Inflate Prometheus chart manually
This commit is contained in:
parent
3b12d6ebfb
commit
74d2abafad
|
@ -1,4 +1,4 @@
|
|||
.PHONY: dev prod
|
||||
.PHONY: dev prod inflate
|
||||
|
||||
dev:
|
||||
@kubectl kustomize --enable-helm dev
|
||||
|
@ -9,3 +9,10 @@ prod: load-prod-env
|
|||
load-prod-env:
|
||||
$(eval include prod/secrets/env)
|
||||
$(eval export)
|
||||
|
||||
# Usage: make inflate name=prometheus chart=prometheus-community/prometheus
|
||||
inflate:
|
||||
@rm -rf -- base/inflated/$(name)
|
||||
@helm template $(name) $(chart) --output-dir base/inflated
|
||||
@echo "YAML files for kustomzation.yaml:"
|
||||
@find base/inflated/$(name) -iname '*.yaml' -exec realpath --relative-to base {} \;
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
||||
OWNERS
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.7.0
|
||||
digest: sha256:1ae96f01358013a1ef2df0a83c215f1c8390f10fcb64f6d014d1cd00eb7d7eeb
|
||||
generated: "2022-04-20T09:25:53.255019562Z"
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: 2.34.0
|
||||
dependencies:
|
||||
- condition: kubeStateMetrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.7.*
|
||||
description: Prometheus is a monitoring system and time series database.
|
||||
home: https://prometheus.io/
|
||||
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||
maintainers:
|
||||
- email: gianrubio@gmail.com
|
||||
name: gianrubio
|
||||
- email: zanhsieh@gmail.com
|
||||
name: zanhsieh
|
||||
- email: miroslav.hadzhiev@gmail.com
|
||||
name: Xtigyro
|
||||
- email: naseem@transit.app
|
||||
name: naseemkullah
|
||||
name: prometheus
|
||||
sources:
|
||||
- https://github.com/prometheus/alertmanager
|
||||
- https://github.com/prometheus/prometheus
|
||||
- https://github.com/prometheus/pushgateway
|
||||
- https://github.com/prometheus/node_exporter
|
||||
- https://github.com/kubernetes/kube-state-metrics
|
||||
type: application
|
||||
version: 15.8.5
|
|
@ -1,226 +0,0 @@
|
|||
# Prometheus
|
||||
|
||||
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
|
||||
|
||||
This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.16+
|
||||
- Helm 3+
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] prometheus-community/prometheus
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Dependencies
|
||||
|
||||
By default this chart installs additional, dependent charts:
|
||||
|
||||
- [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
|
||||
|
||||
To disable the dependency during installation, set `kubeStateMetrics.enabled` to `false`.
|
||||
|
||||
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
helm uninstall [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] [CHART] --install
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
### To 15.0
|
||||
|
||||
Version 15.0.0 changes the relabeling config, aligning it with the [Prometheus community conventions](https://github.com/prometheus/prometheus/pull/9832). If you've made manual changes to the relabeling config, you have to adapt your changes.
|
||||
|
||||
Before you update please execute the following command, to be able to update kube-state-metrics:
|
||||
|
||||
```bash
|
||||
kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
|
||||
```
|
||||
|
||||
### To 9.0
|
||||
|
||||
Version 9.0 adds a new option to enable or disable the Prometheus Server. This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. To install the server `server.enabled` must be set to `true`.
|
||||
|
||||
### To 5.0
|
||||
|
||||
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
|
||||
|
||||
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/).
|
||||
|
||||
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
|
||||
|
||||
### Example Migration
|
||||
|
||||
Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following:
|
||||
|
||||
1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below:
|
||||
|
||||
```yaml
|
||||
alertmanager:
|
||||
enabled: false
|
||||
alertmanagerFiles:
|
||||
alertmanager.yml: ""
|
||||
kubeStateMetrics:
|
||||
enabled: false
|
||||
nodeExporter:
|
||||
enabled: false
|
||||
pushgateway:
|
||||
enabled: false
|
||||
server:
|
||||
extraArgs:
|
||||
storage.local.retention: 720h
|
||||
serverFiles:
|
||||
alerts: ""
|
||||
prometheus.yml: ""
|
||||
rules: ""
|
||||
```
|
||||
|
||||
1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target.
|
||||
|
||||
```yaml
|
||||
prometheus.yml:
|
||||
...
|
||||
remote_read:
|
||||
- url: http://prometheus-old/api/v1/read
|
||||
...
|
||||
```
|
||||
|
||||
Old data will be available when you query the new prometheus instance.
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
|
||||
|
||||
```console
|
||||
helm show values prometheus-community/prometheus
|
||||
```
|
||||
|
||||
You may similarly use the above configuration commands on each chart [dependency](#dependencies) to see it's configurations.
|
||||
|
||||
### Scraping Pod Metrics via Annotations
|
||||
|
||||
This chart uses a default configuration that causes prometheus to scrape a variety of kubernetes resource types, provided they have the correct annotations. In this section we describe how to configure pods to be scraped; for information on how other resource types can be scraped you can do a `helm template` to get the kubernetes resource definitions, and then reference the prometheus configuration in the ConfigMap against the prometheus documentation for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config).
|
||||
|
||||
In order to get prometheus to scrape pods, you must add annotations to the the pods as below:
|
||||
|
||||
```yaml
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: /metrics
|
||||
prometheus.io/port: "8080"
|
||||
```
|
||||
|
||||
You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. `prometheus.io/port` should be set to the port that your pod serves metrics from. Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be enclosed in double quotes.
|
||||
|
||||
### Sharing Alerts Between Services
|
||||
|
||||
Note that when [installing](#install-chart) or [upgrading](#upgrading-chart) you may use multiple values override files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example,
|
||||
|
||||
```yaml
|
||||
# values.yaml
|
||||
# ...
|
||||
|
||||
# service1-alert.yaml
|
||||
serverFiles:
|
||||
alerts:
|
||||
service1:
|
||||
- alert: anAlert
|
||||
# ...
|
||||
|
||||
# service2-alert.yaml
|
||||
serverFiles:
|
||||
alerts:
|
||||
service2:
|
||||
- alert: anAlert
|
||||
# ...
|
||||
```
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] prometheus-community/prometheus -f values.yaml -f service1-alert.yaml -f service2-alert.yaml
|
||||
```
|
||||
|
||||
### RBAC Configuration
|
||||
|
||||
Roles and RoleBindings resources will be created automatically for `server` service.
|
||||
|
||||
To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account.
|
||||
|
||||
> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
|
||||
|
||||
### ConfigMap Files
|
||||
|
||||
AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
|
||||
|
||||
Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.
|
||||
|
||||
### Ingress TLS
|
||||
|
||||
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
|
||||
|
||||
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
|
||||
|
||||
```console
|
||||
kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key
|
||||
```
|
||||
|
||||
Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file:
|
||||
|
||||
```yaml
|
||||
server:
|
||||
ingress:
|
||||
## If true, Prometheus server Ingress will be created
|
||||
##
|
||||
enabled: true
|
||||
|
||||
## Prometheus server Ingress hostnames
|
||||
## Must be provided if Ingress is enabled
|
||||
##
|
||||
hosts:
|
||||
- prometheus.domain.com
|
||||
|
||||
## Prometheus server Ingress TLS configuration
|
||||
## Secrets must be manually created in the namespace
|
||||
##
|
||||
tls:
|
||||
- secretName: prometheus-server-tls
|
||||
hosts:
|
||||
- prometheus.domain.com
|
||||
```
|
||||
|
||||
### NetworkPolicy
|
||||
|
||||
Enabling Network Policy for Prometheus will secure connections to Alert Manager and Kube State Metrics by only accepting connections from Prometheus Server. All inbound connections to Prometheus Server are still allowed.
|
||||
|
||||
To enable network policy for Prometheus, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true.
|
||||
|
||||
If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need to manually create a networkpolicy which allows it.
|
|
@ -1,21 +0,0 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
|
@ -1,21 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: 2.4.1
|
||||
description: Install kube-state-metrics to generate and expose cluster-level metrics
|
||||
home: https://github.com/kubernetes/kube-state-metrics/
|
||||
keywords:
|
||||
- metric
|
||||
- monitoring
|
||||
- prometheus
|
||||
- kubernetes
|
||||
maintainers:
|
||||
- email: tariq.ibrahim@mulesoft.com
|
||||
name: tariq1890
|
||||
- email: manuel@rueg.eu
|
||||
name: mrueg
|
||||
- email: davidcalvertfr@gmail.com
|
||||
name: dotdc
|
||||
name: kube-state-metrics
|
||||
sources:
|
||||
- https://github.com/kubernetes/kube-state-metrics/
|
||||
type: application
|
||||
version: 4.7.0
|
|
@ -1,68 +0,0 @@
|
|||
# kube-state-metrics Helm Chart
|
||||
|
||||
Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
helm uninstall [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags]
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
|
||||
|
||||
You can upgrade in-place:
|
||||
|
||||
1. [get repo info](#get-repo-info)
|
||||
1. [upgrade](#upgrading-chart) your existing release name using the new chart repo
|
||||
|
||||
|
||||
## Upgrading to v3.0.0
|
||||
|
||||
v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
|
||||
|
||||
The upgraded chart now the following changes:
|
||||
* Dropped support for helm v2 (helm v3 or later is required)
|
||||
* collectors key was renamed to resources
|
||||
* namespace key was renamed to namespaces
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
|
||||
|
||||
```console
|
||||
helm show values prometheus-community/kube-state-metrics
|
||||
```
|
||||
|
||||
You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options.
|
|
@ -1,10 +0,0 @@
|
|||
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
|
||||
The exposed metrics can be found here:
|
||||
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
|
||||
|
||||
The metrics are exported on the HTTP endpoint /metrics on the listening port.
|
||||
In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
|
||||
|
||||
They are served either as plaintext or protobuf depending on the Accept header.
