] [CHART] --install
-```
-
-_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
-
-### To 15.0
-
-Version 15.0.0 changes the relabeling config, aligning it with the [Prometheus community conventions](https://github.com/prometheus/prometheus/pull/9832). If you've made manual changes to the relabeling config, you have to adapt your changes.
-
-Before you update please execute the following command, to be able to update kube-state-metrics:
-
-```bash
-kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
-```
-
-### To 9.0
-
-Version 9.0 adds a new option to enable or disable the Prometheus Server. This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. To install the server `server.enabled` must be set to `true`.
-
-### To 5.0
-
-As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
-
-Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/).
-
-Users of this chart will need to update their alerting rules to the new format before they can upgrade.
-
-### Example Migration
-
-Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following:
-
-1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below:
-
-  ```yaml
-  alertmanager:
-    enabled: false
-  alertmanagerFiles:
-    alertmanager.yml: ""
-  kubeStateMetrics:
-    enabled: false
-  nodeExporter:
-    enabled: false
-  pushgateway:
-    enabled: false
-  server:
-    extraArgs:
-      storage.local.retention: 720h
-  serverFiles:
-    alerts: ""
-    prometheus.yml: ""
-    rules: ""
-  ```
-
-1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target.
-
-   ```yaml
-    prometheus.yml:
-      ...
-      remote_read:
-      - url: http://prometheus-old/api/v1/read
-      ...
-   ```
-
-   Old data will be available when you query the new prometheus instance.
-
-## Configuration
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
-
-```console
-helm show values prometheus-community/prometheus
-```
-
-You may similarly use the above configuration commands on each chart [dependency](#dependencies) to see it's configurations.
-
-### Scraping Pod Metrics via Annotations
-
-This chart uses a default configuration that causes prometheus to scrape a variety of kubernetes resource types, provided they have the correct annotations. In this section we describe how to configure pods to be scraped; for information on how other resource types can be scraped you can do a `helm template` to get the kubernetes resource definitions, and then reference the prometheus configuration in the ConfigMap against the prometheus documentation for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config).
-
-In order to get prometheus to scrape pods, you must add annotations to the the pods as below:
-
-```yaml
-metadata:
-  annotations:
-    prometheus.io/scrape: "true"
-    prometheus.io/path: /metrics
-    prometheus.io/port: "8080"
-```
-
-You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. `prometheus.io/port` should be set to the port that your pod serves metrics from. Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be enclosed in double quotes.
-
-### Sharing Alerts Between Services
-
-Note that when [installing](#install-chart) or [upgrading](#upgrading-chart) you may use multiple values override files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example,
-
-```yaml
-# values.yaml
-# ...
-
-# service1-alert.yaml
-serverFiles:
-  alerts:
-    service1:
-      - alert: anAlert
-      # ...
-
-# service2-alert.yaml
-serverFiles:
-  alerts:
-    service2:
-      - alert: anAlert
-      # ...
-```
-
-```console
-helm install [RELEASE_NAME] prometheus-community/prometheus -f values.yaml -f service1-alert.yaml -f service2-alert.yaml
-```
-
-### RBAC Configuration
-
-Roles and RoleBindings resources will be created automatically for `server` service.
-
-To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account.
-
-> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
-
-### ConfigMap Files
-
-AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
-
-Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.
-
-### Ingress TLS
-
-If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
-
-To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
-
-```console
-kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key
-```
-
-Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file:
-
-```yaml
-server:
-  ingress:
-    ## If true, Prometheus server Ingress will be created
-    ##
-    enabled: true
-
-    ## Prometheus server Ingress hostnames
-    ## Must be provided if Ingress is enabled
-    ##
-    hosts:
-      - prometheus.domain.com
-
-    ## Prometheus server Ingress TLS configuration
-    ## Secrets must be manually created in the namespace
-    ##
-    tls:
-      - secretName: prometheus-server-tls
-        hosts:
-          - prometheus.domain.com
-```
-
-### NetworkPolicy
-
-Enabling Network Policy for Prometheus will secure connections to Alert Manager and Kube State Metrics by only accepting connections from Prometheus Server. All inbound connections to Prometheus Server are still allowed.
-
-To enable network policy for Prometheus, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true.
-
-If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need to manually create a networkpolicy which allows it.