|
||||
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
|
||||
|
|
@ -1,82 +0,0 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate basic labels
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.labels" }}
|
||||
helm.sh/chart: {{ template "kube-state-metrics.chart" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }}
|
||||
{{- include "kube-state-metrics.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels }}
|
||||
{{- end }}
|
||||
{{- if .Values.releaseLabel }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.selectorLabels" }}
|
||||
app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
|
@ -1,20 +0,0 @@
|
|||
{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
{{- if .Values.rbac.useExistingRole }}
|
||||
name: {{ .Values.rbac.useExistingRole }}
|
||||
{{- else }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end -}}
|
|
@ -1,151 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
kind: StatefulSet
|
||||
{{- else }}
|
||||
kind: Deployment
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
serviceName: {{ template "kube-state-metrics.fullname" . }}
|
||||
volumeClaimTemplates: []
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 8 }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
hostNetwork: {{ .Values.hostNetwork }}
|
||||
serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
runAsGroup: {{ .Values.securityContext.runAsGroup }}
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- end }}
|
||||
args:
|
||||
{{- if .Values.extraArgs }}
|
||||
{{- range .Values.extraArgs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.port }}
|
||||
- --port={{ .Values.service.port | default 8080}}
|
||||
{{- end }}
|
||||
{{- if .Values.collectors }}
|
||||
- --resources={{ .Values.collectors | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.metricLabelsAllowlist }}
|
||||
- --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.metricAnnotationsAllowList }}
|
||||
- --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.metricAllowlist }}
|
||||
- --metric-allowlist={{ .Values.metricAllowlist | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.metricDenylist }}
|
||||
- --metric-denylist={{ .Values.metricDenylist | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.namespaces }}
|
||||
- --namespaces={{ tpl (.Values.namespaces | join ",") $ }}
|
||||
{{- end }}
|
||||
{{- if .Values.namespacesDenylist }}
|
||||
- --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }}
|
||||
{{- end }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
- --pod=$(POD_NAME)
|
||||
- --pod-namespace=$(POD_NAMESPACE)
|
||||
{{- end }}
|
||||
{{- if .Values.kubeconfig.enabled }}
|
||||
- --kubeconfig=/opt/k8s/.kube/config
|
||||
{{- end }}
|
||||
{{- if .Values.selfMonitor.telemetryHost }}
|
||||
- --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
|
||||
{{- end }}
|
||||
- --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||
{{- if .Values.kubeconfig.enabled }}
|
||||
volumeMounts:
|
||||
- name: kubeconfig
|
||||
mountPath: /opt/k8s/.kube/
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
ports:
|
||||
- containerPort: {{ .Values.service.port | default 8080}}
|
||||
name: "http"
|
||||
{{- if .Values.selfMonitor.enabled }}
|
||||
- containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||
name: "metrics"
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.service.port | default 8080}}
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.port | default 8080}}
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
{{- if .Values.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.containerSecurityContext | indent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeconfig.enabled}}
|
||||
volumes:
|
||||
- name: kubeconfig
|
||||
secret:
|
||||
secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||
{{- end }}
|
|
@ -1,12 +0,0 @@
|
|||
{{- if .Values.kubeconfig.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
config: '{{ .Values.kubeconfig.secret }}'
|
||||
{{- end -}}
|
|
@ -1,14 +0,0 @@
|
|||
{{- if .Values.podDisruptionBudget -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
||||
{{- end -}}
|
|
@ -1,39 +0,0 @@
|
|||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
{{- if .Values.podSecurityPolicy.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
volumes:
|
||||
- 'secret'
|
||||
{{- if .Values.podSecurityPolicy.additionalVolumes }}
|
||||
{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
|
||||
{{- end }}
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'MustRunAsNonRoot'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
|
@ -1,19 +0,0 @@
|
|||
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
rules:
|
||||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
|
||||
- apiGroups: ['policy']
|
||||
{{- else }}
|
||||
- apiGroups: ['extensions']
|
||||
{{- end }}
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "kube-state-metrics.fullname" . }}
|
||||
{{- end }}
|
|
@ -1,16 +0,0 @@
|
|||
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end }}
|
|
@ -1,24 +0,0 @@
|
|||
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
|
||||
{{- range (split "," $.Values.namespaces) }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" $ | indent 4 }}
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
namespace: {{ . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
{{- if (not $.Values.rbac.useExistingRole) }}
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
{{- else }}
|
||||
name: {{ $.Values.rbac.useExistingRole }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.serviceAccountName" $ }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" $ }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,38 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.prometheusScrape }}
|
||||
prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
|
||||
{{- end }}
|
||||
{{- if .Values.service.annotations }}
|
||||
{{- toYaml .Values.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: "{{ .Values.service.type }}"
|
||||
ports:
|
||||
- name: "http"
|
||||
protocol: TCP
|
||||
port: {{ .Values.service.port | default 8080}}
|
||||
{{- if .Values.service.nodePort }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
targetPort: {{ .Values.service.port | default 8080}}
|
||||
{{ if .Values.selfMonitor.enabled }}
|
||||
- name: "metrics"
|
||||
protocol: TCP
|
||||
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||
targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||
{{ end }}
|
||||
{{- if .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
|
||||
{{- end }}
|
||||
{{- if .Values.service.clusterIP }}
|
||||
clusterIP: "{{ .Values.service.clusterIP }}"
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "kube-state-metrics.selectorLabels" . | indent 4 }}
|
|
@ -1,15 +0,0 @@
|
|||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- if .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
|
||||
{{- end -}}
|
|
@ -1,66 +0,0 @@
|
|||
{{- if .Values.prometheus.monitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
{{- with .Values.prometheus.monitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- if .Values.prometheus.monitor.selectorOverride -}}
|
||||
{{ toYaml .Values.prometheus.monitor.selectorOverride | nindent 6 }}
|
||||
{{ else }}
|
||||
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
|
||||
{{- end }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- if .Values.prometheus.monitor.interval }}
|
||||
interval: {{ .Values.prometheus.monitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.selfMonitor.enabled }}
|
||||
- port: metrics
|
||||
{{- if .Values.prometheus.monitor.interval }}
|
||||
interval: {{ .Values.prometheus.monitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,26 +0,0 @@
|
|||
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- apps
|
||||
resourceNames:
|
||||
- {{ template "kube-state-metrics.fullname" . }}
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
{{- end }}
|
|
@ -1,17 +0,0 @@
|
|||
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end }}
|
|
@ -1,229 +0,0 @@
|
|||
# Default values for kube-state-metrics.
|
||||
prometheusScrape: true
|
||||
image:
|
||||
repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics
|
||||
tag: v2.4.1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
|
||||
# will be automatically sharded across <.Values.replicas> pods using the built-in
|
||||
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
|
||||
# This is an experimental feature and there are no stability guarantees.
|
||||
autosharding:
|
||||
enabled: false
|
||||
|
||||
replicas: 1
|
||||
|
||||
# List of additional cli arguments to configure kube-state-metrics
|
||||
# for example: --enable-gzip-encoding, --log-file, etc.
|
||||
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
|
||||
extraArgs: []
|
||||
|
||||
service:
|
||||
port: 8080
|
||||
# Default to clusterIP for backward compatibility
|
||||
type: ClusterIP
|
||||
nodePort: 0
|
||||
loadBalancerIP: ""
|
||||
clusterIP: ""
|
||||
annotations: {}
|
||||
|
||||
## Additional labels to add to all resources
|
||||
customLabels: {}
|
||||
# app: kube-state-metrics
|
||||
|
||||
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
|
||||
releaseLabel: false
|
||||
|
||||
hostNetwork: false
|
||||
|
||||
rbac:
|
||||
# If true, create & use RBAC resources
|
||||
create: true
|
||||
|
||||
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
|
||||
# useExistingRole: your-existing-role
|
||||
|
||||
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
|
||||
useClusterRole: true
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created, require rbac true
|
||||
create: true
|
||||
# The name of the ServiceAccount to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
# Reference to one or more secrets to be used when pulling images
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
imagePullSecrets: []
|
||||
# ServiceAccount annotations.
|
||||
# Use case: AWS EKS IAM roles for service accounts
|
||||
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
|
||||
annotations: {}
|
||||
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
jobLabel: ""
|
||||
interval: ""
|
||||
scrapeTimeout: ""
|
||||
proxyUrl: ""
|
||||
selectorOverride: {}
|
||||
honorLabels: false
|
||||
metricRelabelings: []
|
||||
relabelings: []
|
||||
|
||||
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||
##
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
## Specify pod annotations
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
||||
##
|
||||
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
||||
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||
|
||||
additionalVolumes: []
|
||||
|
||||
securityContext:
|
||||
enabled: true
|
||||
runAsGroup: 65534
|
||||
runAsUser: 65534
|
||||
fsGroup: 65534
|
||||
|
||||
## Specify security settings for a Container
|
||||
## Allows overrides and additional options compared to (Pod) securityContext
|
||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
containerSecurityContext: {}
|
||||
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
nodeSelector: {}
|
||||
|
||||
## Affinity settings for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||
affinity: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations: []
|
||||
|
||||
# Annotations to be added to the pod
|
||||
podAnnotations: {}
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName: ""
|
||||
|
||||
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget: {}
|
||||
|
||||
# Comma-separated list of metrics to be exposed.
|
||||
# This list comprises of exact metric names and/or regex patterns.
|
||||
# The allowlist and denylist are mutually exclusive.
|
||||
metricAllowlist: []
|
||||
|
||||
# Comma-separated list of metrics not to be enabled.
|
||||
# This list comprises of exact metric names and/or regex patterns.
|
||||
# The allowlist and denylist are mutually exclusive.
|
||||
metricDenylist: []
|
||||
|
||||
# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
|
||||
# labels metric. By default the metric contains only name and namespace labels.
|
||||
# To include additional labels, provide a list of resource names in their plural form and Kubernetes
|
||||
# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
|
||||
# A single '*' can be provided per resource instead to allow any labels, but that has
|
||||
# severe performance implications (Example: '=pods=[*]').
|
||||
metricLabelsAllowlist: []
|
||||
# - namespaces=[k8s-label-1,k8s-label-n]
|
||||
|
||||
# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
|
||||
# labels metric. By default the metric contains only name and namespace labels.
|
||||
# To include additional annotations provide a list of resource names in their plural form and Kubernetes
|
||||
# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
|
||||
# A single '*' can be provided per resource instead to allow any annotations, but that has
|
||||
# severe performance implications (Example: '=pods=[*]').
|
||||
metricAnnotationsAllowList: []
|
||||
# - pods=[k8s-annotation-1,k8s-annotation-n]
|
||||
|
||||
# Available collectors for kube-state-metrics.
|
||||
# By default, all available resources are enabled, comment out to disable.
|
||||
collectors:
|
||||
- certificatesigningrequests
|
||||
- configmaps
|
||||
- cronjobs
|
||||
- daemonsets
|
||||
- deployments
|
||||
- endpoints
|
||||
- horizontalpodautoscalers
|
||||
- ingresses
|
||||
- jobs
|
||||
- limitranges
|
||||
- mutatingwebhookconfigurations
|
||||
- namespaces
|
||||
- networkpolicies
|
||||
- nodes
|
||||
- persistentvolumeclaims
|
||||
- persistentvolumes
|
||||
- poddisruptionbudgets
|
||||
- pods
|
||||
- replicasets
|
||||
- replicationcontrollers
|
||||
- resourcequotas
|
||||
- secrets
|
||||
- services
|
||||
- statefulsets
|
||||
- storageclasses
|
||||
- validatingwebhookconfigurations
|
||||
- volumeattachments
|
||||
# - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers
|
||||
|
||||
# Enabling kubeconfig will pass the --kubeconfig argument to the container
|
||||
kubeconfig:
|
||||
enabled: false
|
||||
# base64 encoded kube-config file
|
||||
secret:
|
||||
|
||||
# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
|
||||
namespaces: ""
|
||||
|
||||
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
|
||||
# only namespaces that are excluded in namespaces-denylist will be used.
|
||||
namespacesDenylist: ""
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 64Mi
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
|
||||
## For example: kubeTargetVersionOverride: 1.14.9
|
||||
##
|
||||
kubeTargetVersionOverride: ""
|
||||
|
||||
# Enable self metrics configuration for service and Service Monitor
|
||||
# Default values for telemetry configuration can be overridden
|
||||
selfMonitor:
|
||||
enabled: false
|
||||
# telemetryHost: 0.0.0.0
|
||||
# telemetryPort: 8081
|
|
@ -1,112 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster:
|
||||
{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||
|
||||
{{ if .Values.server.ingress.enabled -}}
|
||||
From outside the cluster, the server URL(s) are:
|
||||
{{- range .Values.server.ingress.hosts }}
|
||||
http://{{ . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
Get the Prometheus server URL by running these commands in the same shell:
|
||||
{{- if contains "NodePort" .Values.server.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.server.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }}
|
||||
{{- else if contains "ClusterIP" .Values.server.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.server.persistentVolume.enabled }}
|
||||
{{- else }}
|
||||
#################################################################################
|
||||
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
||||
###### the Server pod is terminated. #####
|
||||
#################################################################################
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{ if .Values.alertmanager.enabled }}
|
||||
The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster:
|
||||
{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||
|
||||
{{ if .Values.alertmanager.ingress.enabled -}}
|
||||
From outside the cluster, the alertmanager URL(s) are:
|
||||
{{- range .Values.alertmanager.ingress.hosts }}
|
||||
http://{{ . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
Get the Alertmanager URL by running these commands in the same shell:
|
||||
{{- if contains "NodePort" .Values.alertmanager.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }}
|
||||
{{- else if contains "ClusterIP" .Values.alertmanager.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.alertmanager.persistentVolume.enabled }}
|
||||
{{- else }}
|
||||
#################################################################################
|
||||
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
||||
###### the AlertManager pod is terminated. #####
|
||||
#################################################################################
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.nodeExporter.podSecurityPolicy.enabled }}
|
||||
{{- else }}
|
||||
#################################################################################
|
||||
###### WARNING: Pod Security Policy has been moved to a global property. #####
|
||||
###### use .Values.podSecurityPolicy.enabled with pod-based #####
|
||||
###### annotations #####
|
||||
###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
|
||||
#################################################################################
|
||||
{{- end }}
|
||||
|
||||
{{ if .Values.pushgateway.enabled }}
|
||||
The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster:
|
||||
{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||
|
||||
{{ if .Values.pushgateway.ingress.enabled -}}
|
||||
From outside the cluster, the pushgateway URL(s) are:
|
||||
{{- range .Values.pushgateway.ingress.hosts }}
|
||||
http://{{ . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
Get the PushGateway URL by running these commands in the same shell:
|
||||
{{- if contains "NodePort" .Values.pushgateway.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}'
|
||||
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }}
|
||||
{{- else if contains "ClusterIP" .Values.pushgateway.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
For more information on running Prometheus, visit:
|
||||
https://prometheus.io/
|
|
@ -1,282 +0,0 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "prometheus.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "prometheus.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create unified labels for prometheus components
|
||||
*/}}
|
||||
{{- define "prometheus.common.matchLabels" -}}
|
||||
app: {{ template "prometheus.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.common.metaLabels" -}}
|
||||
chart: {{ template "prometheus.chart" . }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.alertmanager.labels" -}}
|
||||
{{ include "prometheus.alertmanager.matchLabels" . }}
|
||||
{{ include "prometheus.common.metaLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.alertmanager.matchLabels" -}}
|
||||
component: {{ .Values.alertmanager.name | quote }}
|
||||
{{ include "prometheus.common.matchLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.nodeExporter.labels" -}}
|
||||
{{ include "prometheus.nodeExporter.matchLabels" . }}
|
||||
{{ include "prometheus.common.metaLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.nodeExporter.matchLabels" -}}
|
||||
component: {{ .Values.nodeExporter.name | quote }}
|
||||
{{ include "prometheus.common.matchLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.pushgateway.labels" -}}
|
||||
{{ include "prometheus.pushgateway.matchLabels" . }}
|
||||
{{ include "prometheus.common.metaLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.pushgateway.matchLabels" -}}
|
||||
component: {{ .Values.pushgateway.name | quote }}
|
||||
{{ include "prometheus.common.matchLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.server.labels" -}}
|
||||
{{ include "prometheus.server.matchLabels" . }}
|
||||
{{ include "prometheus.common.metaLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "prometheus.server.matchLabels" -}}
|
||||
component: {{ .Values.server.name | quote }}
|
||||
{{ include "prometheus.common.matchLabels" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "prometheus.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a fully qualified alertmanager name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
|
||||
{{- define "prometheus.alertmanager.fullname" -}}
|
||||
{{- if .Values.alertmanager.fullnameOverride -}}
|
||||
{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a fully qualified node-exporter name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "prometheus.nodeExporter.fullname" -}}
|
||||
{{- if .Values.nodeExporter.fullnameOverride -}}
|
||||
{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a fully qualified Prometheus server name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "prometheus.server.fullname" -}}
|
||||
{{- if .Values.server.fullnameOverride -}}
|
||||
{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a fully qualified pushgateway name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "prometheus.pushgateway.fullname" -}}
|
||||
{{- if .Values.pushgateway.fullnameOverride -}}
|
||||
{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get KubeVersion removing pre-release information.
|
||||
*/}}
|
||||
{{- define "prometheus.kubeVersion" -}}
|
||||
{{- default .Capabilities.KubeVersion.Version (regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" .Capabilities.KubeVersion.Version) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for deployment.
|
||||
*/}}
|
||||
{{- define "prometheus.deployment.apiVersion" -}}
|
||||
{{- print "apps/v1" -}}
|
||||
{{- end -}}
|
||||
{{/*
|
||||
Return the appropriate apiVersion for daemonset.
|
||||
*/}}
|
||||
{{- define "prometheus.daemonset.apiVersion" -}}
|
||||
{{- print "apps/v1" -}}
|
||||
{{- end -}}
|
||||
{{/*
|
||||
Return the appropriate apiVersion for networkpolicy.
|
||||
*/}}
|
||||
{{- define "prometheus.networkPolicy.apiVersion" -}}
|
||||
{{- print "networking.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
{{/*
|
||||
Return the appropriate apiVersion for podsecuritypolicy.
|
||||
*/}}
|
||||
{{- define "prometheus.podSecurityPolicy.apiVersion" -}}
|
||||
{{- print "policy/v1beta1" -}}
|
||||
{{- end -}}
|
||||
{{/*
|
||||
Return the appropriate apiVersion for rbac.
|
||||
*/}}
|
||||
{{- define "rbac.apiVersion" -}}
|
||||
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
|
||||
{{- print "rbac.authorization.k8s.io/v1" -}}
|
||||
{{- else -}}
|
||||
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{/*
|
||||
Return the appropriate apiVersion for ingress.
|
||||
*/}}
|
||||
{{- define "ingress.apiVersion" -}}
|
||||
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "prometheus.kubeVersion" .)) -}}
|
||||
{{- print "networking.k8s.io/v1" -}}
|
||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
|
||||
{{- print "networking.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "extensions/v1beta1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return if ingress is stable.
|
||||
*/}}
|
||||
{{- define "ingress.isStable" -}}
|
||||
{{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return if ingress supports ingressClassName.
|
||||
*/}}
|
||||
{{- define "ingress.supportsIngressClassName" -}}
|
||||
{{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}}
|
||||
{{- end -}}
|
||||
{{/*
|
||||
Return if ingress supports pathType.
|
||||
*/}}
|
||||
{{- define "ingress.supportsPathType" -}}
|
||||
{{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use for the alertmanager component
|
||||
*/}}
|
||||
{{- define "prometheus.serviceAccountName.alertmanager" -}}
|
||||
{{- if .Values.serviceAccounts.alertmanager.create -}}
|
||||
{{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccounts.alertmanager.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use for the nodeExporter component
|
||||
*/}}
|
||||
{{- define "prometheus.serviceAccountName.nodeExporter" -}}
|
||||
{{- if .Values.serviceAccounts.nodeExporter.create -}}
|
||||
{{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccounts.nodeExporter.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use for the pushgateway component
|
||||
*/}}
|
||||
{{- define "prometheus.serviceAccountName.pushgateway" -}}
|
||||
{{- if .Values.serviceAccounts.pushgateway.create -}}
|
||||
{{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccounts.pushgateway.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use for the server component
|
||||
*/}}
|
||||
{{- define "prometheus.serviceAccountName.server" -}}
|
||||
{{- if .Values.serviceAccounts.server.create -}}
|
||||
{{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccounts.server.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Define the prometheus.namespace template if set with forceNamespace or .Release.Namespace is set
|
||||
*/}}
|
||||
{{- define "prometheus.namespace" -}}
|
||||
{{- if .Values.forceNamespace -}}
|
||||
{{ printf "namespace: %s" .Values.forceNamespace }}
|
||||
{{- else -}}
|
||||
{{ printf "namespace: %s" .Release.Namespace }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,21 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole (not .Values.alertmanager.useExistingRole) -}}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
rules:
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
resourceNames:
|
||||
- {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{- else }}
|
||||
[]
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,20 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole -}}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||
{{ include "prometheus.namespace" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
{{- if (not .Values.alertmanager.useExistingRole) }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{- else }}
|
||||
name: {{ .Values.alertmanager.useExistingRole }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,19 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
data:
|
||||
{{- $root := . -}}
|
||||
{{- range $key, $value := .Values.alertmanagerFiles }}
|
||||
{{- if $key | regexMatch ".*\\.ya?ml$" }}
|
||||
{{ $key }}: |
|
||||
{{ toYaml $value | default "{}" | indent 4 }}
|
||||
{{- else }}
|
||||
{{ $key }}: {{ toYaml $value | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,208 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}}
|
||||
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.deploymentAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.alertmanager.replicaCount }}
|
||||
{{- if .Values.alertmanager.strategy }}
|
||||
strategy:
|
||||
{{ toYaml .Values.alertmanager.strategy | trim | indent 4 }}
|
||||
{{ if eq .Values.alertmanager.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
|
||||
{{- if .Values.alertmanager.podLabels}}
|
||||
{{ toYaml .Values.alertmanager.podLabels | nindent 8 }}
|
||||
{{- end}}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.schedulerName }}
|
||||
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||
{{- if .Values.alertmanager.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.alertmanager.extraInitContainers | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
|
||||
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
|
||||
env:
|
||||
{{- range $key, $value := .Values.alertmanager.extraEnv }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $value }}
|
||||
{{- end }}
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
args:
|
||||
- --config.file=/etc/config/{{ .Values.alertmanager.configFileName }}
|
||||
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
|
||||
{{- if .Values.alertmanager.service.enableMeshPeer }}
|
||||
- --cluster.listen-address=0.0.0.0:6783
|
||||
- --cluster.advertise-address=[$(POD_IP)]:6783
|
||||
{{- else }}
|
||||
- --cluster.listen-address=
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.alertmanager.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.baseURL }}
|
||||
- --web.external-url={{ .Values.alertmanager.baseURL }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.clusterPeers }}
|
||||
- --cluster.peer={{ . }}
|
||||
{{- end }}
|
||||
|
||||
ports:
|
||||
- containerPort: 9093
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.alertmanager.prefixURL }}/-/ready
|
||||
port: 9093
|
||||
{{- if .Values.alertmanager.probeHeaders }}
|
||||
httpHeaders:
|
||||
{{- range .Values.alertmanager.probeHeaders }}
|
||||
- name: {{ .name }}
|
||||
value: {{ .value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
resources:
|
||||
{{ toYaml .Values.alertmanager.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
- name: storage-volume
|
||||
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
|
||||
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
|
||||
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.configmapReload.alertmanager.enabled }}
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
|
||||
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
|
||||
args:
|
||||
- --volume-dir=/etc/config
|
||||
- --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload
|
||||
{{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.alertmanager.extraVolumeDirs }}