deploy/prod/charts/prometheus/charts/kube-state-metrics/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

deploy/prod/charts/prometheus/charts/kube-state-metrics/Chart.yaml

@@ -1,21 +0,0 @@
-apiVersion: v2
-appVersion: 2.4.1
-description: Install kube-state-metrics to generate and expose cluster-level metrics
-home: https://github.com/kubernetes/kube-state-metrics/
-keywords:
-- metric
-- monitoring
-- prometheus
-- kubernetes
-maintainers:
-- email: tariq.ibrahim@mulesoft.com
-  name: tariq1890
-- email: manuel@rueg.eu
-  name: mrueg
-- email: davidcalvertfr@gmail.com
-  name: dotdc
-name: kube-state-metrics
-sources:
-- https://github.com/kubernetes/kube-state-metrics/
-type: application
-version: 4.7.0

deploy/prod/charts/prometheus/charts/kube-state-metrics/README.md

@@ -1,68 +0,0 @@
-# kube-state-metrics Helm Chart
-
-Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
-
-## Get Repo Info
-
-```console
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Install Chart
-
-```console
-helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
-```
-
-_See [configuration](#configuration) below._
-
-_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
-
-## Uninstall Chart
-
-```console
-helm uninstall [RELEASE_NAME]
-```
-
-This removes all the Kubernetes components associated with the chart and deletes the release.
-
-_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
-
-## Upgrading Chart
-
-```console
-helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
-```
-
-_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
-
-### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
-
-You can upgrade in-place:
-
-1. [get repo info](#get-repo-info)
-1. [upgrade](#upgrading-chart) your existing release name using the new chart repo
-
-
-## Upgrading to v3.0.0
-
-v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
-
-The upgraded chart now the following changes:
-* Dropped support for helm v2 (helm v3 or later is required)
-* collectors key was renamed to resources
-* namespace key was renamed to namespaces
-
-
-## Configuration
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
-
-```console
-helm show values prometheus-community/kube-state-metrics
-```
-
-You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options.

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt

@@ -1,10 +0,0 @@
-kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
-The exposed metrics can be found here:
-https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
-
-The metrics are exported on the HTTP endpoint /metrics on the listening port.
-In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
-
-They are served either as plaintext or protobuf depending on the Accept header.
-They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
-

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl

@@ -1,82 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "kube-state-metrics.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kube-state-metrics.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "kube-state-metrics.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Allow the release namespace to be overridden for multi-namespace deployments in combined charts
-*/}}
-{{- define "kube-state-metrics.namespace" -}}
-  {{- if .Values.namespaceOverride -}}
-    {{- .Values.namespaceOverride -}}
-  {{- else -}}
-    {{- .Release.Namespace -}}
-  {{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kube-state-metrics.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Generate basic labels
-*/}}
-{{- define "kube-state-metrics.labels" }}
-helm.sh/chart: {{ template "kube-state-metrics.chart" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/component: metrics
-app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }}
-{{- include "kube-state-metrics.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels }}
-{{- end }}
-{{- if .Values.releaseLabel }}
-release: {{ .Release.Name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "kube-state-metrics.selectorLabels" }}
-app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-  name: {{ template "kube-state-metrics.fullname" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-{{- if .Values.rbac.useExistingRole }}
-  name: {{ .Values.rbac.useExistingRole }}
-{{- else }}
-  name: {{ template "kube-state-metrics.fullname" . }}
-{{- end }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "kube-state-metrics.serviceAccountName" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- end -}}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml

@@ -1,151 +0,0 @@
-apiVersion: apps/v1
-{{- if .Values.autosharding.enabled }}
-kind: StatefulSet
-{{- else }}
-kind: Deployment
-{{- end }}
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
-  replicas: {{ .Values.replicas }}
-  {{- if .Values.autosharding.enabled }}
-  serviceName: {{ template "kube-state-metrics.fullname" . }}
-  volumeClaimTemplates: []
-  {{- end }}
-  template:
-    metadata:
-      labels:
-        {{- include "kube-state-metrics.labels" . | indent 8 }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-{{ toYaml .Values.podAnnotations | indent 8 }}
-      {{- end }}
-    spec:
-      hostNetwork: {{ .Values.hostNetwork }}
-      serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
-      {{- if .Values.securityContext.enabled }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-        runAsGroup: {{ .Values.securityContext.runAsGroup }}
-        runAsUser: {{ .Values.securityContext.runAsUser }}
-      {{- end }}
-    {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-    {{- end }}
-      containers:
-      - name: {{ .Chart.Name }}
-        {{- if .Values.autosharding.enabled }}
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        {{- end }}
-        args:
-        {{-  if .Values.extraArgs  }}
-        {{- range .Values.extraArgs  }}
-        - {{ . }}
-        {{- end  }}
-        {{-  end  }}
-        {{- if .Values.service.port }}
-        - --port={{ .Values.service.port | default 8080}}
-        {{-  end  }}
-        {{-  if .Values.collectors  }}
-        - --resources={{ .Values.collectors | join "," }}
-        {{-  end  }}
-        {{- if .Values.metricLabelsAllowlist }}
-        - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }}
-        {{- end }}
-        {{- if .Values.metricAnnotationsAllowList }}
-        - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }}
-        {{- end }}
-        {{- if .Values.metricAllowlist }}
-        - --metric-allowlist={{ .Values.metricAllowlist | join "," }}
-        {{- end }}
-        {{- if .Values.metricDenylist }}
-        - --metric-denylist={{ .Values.metricDenylist | join "," }}
-        {{- end }}
-        {{- if .Values.namespaces }}
-        - --namespaces={{ tpl (.Values.namespaces | join ",") $ }}
-        {{- end }}
-        {{- if .Values.namespacesDenylist }}
-        - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }}
-        {{- end }}
-        {{- if .Values.autosharding.enabled }}
-        - --pod=$(POD_NAME)
-        - --pod-namespace=$(POD_NAMESPACE)
-        {{- end }}
-        {{- if .Values.kubeconfig.enabled }}
-        - --kubeconfig=/opt/k8s/.kube/config
-        {{- end }}
-        {{- if .Values.selfMonitor.telemetryHost }}
-        - --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
-        {{- end }}
-        - --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }}
-        {{- if .Values.kubeconfig.enabled }}
-        volumeMounts:
-        - name: kubeconfig
-          mountPath: /opt/k8s/.kube/
-          readOnly: true
-        {{- end }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: {{ .Values.service.port | default 8080}}
-          name: "http"
-        {{- if .Values.selfMonitor.enabled }}
-        - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
-          name: "metrics"
-        {{- end }}
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: {{ .Values.service.port | default 8080}}
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        readinessProbe:
-          httpGet:
-            path: /
-            port: {{ .Values.service.port | default 8080}}
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        {{- if .Values.resources }}
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
-{{- end }}
-{{- if .Values.containerSecurityContext }}
-        securityContext:
-{{ toYaml .Values.containerSecurityContext | indent 10 }}
-{{- end }}
-{{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
-      {{- end }}
-      {{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
-      {{- end }}
-      {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
-      {{- end }}
-      {{- if .Values.tolerations }}
-      tolerations:
-{{ toYaml .Values.tolerations | indent 8 }}
-      {{- end }}
-      {{- if .Values.kubeconfig.enabled}}
-      volumes:
-        - name: kubeconfig
-          secret:
-            secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
-      {{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/kubeconfig-secret.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.kubeconfig.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-type: Opaque
-data:
-  config: '{{ .Values.kubeconfig.secret }}'
-{{- end -}}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/pdb.yaml

@@ -1,14 +0,0 @@
-{{- if .Values.podDisruptionBudget -}}
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-{{ toYaml .Values.podDisruptionBudget | indent 2 }}
-{{- end -}}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml

@@ -1,39 +0,0 @@
-{{- if .Values.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-{{- if .Values.podSecurityPolicy.annotations }}
-  annotations:
-{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
-{{- end }}
-spec:
-  privileged: false
-  volumes:
-    - 'secret'
-{{- if .Values.podSecurityPolicy.additionalVolumes }}
-{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
-{{- end }}
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAsNonRoot'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false
-{{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml

@@ -1,19 +0,0 @@
-{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-  name: psp-{{ template "kube-state-metrics.fullname" . }}
-rules:
-{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
-{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
-- apiGroups: ['policy']
-{{- else }}
-- apiGroups: ['extensions']
-{{- end }}
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "kube-state-metrics.fullname" . }}
-{{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml

@@ -1,16 +0,0 @@
-{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-  name: psp-{{ template "kube-state-metrics.fullname" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp-{{ template "kube-state-metrics.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kube-state-metrics.serviceAccountName" . }}
-    namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/role.yaml

@@ -1,187 +0,0 @@
-{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
-{{- range (ternary (split "," .Values.namespaces) (list "") (eq $.Values.rbac.useClusterRole false)) }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if eq $.Values.rbac.useClusterRole false }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  labels:
-    {{- include "kube-state-metrics.labels" $ | indent 4 }}
-  name: {{ template "kube-state-metrics.fullname" $ }}
-{{- if eq $.Values.rbac.useClusterRole false }}
-  namespace: {{ . }}
-{{- end }}
-rules:
-{{ if has "certificatesigningrequests" $.Values.collectors }}
-- apiGroups: ["certificates.k8s.io"]
-  resources:
-  - certificatesigningrequests
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "configmaps" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - configmaps
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "cronjobs" $.Values.collectors }}
-- apiGroups: ["batch"]
-  resources:
-  - cronjobs
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "daemonsets" $.Values.collectors }}
-- apiGroups: ["extensions", "apps"]
-  resources:
-  - daemonsets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "deployments" $.Values.collectors }}
-- apiGroups: ["extensions", "apps"]
-  resources:
-  - deployments
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "endpoints" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - endpoints
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "horizontalpodautoscalers" $.Values.collectors }}
-- apiGroups: ["autoscaling"]
-  resources:
-  - horizontalpodautoscalers
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "ingresses" $.Values.collectors }}
-- apiGroups: ["extensions", "networking.k8s.io"]
-  resources:
-  - ingresses
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "jobs" $.Values.collectors }}
-- apiGroups: ["batch"]
-  resources:
-  - jobs
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "limitranges" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - limitranges
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "mutatingwebhookconfigurations" $.Values.collectors }}
-- apiGroups: ["admissionregistration.k8s.io"]
-  resources:
-    - mutatingwebhookconfigurations
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "namespaces" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - namespaces
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "networkpolicies" $.Values.collectors }}
-- apiGroups: ["networking.k8s.io"]
-  resources:
-  - networkpolicies
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "nodes" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - nodes
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "persistentvolumeclaims" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - persistentvolumeclaims
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "persistentvolumes" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - persistentvolumes
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "poddisruptionbudgets" $.Values.collectors }}
-- apiGroups: ["policy"]
-  resources:
-    - poddisruptionbudgets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "pods" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "replicasets" $.Values.collectors }}
-- apiGroups: ["extensions", "apps"]
-  resources:
-  - replicasets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "replicationcontrollers" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - replicationcontrollers
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "resourcequotas" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - resourcequotas
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "secrets" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - secrets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "services" $.Values.collectors }}
-- apiGroups: [""]
-  resources:
-  - services
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "statefulsets" $.Values.collectors }}
-- apiGroups: ["apps"]
-  resources:
-  - statefulsets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "storageclasses" $.Values.collectors }}
-- apiGroups: ["storage.k8s.io"]
-  resources:
-    - storageclasses
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "validatingwebhookconfigurations" $.Values.collectors }}
-- apiGroups: ["admissionregistration.k8s.io"]
-  resources:
-    - validatingwebhookconfigurations
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "volumeattachments" $.Values.collectors }}
-- apiGroups: ["storage.k8s.io"]
-  resources:
-    - volumeattachments
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if has "verticalpodautoscalers" $.Values.collectors }}
-- apiGroups: ["autoscaling.k8s.io"]
-  resources:
-    - verticalpodautoscalers
-  verbs: ["list", "watch"]
-{{ end -}}
-{{- end -}}
-{{- end -}}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/rolebinding.yaml