|
||||
- --volume-dir={{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmapReload.alertmanager.containerPort }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.configmapReload.alertmanager.containerPort }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
readOnly: true
|
||||
{{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
{{- if empty .Values.alertmanager.configFromSecret }}
|
||||
configMap:
|
||||
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
secret:
|
||||
secretName: {{ .Values.alertmanager.configFromSecret }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
- name: storage-volume
|
||||
{{- if .Values.alertmanager.persistentVolume.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir:
|
||||
{{- if .Values.alertmanager.emptyDir.sizeLimit }}
|
||||
sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }}
|
||||
{{- else }}
|
||||
{}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
|
@ -1,31 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.statefulSet.headless.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
{{- if .Values.alertmanager.statefulSet.headless.labels }}
|
||||
{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}-headless
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.alertmanager.statefulSet.headless.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 9093
|
||||
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
|
||||
- name: meshpeer
|
||||
port: 6783
|
||||
protocol: TCP
|
||||
targetPort: 6783
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
|
||||
{{- end }}
|
|
@ -1,57 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}}
|
||||
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
|
||||
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
|
||||
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
|
||||
{{- $releaseName := .Release.Name -}}
|
||||
{{- $serviceName := include "prometheus.alertmanager.fullname" . }}
|
||||
{{- $servicePort := .Values.alertmanager.service.servicePort -}}
|
||||
{{- $ingressPath := .Values.alertmanager.ingress.path -}}
|
||||
{{- $ingressPathType := .Values.alertmanager.ingress.pathType -}}
|
||||
{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}}
|
||||
apiVersion: {{ template "ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if and $ingressSupportsIngressClassName .Values.alertmanager.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.alertmanager.ingress.hosts }}
|
||||
{{- $url := splitList "/" . }}
|
||||
- host: {{ first $url }}
|
||||
http:
|
||||
paths:
|
||||
{{ if $extraPaths }}
|
||||
{{ toYaml $extraPaths | indent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ $ingressPath }}
|
||||
{{- if $ingressSupportsPathType }}
|
||||
pathType: {{ $ingressPathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if $ingressApiIsStable }}
|
||||
service:
|
||||
name: {{ $serviceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if .Values.alertmanager.ingress.tls }}
|
||||
tls:
|
||||
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,20 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}}
|
||||
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
|
||||
- ports:
|
||||
- port: 9093
|
||||
{{- end -}}
|
|
@ -1,14 +0,0 @@
|
|||
{{- if .Values.alertmanager.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
spec:
|
||||
maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 6 }}
|
||||
{{- end }}
|
|
@ -1,46 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.alertmanager.podSecurityPolicy.annotations }}
|
||||
{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'persistentVolumeClaim'
|
||||
- 'emptyDir'
|
||||
- 'secret'
|
||||
allowedHostPaths:
|
||||
- pathPrefix: /etc
|
||||
readOnly: true
|
||||
- pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }}
|
||||
hostNetwork: false
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: true
|
||||
{{- end }}
|
|
@ -1,37 +0,0 @@
|
|||
{{- if not .Values.alertmanager.statefulSet.enabled -}}
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}}
|
||||
{{- if not .Values.alertmanager.persistentVolume.existingClaim -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.persistentVolume.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }}
|
||||
{{- if .Values.alertmanager.persistentVolume.storageClass }}
|
||||
{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }}
|
||||
volumeBindingMode: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
|
||||
{{- if .Values.alertmanager.persistentVolume.selector }}
|
||||
selector:
|
||||
{{- toYaml .Values.alertmanager.persistentVolume.selector | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,24 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) (not .Values.alertmanager.useExistingRole) -}}
|
||||
{{- range $.Values.alertmanager.namespaces }}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" $ | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" $ }}
|
||||
namespace: {{ . }}
|
||||
rules:
|
||||
{{- if $.Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
resourceNames:
|
||||
- {{ template "prometheus.alertmanager.fullname" $ }}
|
||||
{{- else }}
|
||||
[]
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,23 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) -}}
|
||||
{{ range $.Values.alertmanager.namespaces }}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" $ | nindent 4 }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" $ }}
|
||||
namespace: {{ . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus.serviceAccountName.alertmanager" $ }}
|
||||
{{ include "prometheus.namespace" $ | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
{{- if (not $.Values.alertmanager.useExistingRole) }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" $ }}
|
||||
{{- else }}
|
||||
name: {{ $.Values.alertmanager.useExistingRole }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -1,53 +0,0 @@
|
|||
{{- if .Values.alertmanager.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
{{- if .Values.alertmanager.service.labels }}
|
||||
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.service.clusterIP }}
|
||||
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.alertmanager.service.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 9093
|
||||
{{- if .Values.alertmanager.service.nodePort }}
|
||||
nodePort: {{ .Values.alertmanager.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.enableMeshPeer }}
|
||||
- name: meshpeer
|
||||
port: 6783
|
||||
protocol: TCP
|
||||
targetPort: 6783
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
|
||||
{{- if .Values.alertmanager.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
type: "{{ .Values.alertmanager.service.type }}"
|
||||
{{- end }}
|
|
@ -1,11 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccounts.alertmanager.annotations | indent 4 }}
|
||||
{{- end -}}
|
|
@ -1,188 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.statefulSet.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.statefulSet.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
{{- if .Values.alertmanager.statefulSet.labels}}
|
||||
{{ toYaml .Values.alertmanager.statefulSet.labels | nindent 4 }}
|
||||
{{- end}}
|
||||
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.alertmanager.replicaCount }}
|
||||
podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.alertmanager.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
|
||||
{{- if .Values.alertmanager.podLabels}}
|
||||
{{ toYaml .Values.alertmanager.podLabels | nindent 8 }}
|
||||
{{- end}}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.schedulerName }}
|
||||
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||
{{- if .Values.alertmanager.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
|
||||
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
|
||||
env:
|
||||
{{- range $key, $value := .Values.alertmanager.extraEnv }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $value }}
|
||||
{{- end }}
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
args:
|
||||
- --config.file=/etc/config/alertmanager.yml
|
||||
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
|
||||
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
|
||||
- --cluster.advertise-address=[$(POD_IP)]:6783
|
||||
- --cluster.listen-address=0.0.0.0:6783
|
||||
{{- range $n := until (.Values.alertmanager.replicaCount | int) }}
|
||||
- --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- --cluster.listen-address=
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.alertmanager.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.baseURL }}
|
||||
- --web.external-url={{ .Values.alertmanager.baseURL }}
|
||||
{{- end }}
|
||||
|
||||
ports:
|
||||
- containerPort: 9093
|
||||
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
|
||||
- containerPort: 6783
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.alertmanager.prefixURL }}/#/status
|
||||
port: 9093
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
resources:
|
||||
{{ toYaml .Values.alertmanager.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
- name: storage-volume
|
||||
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
|
||||
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
|
||||
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmapReload.alertmanager.enabled }}
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
|
||||
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
|
||||
args:
|
||||
- --volume-dir=/etc/config
|
||||
- --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload
|
||||
{{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmapReload.alertmanager.port }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.configmapReload.alertmanager.port }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
{{- if empty .Values.alertmanager.configFromSecret }}
|
||||
configMap:
|
||||
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
secret:
|
||||
secretName: {{ .Values.alertmanager.configFromSecret }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.persistentVolume.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: storage-volume
|
||||
{{- if .Values.alertmanager.persistentVolume.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
|
||||
{{- if .Values.server.persistentVolume.storageClass }}
|
||||
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- name: storage-volume
|
||||
emptyDir:
|
||||
{{- if .Values.alertmanager.emptyDir.sizeLimit }}
|
||||
sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }}
|
||||
{{- else }}
|
||||
{}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,150 +0,0 @@
|
|||
{{- if .Values.nodeExporter.enabled -}}
|
||||
apiVersion: {{ template "prometheus.daemonset.apiVersion" . }}
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
{{- if .Values.nodeExporter.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }}
|
||||
{{- if .Values.nodeExporter.updateStrategy }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.nodeExporter.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 8 }}
|
||||
{{- if .Values.nodeExporter.pod.labels }}
|
||||
{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
|
||||
{{- if .Values.nodeExporter.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.nodeExporter.extraInitContainers | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}"
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }}
|
||||
image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}"
|
||||
args:
|
||||
- --path.procfs=/host/proc
|
||||
- --path.sysfs=/host/sys
|
||||
{{- if .Values.nodeExporter.hostRootfs }}
|
||||
- --path.rootfs=/host/root
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.hostNetwork }}
|
||||
- --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.nodeExporter.extraArgs }}
|
||||
{{- if $value }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- else }}
|
||||
- --{{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
{{- if .Values.nodeExporter.hostNetwork }}
|
||||
containerPort: {{ .Values.nodeExporter.service.hostPort }}
|
||||
{{- else }}
|
||||
containerPort: 9100
|
||||
{{- end }}
|
||||
hostPort: {{ .Values.nodeExporter.service.hostPort }}
|
||||
resources:
|
||||
{{ toYaml .Values.nodeExporter.resources | indent 12 }}
|
||||
{{- if .Values.nodeExporter.container.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.nodeExporter.container.securityContext | indent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: proc
|
||||
mountPath: /host/proc
|
||||
readOnly: true
|
||||
- name: sys
|
||||
mountPath: /host/sys
|
||||
readOnly: true
|
||||
{{- if .Values.nodeExporter.hostRootfs }}
|
||||
- name: root
|
||||
mountPath: /host/root
|
||||
mountPropagation: HostToContainer
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- range .Values.nodeExporter.extraHostPathMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- if .mountPropagation }}
|
||||
mountPropagation: {{ .mountPropagation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.nodeExporter.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.hostNetwork }}
|
||||
hostNetwork: true
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.hostPID }}
|
||||
hostPID: true
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.nodeExporter.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeExporter.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.nodeExporter.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- if .Values.nodeExporter.hostRootfs }}
|
||||
- name: root
|
||||
hostPath:
|
||||
path: /
|
||||
{{- end }}
|
||||
{{- range .Values.nodeExporter.extraHostPathMounts }}
|
||||
- name: {{ .name }}
|
||||
hostPath:
|
||||
path: {{ .hostPath }}
|
||||
{{- end }}
|
||||
{{- range .Values.nodeExporter.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
|
@ -1,55 +0,0 @@
|
|||
{{- if and .Values.nodeExporter.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.nodeExporter.podSecurityPolicy.annotations }}
|
||||
{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'hostPath'
|
||||
- 'secret'
|
||||
allowedHostPaths:
|
||||
- pathPrefix: /proc
|
||||
readOnly: true
|
||||
- pathPrefix: /sys
|
||||
readOnly: true
|
||||
- pathPrefix: /
|
||||
readOnly: true
|
||||
{{- range .Values.nodeExporter.extraHostPathMounts }}
|
||||
- pathPrefix: {{ .hostPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.nodeExporter.hostNetwork }}
|
||||
hostPID: {{ .Values.nodeExporter.hostPID }}
|
||||
hostIPC: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
hostPorts:
|
||||
- min: 1
|
||||
max: 65535
|
||||
{{- end }}
|
|
@ -1,17 +0,0 @@
|
|||
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
|
||||
{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
rules:
|
||||
- apiGroups: ['extensions']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,19 +0,0 @@
|
|||
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,11 +0,0 @@
|
|||
{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccounts.nodeExporter.annotations | indent 4 }}
|
||||
{{- end -}}
|
|
@ -1,47 +0,0 @@
|
|||
{{- if .Values.nodeExporter.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.nodeExporter.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||
{{- if .Values.nodeExporter.service.labels }}
|
||||
{{ toYaml .Values.nodeExporter.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if .Values.nodeExporter.service.clusterIP }}
|
||||
clusterIP: {{ .Values.nodeExporter.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
{{- if .Values.nodeExporter.hostNetwork }}
|
||||
port: {{ .Values.nodeExporter.service.hostPort }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.nodeExporter.service.hostPort }}
|
||||
{{- else }}
|
||||
port: {{ .Values.nodeExporter.service.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 9100
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }}
|
||||
type: "{{ .Values.nodeExporter.service.type }}"
|
||||
{{- end -}}
|
|
@ -1,21 +0,0 @@
|
|||
{{- if and .Values.pushgateway.enabled .Values.rbac.create -}}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
rules:
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
resourceNames:
|
||||
- {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{- else }}
|
||||
[]
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,16 +0,0 @@
|
|||
{{- if and .Values.pushgateway.enabled .Values.rbac.create -}}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
|
||||
{{ include "prometheus.namespace" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{- end }}
|
|
@ -1,119 +0,0 @@
|
|||
{{- if .Values.pushgateway.enabled -}}
|
||||
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
{{- if .Values.pushgateway.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.pushgateway.deploymentAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
selector:
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: "{{ .Values.schedulerName }}"
|
||||
{{- end }}
|
||||
matchLabels:
|
||||
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.pushgateway.replicaCount }}
|
||||
{{- if .Values.pushgateway.strategy }}
|
||||
strategy:
|
||||
{{ toYaml .Values.pushgateway.strategy | trim | indent 4 }}
|
||||
{{ if eq .Values.pushgateway.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.pushgateway.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.pushgateway.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 8 }}
|
||||
{{- if .Values.pushgateway.podLabels }}
|
||||
{{ toYaml .Values.pushgateway.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }}
|
||||
{{- if .Values.pushgateway.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.pushgateway.extraInitContainers | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.pushgateway.priorityClassName }}"
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }}
|
||||
image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}"
|
||||
args:
|
||||
{{- range $key, $value := .Values.pushgateway.extraArgs }}
|
||||
{{- $stringvalue := toString $value }}
|
||||
{{- if eq $stringvalue "true" }}
|
||||
- --{{ $key }}
|
||||
{{- else }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: 9091
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
|
||||
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy
|
||||
{{- else }}
|
||||
path: /-/healthy
|
||||
{{- end }}
|
||||
port: 9091
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
|
||||
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready
|
||||
{{- else }}
|
||||
path: /-/ready
|
||||
{{- end }}
|
||||
port: 9091
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 10
|
||||
resources:
|
||||
{{ toYaml .Values.pushgateway.resources | indent 12 }}
|
||||
{{- if .Values.pushgateway.persistentVolume.enabled }}
|
||||
volumeMounts:
|
||||
- name: storage-volume
|
||||
mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}"
|
||||
subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}"
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.pushgateway.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.pushgateway.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.pushgateway.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.pushgateway.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.persistentVolume.enabled }}
|
||||
volumes:
|
||||
- name: storage-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
|
@ -1,54 +0,0 @@
|
|||
{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}}
|
||||
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
|
||||
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
|
||||
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
|
||||
{{- $releaseName := .Release.Name -}}
|
||||
{{- $serviceName := include "prometheus.pushgateway.fullname" . }}
|
||||
{{- $servicePort := .Values.pushgateway.service.servicePort -}}
|
||||
{{- $ingressPath := .Values.pushgateway.ingress.path -}}
|
||||
{{- $ingressPathType := .Values.pushgateway.ingress.pathType -}}
|
||||
{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}}
|
||||
apiVersion: {{ template "ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
{{- if .Values.pushgateway.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if and $ingressSupportsIngressClassName .Values.pushgateway.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.pushgateway.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.pushgateway.ingress.hosts }}
|
||||
{{- $url := splitList "/" . }}
|
||||
- host: {{ first $url }}
|
||||
http:
|
||||
paths:
|
||||
{{ if $extraPaths }}
|
||||
{{ toYaml $extraPaths | indent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ $ingressPath }}
|
||||
{{- if $ingressSupportsPathType }}
|
||||
pathType: {{ $ingressPathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if $ingressApiIsStable }}
|
||||
service:
|
||||
name: {{ $serviceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if .Values.pushgateway.ingress.tls }}
|
||||
tls:
|
||||
{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,20 +0,0 @@
|
|||
{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}}
|
||||
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
|
||||
- ports:
|
||||
- port: 9091
|
||||
{{- end -}}
|
|
@ -1,14 +0,0 @@
|
|||
{{- if .Values.pushgateway.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
spec:
|
||||
maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 6 }}
|
||||
{{- end }}
|
|
@ -1,42 +0,0 @@
|
|||
{{- if and .Values.pushgateway.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.pushgateway.podSecurityPolicy.annotations }}
|
||||
{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
volumes:
|
||||
- 'persistentVolumeClaim'
|
||||
- 'secret'
|
||||
allowedHostPaths:
|
||||
- pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }}
|
||||
hostNetwork: false
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: true
|
||||
{{- end }}
|
|
@ -1,31 +0,0 @@
|
|||
{{- if .Values.pushgateway.persistentVolume.enabled -}}
|
||||
{{- if not .Values.pushgateway.persistentVolume.existingClaim -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
{{- if .Values.pushgateway.persistentVolume.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }}
|
||||
{{- if .Values.pushgateway.persistentVolume.storageClass }}
|
||||
{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }}
|
||||
volumeBindingMode: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .Values.pushgateway.persistentVolume.size }}"
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,41 +0,0 @@
|
|||
{{- if .Values.pushgateway.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.pushgateway.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.pushgateway.service.annotations | indent 4}}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
{{- if .Values.pushgateway.service.labels }}
|
||||
{{ toYaml .Values.pushgateway.service.labels | indent 4}}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if .Values.pushgateway.service.clusterIP }}
|
||||
clusterIP: {{ .Values.pushgateway.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.pushgateway.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.pushgateway.service.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 9091
|
||||
selector:
|
||||
{{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }}
|
||||
type: "{{ .Values.pushgateway.service.type }}"
|
||||
{{- end }}
|
|
@ -1,11 +0,0 @@
|
|||
{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccounts.pushgateway.annotations | indent 4 }}
|
||||
{{- end -}}
|
|
@ -1,20 +0,0 @@
|
|||
{{- if .Values.pushgateway.enabled -}}
|
||||
{{- if .Values.pushgateway.verticalAutoscaler.enabled -}}
|
||||
apiVersion: autoscaling.k8s.io/v1beta2
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}-vpa
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
targetRef:
|
||||
apiVersion: "apps/v1"
|
||||
kind: Deployment
|
||||
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||
updatePolicy:
|
||||
updateMode: {{ .Values.pushgateway.verticalAutoscaler.updateMode | default "Off" | quote }}
|
||||
resourcePolicy:
|
||||
containerPolicies: {{ .Values.pushgateway.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }}
|
||||
{{- end -}} {{/* if .Values.pushgateway.verticalAutoscaler.enabled */}}
|
||||
{{- end -}} {{/* .Values.pushgateway.enabled */}}
|
|
@ -1,16 +0,0 @@
|
|||
{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.namespaces) (empty .Values.server.useExistingClusterRoleName) -}}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus.serviceAccountName.server" . }}
|
||||
{{ include "prometheus.namespace" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{- end }}
|
|
@ -1,85 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if (empty .Values.server.configMapOverrideName) -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
data:
|
||||
{{- $root := . -}}
|
||||
{{- range $key, $value := .Values.ruleFiles }}
|
||||
{{ $key }}: {{- toYaml $value | indent 2 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.serverFiles }}
|
||||
{{ $key }}: |
|
||||
{{- if eq $key "prometheus.yml" }}
|
||||
global:
|
||||
{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }}
|
||||
{{- if $root.Values.server.remoteWrite }}
|
||||
remote_write:
|
||||
{{ $root.Values.server.remoteWrite | toYaml | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if $root.Values.server.remoteRead }}
|
||||
remote_read:
|
||||
{{ $root.Values.server.remoteRead | toYaml | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq $key "alerts" }}
|
||||
{{- if and (not (empty $value)) (empty $value.groups) }}
|
||||
groups:
|
||||
{{- range $ruleKey, $ruleValue := $value }}
|
||||
- name: {{ $ruleKey -}}.rules
|
||||
rules:
|
||||
{{ $ruleValue | toYaml | trimSuffix "\n" | indent 6 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{ toYaml $value | indent 4 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{ toYaml $value | default "{}" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq $key "prometheus.yml" -}}
|
||||
{{- if $root.Values.extraScrapeConfigs }}
|
||||
{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }}
|
||||
alerting:
|
||||
{{- if $root.Values.alertRelabelConfigs }}
|
||||
{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }}
|
||||
{{- end }}
|
||||
alertmanagers:
|
||||
{{- if $root.Values.server.alertmanagers }}
|
||||
{{ toYaml $root.Values.server.alertmanagers | indent 8 }}
|
||||
{{- else }}
|
||||
- kubernetes_sd_configs:
|
||||
- role: pod
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if $root.Values.alertmanager.prefixURL }}
|
||||
path_prefix: {{ $root.Values.alertmanager.prefixURL }}
|
||||
{{- end }}
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_namespace]
|
||||
regex: {{ $root.Release.Namespace }}
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_label_app]
|
||||
regex: {{ template "prometheus.name" $root }}
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_label_component]
|
||||
regex: alertmanager
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe]
|
||||
regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }}
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_container_port_number]
|
||||
regex: "9093"
|
||||
action: keep
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,324 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if not .Values.server.statefulSet.enabled -}}
|
||||
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
{{- if .Values.server.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.deploymentAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.server.replicaCount }}
|
||||
{{- if .Values.server.strategy }}
|
||||
strategy:
|
||||
{{ toYaml .Values.server.strategy | trim | indent 4 }}
|
||||
{{ if eq .Values.server.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.server.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 8 }}
|
||||
{{- if .Values.server.podLabels}}
|
||||
{{ toYaml .Values.server.podLabels | nindent 8 }}
|
||||
{{- end}}
|
||||
spec:
|
||||
{{- if .Values.server.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.server.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.server.schedulerName }}
|
||||
schedulerName: "{{ .Values.server.schedulerName }}"
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.GitVersion }}
|
||||
{{- if or (.Values.server.enableServiceLinks) (eq (.Values.server.enableServiceLinks | toString) "<nil>") }}
|
||||
enableServiceLinks: true
|
||||
{{- else }}
|
||||
enableServiceLinks: false
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
|
||||
{{- if .Values.server.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.server.extraInitContainers | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
{{- if .Values.configmapReload.prometheus.enabled }}
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }}
|
||||
image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}"
|
||||
args:
|
||||
- --volume-dir=/etc/config
|
||||
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
|
||||
{{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.prometheus.extraVolumeDirs }}
|
||||
- --volume-dir={{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmapReload.prometheus.containerPort }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.configmapReload.prometheus.containerPort }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
readOnly: true
|
||||
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
|
||||
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
|
||||
{{- if .Values.server.env }}
|
||||
env:
|
||||
{{ toYaml .Values.server.env | indent 12}}
|
||||
{{- end }}
|
||||
args:
|
||||
{{- if .Values.server.defaultFlagsOverride }}
|
||||
{{ toYaml .Values.server.defaultFlagsOverride | nindent 12}}
|
||||
{{- else }}
|
||||
{{- if .Values.server.retention }}
|
||||
- --storage.tsdb.retention.time={{ .Values.server.retention }}
|
||||
{{- end }}
|
||||
- --config.file={{ .Values.server.configPath }}
|
||||
{{- if .Values.server.storagePath }}
|
||||
- --storage.tsdb.path={{ .Values.server.storagePath }}
|
||||
{{- else }}
|
||||
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
|
||||
{{- end }}
|
||||
- --web.console.libraries=/etc/prometheus/console_libraries
|
||||
- --web.console.templates=/etc/prometheus/consoles
|
||||
{{- range .Values.server.extraFlags }}
|
||||
- --{{ . }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.server.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.prefixURL }}
|
||||
- --web.route-prefix={{ .Values.server.prefixURL }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.baseURL }}
|
||||
- --web.external-url={{ .Values.server.baseURL }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
{{- if .Values.server.hostPort }}