@@ -1,24 +0,0 @@
-{{- if and (eq  .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
-{{- range (split "," $.Values.namespaces) }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    {{- include "kube-state-metrics.labels" $ | indent 4 }}
-  name: {{ template "kube-state-metrics.fullname" $ }}
-  namespace: {{ . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-{{- if (not $.Values.rbac.useExistingRole) }}
-  name: {{ template "kube-state-metrics.fullname" $ }}
-{{- else }}
-  name: {{ $.Values.rbac.useExistingRole }}
-{{- end }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "kube-state-metrics.serviceAccountName" $ }}
-  namespace: {{ template "kube-state-metrics.namespace" $ }}
-{{- end -}}
-{{- end -}}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/service.yaml

@@ -1,38 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-  annotations:
-    {{- if .Values.prometheusScrape }}
-    prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
-    {{- end }}
-    {{- if .Values.service.annotations }}
-    {{- toYaml .Values.service.annotations | nindent 4 }}
-    {{- end }}
-spec:
-  type: "{{ .Values.service.type }}"
-  ports:
-  - name: "http"
-    protocol: TCP
-    port: {{ .Values.service.port | default 8080}}
-  {{- if .Values.service.nodePort }}
-    nodePort: {{ .Values.service.nodePort }}
-  {{- end }}
-    targetPort: {{ .Values.service.port | default 8080}}
-  {{ if .Values.selfMonitor.enabled }}
-  - name: "metrics"
-    protocol: TCP
-    port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
-    targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
-  {{ end }}
-{{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
-{{- end }}
-{{- if .Values.service.clusterIP }}
-  clusterIP: "{{ .Values.service.clusterIP }}"
-{{- end }}
-  selector:
-    {{- include "kube-state-metrics.selectorLabels" . | indent 4 }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-  name: {{ template "kube-state-metrics.serviceAccountName" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- if .Values.serviceAccount.annotations }}
-  annotations:
-{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
-{{- end }}
-imagePullSecrets:
-{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
-{{- end -}}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml

@@ -1,66 +0,0 @@
-{{- if .Values.prometheus.monitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-  {{- with .Values.prometheus.monitor.additionalLabels }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
-  selector:
-    matchLabels:
-    {{- if .Values.prometheus.monitor.selectorOverride -}}
-      {{ toYaml .Values.prometheus.monitor.selectorOverride | nindent 6 }}
-    {{ else }}
-      {{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
-    {{- end }}
-  endpoints:
-    - port: http
-    {{- if .Values.prometheus.monitor.interval }}
-      interval: {{ .Values.prometheus.monitor.interval }}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.scrapeTimeout }}
-      scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.proxyUrl }}
-      proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.honorLabels }}
-      honorLabels: true
-    {{- end }}
-    {{- if .Values.prometheus.monitor.metricRelabelings }}
-      metricRelabelings:
-        {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.relabelings }}
-      relabelings:
-        {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
-    {{- end }}
-  {{- if .Values.selfMonitor.enabled }}
-    - port: metrics
-    {{- if .Values.prometheus.monitor.interval }}
-      interval: {{ .Values.prometheus.monitor.interval }}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.scrapeTimeout }}
-      scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.proxyUrl }}
-      proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.honorLabels }}
-      honorLabels: true
-    {{- end }}
-    {{- if .Values.prometheus.monitor.metricRelabelings }}
-      metricRelabelings:
-        {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
-    {{- end }}
-    {{- if .Values.prometheus.monitor.relabelings }}
-      relabelings:
-        {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
-    {{- end }}
-  {{- end }}
-{{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml

@@ -1,26 +0,0 @@
-{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resourceNames:
-  - {{ template "kube-state-metrics.fullname" . }}
-  resources:
-  - statefulsets
-  verbs:
-  - get
-  - list
-  - watch
-{{- end }}

deploy/prod/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml

@@ -1,17 +0,0 @@
-{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    {{- include "kube-state-metrics.labels" . | indent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kube-state-metrics.serviceAccountName" . }}
-    namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- end }}