|
||||
hostPort: {{ .Values.server.hostPort }}
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
{{- if not .Values.server.tcpSocketProbeEnabled }}
|
||||
httpGet:
|
||||
path: {{ .Values.server.prefixURL }}/-/ready
|
||||
port: 9090
|
||||
scheme: {{ .Values.server.probeScheme }}
|
||||
{{- if .Values.server.probeHeaders }}
|
||||
httpHeaders:
|
||||
{{- range .Values.server.probeHeaders}}
|
||||
- name: {{ .name }}
|
||||
value: {{ .value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
tcpSocket:
|
||||
port: 9090
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }}
|
||||
periodSeconds: {{ .Values.server.readinessProbePeriodSeconds }}
|
||||
timeoutSeconds: {{ .Values.server.readinessProbeTimeout }}
|
||||
failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }}
|
||||
successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }}
|
||||
livenessProbe:
|
||||
{{- if not .Values.server.tcpSocketProbeEnabled }}
|
||||
httpGet:
|
||||
path: {{ .Values.server.prefixURL }}/-/healthy
|
||||
port: 9090
|
||||
scheme: {{ .Values.server.probeScheme }}
|
||||
{{- if .Values.server.probeHeaders }}
|
||||
httpHeaders:
|
||||
{{- range .Values.server.probeHeaders}}
|
||||
- name: {{ .name }}
|
||||
value: {{ .value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
tcpSocket:
|
||||
port: 9090
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }}
|
||||
periodSeconds: {{ .Values.server.livenessProbePeriodSeconds }}
|
||||
timeoutSeconds: {{ .Values.server.livenessProbeTimeout }}
|
||||
failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }}
|
||||
successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }}
|
||||
{{- if .Values.server.startupProbe.enabled }}
|
||||
startupProbe:
|
||||
{{- if not .Values.server.tcpSocketProbeEnabled }}
|
||||
httpGet:
|
||||
path: {{ .Values.server.prefixURL }}/-/healthy
|
||||
port: 9090
|
||||
scheme: {{ .Values.server.probeScheme }}
|
||||
{{- if .Values.server.probeHeaders }}
|
||||
httpHeaders:
|
||||
{{- range .Values.server.probeHeaders}}
|
||||
- name: {{ .name }}
|
||||
value: {{ .value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
tcpSocket:
|
||||
port: 9090
|
||||
{{- end }}
|
||||
failureThreshold: {{ .Values.server.startupProbe.failureThreshold }}
|
||||
periodSeconds: {{ .Values.server.startupProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.server.startupProbe.timeoutSeconds }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.server.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
- name: storage-volume
|
||||
mountPath: {{ .Values.server.persistentVolume.mountPath }}
|
||||
subPath: "{{ .Values.server.persistentVolume.subPath }}"
|
||||
{{- range .Values.server.extraHostPathMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.server.name }}-{{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.extraVolumeMounts }}
|
||||
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.server.containerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.sidecarContainers }}
|
||||
{{- range $name, $spec := .Values.server.sidecarContainers }}
|
||||
- name: {{ $name }}
|
||||
{{- if kindIs "string" $spec }}
|
||||
{{- tpl $spec $ | nindent 10 }}
|
||||
{{- else }}
|
||||
{{- toYaml $spec | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.server.hostNetwork }}
|
||||
{{- if .Values.server.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.server.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.server.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.hostAliases }}
|
||||
hostAliases:
|
||||
{{ toYaml .Values.server.hostAliases | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml .Values.server.dnsConfig | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.server.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.server.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.server.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
{{- if empty .Values.server.configFromSecret }}
|
||||
configMap:
|
||||
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
secret:
|
||||
secretName: {{ .Values.server.configFromSecret }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraHostPathMounts }}
|
||||
- name: {{ .name }}
|
||||
hostPath:
|
||||
path: {{ .hostPath }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.server.name }}-{{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.extraVolumes }}
|
||||
{{ toYaml .Values.server.extraVolumes | indent 8}}
|
||||
{{- end }}
|
||||
- name: storage-volume
|
||||
{{- if .Values.server.persistentVolume.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir:
|
||||
{{- if .Values.server.emptyDir.sizeLimit }}
|
||||
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
|
||||
{{- else }}
|
||||
{}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,37 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if .Values.server.statefulSet.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.server.statefulSet.headless.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
{{- if .Values.server.statefulSet.headless.labels }}
|
||||
{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.server.fullname" . }}-headless
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.server.statefulSet.headless.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 9090
|
||||
{{- if .Values.server.statefulSet.headless.gRPC.enabled }}
|
||||
- name: grpc
|
||||
port: {{ .Values.server.statefulSet.headless.gRPC.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 10901
|
||||
{{- if .Values.server.statefulSet.headless.gRPC.nodePort }}
|
||||
nodePort: {{ .Values.server.statefulSet.headless.gRPC.nodePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
selector:
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,59 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if .Values.server.ingress.enabled -}}
|
||||
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
|
||||
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
|
||||
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
|
||||
{{- $releaseName := .Release.Name -}}
|
||||
{{- $serviceName := include "prometheus.server.fullname" . }}
|
||||
{{- $servicePort := .Values.server.service.servicePort -}}
|
||||
{{- $ingressPath := .Values.server.ingress.path -}}
|
||||
{{- $ingressPathType := .Values.server.ingress.pathType -}}
|
||||
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
|
||||
apiVersion: {{ template "ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
{{- if .Values.server.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.ingress.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
{{- range $key, $value := .Values.server.ingress.extraLabels }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if and $ingressSupportsIngressClassName .Values.server.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.server.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.server.ingress.hosts }}
|
||||
{{- $url := splitList "/" . }}
|
||||
- host: {{ first $url }}
|
||||
http:
|
||||
paths:
|
||||
{{ if $extraPaths }}
|
||||
{{ toYaml $extraPaths | indent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ $ingressPath }}
|
||||
{{- if $ingressSupportsPathType }}
|
||||
pathType: {{ $ingressPathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if $ingressApiIsStable }}
|
||||
service:
|
||||
name: {{ $serviceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if .Values.server.ingress.tls }}
|
||||
tls:
|
||||
{{ toYaml .Values.server.ingress.tls | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,18 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: 9090
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,14 +0,0 @@
|
|||
{{- if .Values.server.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
spec:
|
||||
maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.server.labels" . | nindent 6 }}
|
||||
{{- end }}
|
|
@ -1,51 +0,0 @@
|
|||
{{- if and .Values.server.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.server.podSecurityPolicy.annotations }}
|
||||
{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
allowedCapabilities:
|
||||
- 'CHOWN'
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'persistentVolumeClaim'
|
||||
- 'emptyDir'
|
||||
- 'secret'
|
||||
- 'hostPath'
|
||||
allowedHostPaths:
|
||||
- pathPrefix: /etc
|
||||
readOnly: true
|
||||
- pathPrefix: {{ .Values.server.persistentVolume.mountPath }}
|
||||
{{- range .Values.server.extraHostPathMounts }}
|
||||
- pathPrefix: {{ .hostPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
hostNetwork: false
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
|
@ -1,39 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if not .Values.server.statefulSet.enabled -}}
|
||||
{{- if .Values.server.persistentVolume.enabled -}}
|
||||
{{- if not .Values.server.persistentVolume.existingClaim -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
{{- if .Values.server.persistentVolume.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }}
|
||||
{{- if .Values.server.persistentVolume.storageClass }}
|
||||
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.persistentVolume.volumeBindingMode }}
|
||||
volumeBindingMode: "{{ .Values.server.persistentVolume.volumeBindingMode }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .Values.server.persistentVolume.size }}"
|
||||
{{- if .Values.server.persistentVolume.selector }}
|
||||
selector:
|
||||
{{- toYaml .Values.server.persistentVolume.selector | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,20 +0,0 @@
|
|||
{{- if and .Values.server.enabled .Values.rbac.create .Values.server.useExistingClusterRoleName .Values.server.namespaces -}}
|
||||
{{ range $.Values.server.namespaces -}}
|
||||
---
|
||||
apiVersion: {{ template "rbac.apiVersion" $ }}
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" $ | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" $ }}
|
||||
namespace: {{ . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus.serviceAccountName.server" $ }}
|
||||
{{ include "prometheus.namespace" $ | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ $.Values.server.useExistingClusterRoleName }}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
|
@ -1,60 +0,0 @@
|
|||
{{- if and .Values.server.enabled .Values.server.service.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.server.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
{{- if .Values.server.service.labels }}
|
||||
{{ toYaml .Values.server.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
{{- if .Values.server.service.clusterIP }}
|
||||
clusterIP: {{ .Values.server.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.server.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.server.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.server.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.server.service.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 9090
|
||||
{{- if .Values.server.service.nodePort }}
|
||||
nodePort: {{ .Values.server.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.service.gRPC.enabled }}
|
||||
- name: grpc
|
||||
port: {{ .Values.server.service.gRPC.servicePort }}
|
||||
protocol: TCP
|
||||
targetPort: 10901
|
||||
{{- if .Values.server.service.gRPC.nodePort }}
|
||||
nodePort: {{ .Values.server.service.gRPC.nodePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }}
|
||||
statefulset.kubernetes.io/pod-name: {{ template "prometheus.server.fullname" . }}-{{ .Values.server.service.statefulsetReplica.replica }}
|
||||
{{- else -}}
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
|
||||
{{- if .Values.server.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.server.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
type: "{{ .Values.server.service.type }}"
|
||||
{{- end -}}
|
|
@ -1,13 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if .Values.serviceAccounts.server.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.serviceAccountName.server" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccounts.server.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,302 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if .Values.server.statefulSet.enabled -}}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
{{- if .Values.server.statefulSet.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.statefulSet.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
{{- if .Values.server.statefulSet.labels}}
|
||||
{{ toYaml .Values.server.statefulSet.labels | nindent 4 }}
|
||||
{{- end}}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
serviceName: {{ template "prometheus.server.fullname" . }}-headless
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.server.replicaCount }}
|
||||
podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.server.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 8 }}
|
||||
{{- if .Values.server.podLabels}}
|
||||
{{ toYaml .Values.server.podLabels | nindent 8 }}
|
||||
{{- end}}
|
||||
spec:
|
||||
{{- if .Values.server.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.server.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.server.schedulerName }}
|
||||
schedulerName: "{{ .Values.server.schedulerName }}"
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.GitVersion }}
|
||||
{{- if or (.Values.server.enableServiceLinks) (eq (.Values.server.enableServiceLinks | toString) "<nil>") }}
|
||||
enableServiceLinks: true
|
||||
{{- else }}
|
||||
enableServiceLinks: false
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
|
||||
{{- if .Values.server.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.server.extraInitContainers | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
{{- if .Values.configmapReload.prometheus.enabled }}
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }}
|
||||
image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}"
|
||||
args:
|
||||
- --volume-dir=/etc/config
|
||||
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
|
||||
{{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.prometheus.extraVolumeDirs }}
|
||||
- --volume-dir={{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmapReload.prometheus.containerPort }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.configmapReload.prometheus.containerPort }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
readOnly: true
|
||||
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
|
||||
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
|
||||
{{- if .Values.server.env }}
|
||||
env:
|
||||
{{ toYaml .Values.server.env | indent 12}}
|
||||
{{- end }}
|
||||
args:
|
||||
{{- if .Values.server.defaultFlagsOverride }}
|
||||
{{ toYaml .Values.server.defaultFlagsOverride | nindent 12}}
|
||||
{{- else }}
|
||||
{{- if .Values.server.prefixURL }}
|
||||
- --web.route-prefix={{ .Values.server.prefixURL }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.retention }}
|
||||
- --storage.tsdb.retention.time={{ .Values.server.retention }}
|
||||
{{- end }}
|
||||
- --config.file={{ .Values.server.configPath }}
|
||||
{{- if .Values.server.storagePath }}
|
||||
- --storage.tsdb.path={{ .Values.server.storagePath }}
|
||||
{{- else }}
|
||||
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
|
||||
{{- end }}
|
||||
- --web.console.libraries=/etc/prometheus/console_libraries
|
||||
- --web.console.templates=/etc/prometheus/consoles
|
||||
{{- range .Values.server.extraFlags }}
|
||||
- --{{ . }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.server.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.baseURL }}
|
||||
- --web.external-url={{ .Values.server.baseURL }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
{{- if .Values.server.hostPort }}
|
||||
hostPort: {{ .Values.server.hostPort }}
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
{{- if not .Values.server.tcpSocketProbeEnabled }}
|
||||
httpGet:
|
||||
path: {{ .Values.server.prefixURL }}/-/ready
|
||||
port: 9090
|
||||
scheme: {{ .Values.server.probeScheme }}
|
||||
{{- else }}
|
||||
tcpSocket:
|
||||
port: 9090
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }}
|
||||
periodSeconds: {{ .Values.server.readinessProbePeriodSeconds }}
|
||||
timeoutSeconds: {{ .Values.server.readinessProbeTimeout }}
|
||||
failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }}
|
||||
successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }}
|
||||
livenessProbe:
|
||||
{{- if not .Values.server.tcpSocketProbeEnabled }}
|
||||
httpGet:
|
||||
path: {{ .Values.server.prefixURL }}/-/healthy
|
||||
port: 9090
|
||||
scheme: {{ .Values.server.probeScheme }}
|
||||
{{- else }}
|
||||
tcpSocket:
|
||||
port: 9090
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }}
|
||||
periodSeconds: {{ .Values.server.livenessProbePeriodSeconds }}
|
||||
timeoutSeconds: {{ .Values.server.livenessProbeTimeout }}
|
||||
failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }}
|
||||
successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }}
|
||||
resources:
|
||||
{{ toYaml .Values.server.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
- name: storage-volume
|
||||
mountPath: {{ .Values.server.persistentVolume.mountPath }}
|
||||
subPath: "{{ .Values.server.persistentVolume.subPath }}"
|
||||
{{- range .Values.server.extraHostPathMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.server.name }}-{{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.extraVolumeMounts }}
|
||||
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.sidecarContainers }}
|
||||
{{- range $name, $spec := .Values.server.sidecarContainers }}
|
||||
- name: {{ $name }}
|
||||
{{- if kindIs "string" $spec }}
|
||||
{{- tpl $spec $ | nindent 10 }}
|
||||
{{- else }}
|
||||
{{- toYaml $spec | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.server.hostNetwork }}
|
||||
{{- if .Values.server.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.server.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.server.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.hostAliases }}
|
||||
hostAliases:
|
||||
{{ toYaml .Values.server.hostAliases | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml .Values.server.dnsConfig | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.server.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.server.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.server.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
{{- if empty .Values.server.configFromSecret }}
|
||||
configMap:
|
||||
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
secret:
|
||||
secretName: {{ .Values.server.configFromSecret }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraHostPathMounts }}
|
||||
- name: {{ .name }}
|
||||
hostPath:
|
||||
path: {{ .hostPath }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraConfigmapMounts }}
|
||||
- name: {{ $.Values.server.name }}-{{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
{{- range .Values.server.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.extraVolumes }}
|
||||
{{ toYaml .Values.server.extraVolumes | indent 8}}
|
||||
{{- end }}
|
||||
{{- if .Values.server.persistentVolume.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: storage-volume
|
||||
{{- if .Values.server.persistentVolume.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .Values.server.persistentVolume.size }}"
|
||||
{{- if .Values.server.persistentVolume.storageClass }}
|
||||
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- name: storage-volume
|
||||
emptyDir:
|
||||
{{- if .Values.server.emptyDir.sizeLimit }}
|
||||
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
|
||||
{{- else }}
|
||||
{}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,24 +0,0 @@
|
|||
{{- if .Values.server.enabled -}}
|
||||
{{- if .Values.server.verticalAutoscaler.enabled -}}
|
||||
apiVersion: autoscaling.k8s.io/v1beta2
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" . }}-vpa
|
||||
{{ include "prometheus.namespace" . | indent 2 }}
|
||||
spec:
|
||||
targetRef:
|
||||
apiVersion: "apps/v1"
|
||||
{{- if .Values.server.statefulSet.enabled }}
|
||||
kind: StatefulSet
|
||||
{{- else }}
|
||||
kind: Deployment
|
||||
{{- end }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
updatePolicy:
|
||||
updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }}
|
||||
resourcePolicy:
|
||||
containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }}
|
||||
{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}}
|
||||
{{- end -}} {{/* .Values.server.enabled */}}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
# Source: prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kube-state-metrics-4.7.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: kube-state-metrics
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
app.kubernetes.io/version: "2.4.1"
|
||||
name: prometheus-kube-state-metrics
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: prometheus-kube-state-metrics
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus-kube-state-metrics
|
||||
namespace: default
|
|
@ -0,0 +1,61 @@
|
|||
---
|
||||
# Source: prometheus/charts/kube-state-metrics/templates/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: prometheus-kube-state-metrics
|
||||
namespace: default
|
||||
labels:
|
||||
helm.sh/chart: kube-state-metrics-4.7.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: kube-state-metrics
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
app.kubernetes.io/version: "2.4.1"
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kube-state-metrics-4.7.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: kube-state-metrics
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
app.kubernetes.io/version: "2.4.1"
|
||||
spec:
|
||||
hostNetwork: false
|
||||
serviceAccountName: prometheus-kube-state-metrics
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsUser: 65534
|
||||
containers:
|
||||
- name: kube-state-metrics
|
||||
args:
|
||||
- --port=8080
|
||||
- --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments
|
||||
- --telemetry-port=8081
|
||||
imagePullPolicy: IfNotPresent
|
||||
image: "k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.4.1"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: "http"
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
|
@ -1,187 +1,150 @@
|
|||
{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
|
||||
{{- range (ternary (split "," .Values.namespaces) (list "") (eq $.Values.rbac.useClusterRole false)) }}
|
||||
---
|
||||
# Source: prometheus/charts/kube-state-metrics/templates/role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if eq $.Values.rbac.useClusterRole false }}
|
||||
kind: Role
|
||||
{{- else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-state-metrics.labels" $ | indent 4 }}
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
{{- if eq $.Values.rbac.useClusterRole false }}
|
||||
namespace: {{ . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
helm.sh/chart: kube-state-metrics-4.7.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: kube-state-metrics
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
app.kubernetes.io/version: "2.4.1"
|
||||
name: prometheus-kube-state-metrics
|
||||
rules:
|
||||
{{ if has "certificatesigningrequests" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["certificates.k8s.io"]
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "configmaps" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- configmaps
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "cronjobs" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- cronjobs
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "daemonsets" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- daemonsets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "deployments" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- deployments
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "endpoints" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- endpoints
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "horizontalpodautoscalers" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["autoscaling"]
|
||||
resources:
|
||||
- horizontalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "ingresses" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["extensions", "networking.k8s.io"]
|
||||
resources:
|
||||
- ingresses
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "jobs" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- jobs
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "limitranges" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- limitranges
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "mutatingwebhookconfigurations" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- mutatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "namespaces" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- namespaces
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "networkpolicies" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "nodes" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- nodes
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "persistentvolumeclaims" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "persistentvolumes" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumes
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "poddisruptionbudgets" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["policy"]
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "pods" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- pods
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "replicasets" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- replicasets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "replicationcontrollers" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- replicationcontrollers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "resourcequotas" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- resourcequotas
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "secrets" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- secrets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "services" $.Values.collectors }}
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- services
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "statefulsets" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["apps"]
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "storageclasses" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "validatingwebhookconfigurations" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "volumeattachments" $.Values.collectors }}
|
||||
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- volumeattachments
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if has "verticalpodautoscalers" $.Values.collectors }}
|
||||
- apiGroups: ["autoscaling.k8s.io"]
|
||||
resources:
|
||||
- verticalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
# Source: prometheus/charts/kube-state-metrics/templates/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: prometheus-kube-state-metrics
|
||||
namespace: default
|
||||
labels:
|
||||
helm.sh/chart: kube-state-metrics-4.7.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: kube-state-metrics
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
app.kubernetes.io/version: "2.4.1"
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
spec:
|
||||
type: "ClusterIP"
|
||||
ports:
|
||||
- name: "http"
|
||||
protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8080
|
||||
|
||||
selector:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
# Source: prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kube-state-metrics-4.7.0
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: metrics
|
||||
app.kubernetes.io/part-of: kube-state-metrics
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
app.kubernetes.io/instance: prometheus
|
||||
app.kubernetes.io/version: "2.4.1"
|
||||
name: prometheus-kube-state-metrics
|
||||
namespace: default
|
||||
imagePullSecrets:
|
||||
[]
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
rules:
|
||||
[]
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus-alertmanager
|
||||
namespace: default
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: prometheus-alertmanager
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/cm.yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
namespace: default
|
||||
data:
|
||||
alertmanager.yml: |
|
||||
global: {}
|
||||
receivers:
|
||||
- name: default-receiver
|
||||
route:
|
||||
group_interval: 5m
|
||||
group_wait: 10s
|
||||
receiver: default-receiver
|
||||
repeat_interval: 3h
|
|
@ -0,0 +1,86 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/deploy.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
spec:
|
||||
serviceAccountName: prometheus-alertmanager
|
||||
containers:
|
||||
- name: prometheus-alertmanager
|
||||
image: "quay.io/prometheus/alertmanager:v0.23.0"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
args:
|
||||
- --config.file=/etc/config/alertmanager.yml
|
||||
- --storage.path=/data
|
||||
- --cluster.listen-address=
|
||||
- --web.external-url=http://localhost:9093
|
||||
|
||||
ports:
|
||||
- containerPort: 9093
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /-/ready
|
||||
port: 9093
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
||||
resources:
|
||||
{}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
- name: storage-volume
|
||||
mountPath: "/data"
|
||||
subPath: ""
|
||||
- name: prometheus-alertmanager-configmap-reload
|
||||
image: "jimmidyson/configmap-reload:v0.5.0"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- --volume-dir=/etc/config
|
||||
- --webhook-url=http://127.0.0.1:9093/-/reload
|
||||
resources:
|
||||
{}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
readOnly: true
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65534
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: prometheus-alertmanager
|
||||
- name: storage-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: prometheus-alertmanager
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/pvc.yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: "2Gi"
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
namespace: default
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 9093
|
||||
selector:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
sessionAffinity: None
|
||||
type: "ClusterIP"
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# Source: prometheus/templates/alertmanager/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
component: "alertmanager"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-alertmanager
|
||||
namespace: default
|
||||
annotations:
|
||||
{}
|
|
@ -0,0 +1,76 @@
|
|||
---
|
||||
# Source: prometheus/templates/node-exporter/daemonset.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
component: "node-exporter"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-node-exporter
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
component: "node-exporter"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: "node-exporter"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
spec:
|
||||
serviceAccountName: prometheus-node-exporter
|
||||
containers:
|
||||
- name: prometheus-node-exporter
|
||||
image: "quay.io/prometheus/node-exporter:v1.3.0"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- --path.procfs=/host/proc
|
||||
- --path.sysfs=/host/sys
|
||||
- --path.rootfs=/host/root
|
||||
- --web.listen-address=:9100
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9100
|
||||
hostPort: 9100
|
||||
resources:
|
||||
{}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
volumeMounts:
|
||||
- name: proc
|
||||
mountPath: /host/proc
|
||||
readOnly: true
|
||||
- name: sys
|
||||
mountPath: /host/sys
|
||||
readOnly: true
|
||||
- name: root
|
||||
mountPath: /host/root
|
||||
mountPropagation: HostToContainer
|
||||
readOnly: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65534
|
||||
volumes:
|
||||
- name: proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: root
|
||||
hostPath:
|
||||
path: /
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# Source: prometheus/templates/node-exporter/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
component: "node-exporter"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-node-exporter
|
||||
namespace: default
|
||||
annotations:
|
||||
{}
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
# Source: prometheus/templates/node-exporter/svc.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
component: "node-exporter"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-node-exporter
|
||||
namespace: default
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 9100
|
||||
protocol: TCP
|
||||
targetPort: 9100
|
||||
selector:
|
||||
component: "node-exporter"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
type: "ClusterIP"
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
# Source: prometheus/templates/pushgateway/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-pushgateway
|
||||
rules:
|
||||
[]
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
# Source: prometheus/templates/pushgateway/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-pushgateway
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus-pushgateway
|
||||
namespace: default
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: prometheus-pushgateway
|
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
# Source: prometheus/templates/pushgateway/deploy.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-pushgateway
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
spec:
|
||||
serviceAccountName: prometheus-pushgateway
|
||||
containers:
|
||||
- name: prometheus-pushgateway
|
||||
image: "prom/pushgateway:v1.4.2"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
ports:
|
||||
- containerPort: 9091
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /-/healthy
|
||||
port: 9091
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /-/ready
|
||||
port: 9091
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 10
|
||||
resources:
|
||||
{}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65534
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# Source: prometheus/templates/pushgateway/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/probe: pushgateway
|
||||
labels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-pushgateway
|
||||
namespace: default
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 9091
|
||||
protocol: TCP
|
||||
targetPort: 9091
|
||||
selector:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
type: "ClusterIP"
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# Source: prometheus/templates/pushgateway/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
component: "pushgateway"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-pushgateway
|
||||
namespace: default
|
||||
annotations:
|
||||
{}
|
|
@ -1,21 +1,16 @@
|
|||
{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.useExistingClusterRoleName) -}}
|
||||
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||
---
|
||||
# Source: prometheus/templates/server/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||
name: {{ template "prometheus.server.fullname" . }}
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
rules:
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
verbs:
|
||||
- use
|
||||
resourceNames:
|
||||
- {{ template "prometheus.server.fullname" . }}
|
||||
{{- end }}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
@ -45,4 +40,3 @@ rules:
|
|||
- "/metrics"
|
||||
verbs:
|
||||
- get
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
# Source: prometheus/templates/server/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus-server
|
||||
namespace: default
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: prometheus-server
|
|
@ -0,0 +1,333 @@
|
|||
---
|
||||
# Source: prometheus/templates/server/cm.yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
namespace: default
|
||||
data:
|
||||
alerting_rules.yml: |
|
||||
{}
|
||||
alerts: |
|
||||
{}
|
||||
prometheus.yml: |
|
||||
global:
|
||||
evaluation_interval: 1m
|
||||
scrape_interval: 1m
|
||||
scrape_timeout: 10s
|
||||
rule_files:
|
||||
- /etc/config/recording_rules.yml
|
||||
- /etc/config/alerting_rules.yml
|
||||
- /etc/config/rules
|
||||
- /etc/config/alerts
|
||||
scrape_configs:
|
||||
- job_name: prometheus
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost:9090
|
||||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
job_name: kubernetes-apiservers
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: default;kubernetes;https
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
- __meta_kubernetes_service_name
|
||||
- __meta_kubernetes_endpoint_port_name
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
job_name: kubernetes-nodes
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
relabel_configs:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_node_label_(.+)
|
||||
- replacement: kubernetes.default.svc:443
|
||||
target_label: __address__
|
||||
- regex: (.+)
|
||||
replacement: /api/v1/nodes/$1/proxy/metrics
|
||||
source_labels:
|
||||
- __meta_kubernetes_node_name
|
||||
target_label: __metrics_path__
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
job_name: kubernetes-nodes-cadvisor
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
relabel_configs:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_node_label_(.+)
|
||||
- replacement: kubernetes.default.svc:443
|
||||
target_label: __address__
|
||||
- regex: (.+)
|
||||
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
|
||||
source_labels:
|
||||
- __meta_kubernetes_node_name
|
||||
target_label: __metrics_path__
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
- honor_labels: true
|
||||
job_name: kubernetes-service-endpoints
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scrape
|
||||
- action: drop
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
|
||||
- action: replace
|
||||
regex: (https?)
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scheme
|
||||
target_label: __scheme__
|
||||
- action: replace
|
||||
regex: (.+)
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_path
|
||||
target_label: __metrics_path__
|
||||
- action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
source_labels:
|
||||
- __address__
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_port
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
|
||||
replacement: __param_$1
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_label_(.+)
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_name
|
||||
target_label: service
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: node
|
||||
- honor_labels: true
|
||||
job_name: kubernetes-service-endpoints-slow
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
|
||||
- action: replace
|
||||
regex: (https?)
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scheme
|
||||
target_label: __scheme__
|
||||
- action: replace
|
||||
regex: (.+)
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_path
|
||||
target_label: __metrics_path__
|
||||
- action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
source_labels:
|
||||
- __address__
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_port
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
|
||||
replacement: __param_$1
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_label_(.+)
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_name
|
||||
target_label: service
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: node
|
||||
scrape_interval: 5m
|
||||
scrape_timeout: 30s
|
||||
- honor_labels: true
|
||||
job_name: prometheus-pushgateway
|
||||
kubernetes_sd_configs:
|
||||
- role: service
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: pushgateway
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_probe
|
||||
- honor_labels: true
|
||||
job_name: kubernetes-services
|
||||
kubernetes_sd_configs:
|
||||
- role: service
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module:
|
||||
- http_2xx
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_probe
|
||||
- source_labels:
|
||||
- __address__
|
||||
target_label: __param_target
|
||||
- replacement: blackbox
|
||||
target_label: __address__
|
||||
- source_labels:
|
||||
- __param_target
|
||||
target_label: instance
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_label_(.+)
|
||||
- source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- source_labels:
|
||||
- __meta_kubernetes_service_name
|
||||
target_label: service
|
||||
- honor_labels: true
|
||||
job_name: kubernetes-pods
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_scrape
|
||||
- action: drop
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
|
||||
- action: replace
|
||||
regex: (https?)
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_scheme
|
||||
target_label: __scheme__
|
||||
- action: replace
|
||||
regex: (.+)
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_path
|
||||
target_label: __metrics_path__
|
||||
- action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
source_labels:
|
||||
- __address__
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_port
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
|
||||
replacement: __param_$1
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: pod
|
||||
- action: drop
|
||||
regex: Pending|Succeeded|Failed|Completed
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_phase
|
||||
- honor_labels: true
|
||||
job_name: kubernetes-pods-slow
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
|
||||
- action: replace
|
||||
regex: (https?)
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_scheme
|
||||
target_label: __scheme__
|
||||
- action: replace
|
||||
regex: (.+)
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_path
|
||||
target_label: __metrics_path__
|
||||
- action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
source_labels:
|
||||
- __address__
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_port
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
|
||||
replacement: __param_$1
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: pod
|
||||
- action: drop
|
||||
regex: Pending|Succeeded|Failed|Completed
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_phase
|
||||
scrape_interval: 5m
|
||||
scrape_timeout: 30s
|
||||
alerting:
|
||||
alertmanagers:
|
||||
- kubernetes_sd_configs:
|
||||
- role: pod
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_namespace]
|
||||
regex: default
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_label_app]
|
||||
regex: prometheus
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_label_component]
|
||||
regex: alertmanager
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe]
|
||||
regex: .*
|
||||
action: keep
|
||||
- source_labels: [__meta_kubernetes_pod_container_port_number]
|
||||
regex: "9093"
|
||||
action: keep
|
||||
recording_rules.yml: |
|
||||
{}
|
||||
rules: |
|
||||
{}
|
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
# Source: prometheus/templates/server/deploy.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
spec:
|
||||
enableServiceLinks: true
|
||||
serviceAccountName: prometheus-server
|
||||
containers:
|
||||
- name: prometheus-server-configmap-reload
|
||||
image: "jimmidyson/configmap-reload:v0.5.0"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- --volume-dir=/etc/config
|
||||
- --webhook-url=http://127.0.0.1:9090/-/reload
|
||||
resources:
|
||||
{}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
readOnly: true
|
||||
|
||||
- name: prometheus-server
|
||||
image: "quay.io/prometheus/prometheus:v2.34.0"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- --storage.tsdb.retention.time=15d
|
||||
- --config.file=/etc/config/prometheus.yml
|
||||
- --storage.tsdb.path=/data
|
||||
- --web.console.libraries=/etc/prometheus/console_libraries
|
||||
- --web.console.templates=/etc/prometheus/consoles
|
||||
- --web.enable-lifecycle
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /-/ready
|
||||
port: 9090
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 4
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /-/healthy
|
||||
port: 9090
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
resources:
|
||||
{}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config
|
||||
- name: storage-volume
|
||||
mountPath: /data
|
||||
subPath: ""
|
||||
hostNetwork: false
|
||||
dnsPolicy: ClusterFirst
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65534
|
||||
terminationGracePeriodSeconds: 300
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: prometheus-server
|
||||
- name: storage-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: prometheus-server
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Source: prometheus/templates/server/pvc.yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: "8Gi"
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
# Source: prometheus/templates/server/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
namespace: default
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 9090
|
||||
selector:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
sessionAffinity: None
|
||||
type: "ClusterIP"
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# Source: prometheus/templates/server/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
component: "server"
|
||||
app: prometheus
|
||||
release: prometheus
|
||||
chart: prometheus-15.8.5
|
||||
heritage: Helm
|
||||
name: prometheus-server
|
||||
namespace: default
|
||||
annotations:
|
||||
{}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue