Preferring Kustomize to make last-mile alterations, instead of relying on the Helm template generation, allows the helm chart to be included in the base.
1841 lines
58 KiB
YAML
1841 lines
58 KiB
YAML
rbac:
|
|
create: true
|
|
|
|
podSecurityPolicy:
|
|
enabled: false
|
|
|
|
imagePullSecrets:
|
|
# - name: "image-pull-secret"
|
|
|
|
## Define serviceAccount names for components. Defaults to component's fully qualified name.
|
|
##
|
|
serviceAccounts:
|
|
alertmanager:
|
|
create: true
|
|
name:
|
|
annotations: {}
|
|
nodeExporter:
|
|
create: true
|
|
name:
|
|
annotations: {}
|
|
pushgateway:
|
|
create: true
|
|
name:
|
|
annotations: {}
|
|
server:
|
|
create: true
|
|
name:
|
|
annotations: {}
|
|
|
|
alertmanager:
|
|
## If false, alertmanager will not be installed
|
|
##
|
|
enabled: true
|
|
|
|
## Use a ClusterRole (and ClusterRoleBinding)
|
|
## - If set to false - we define a Role and RoleBinding in the defined namespaces ONLY
|
|
## This makes alertmanager work - for users who do not have ClusterAdmin privs, but wants alertmanager to operate on their own namespaces, instead of clusterwide.
|
|
useClusterRole: true
|
|
|
|
## Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here.
|
|
useExistingRole: false
|
|
|
|
## alertmanager container name
|
|
##
|
|
name: alertmanager
|
|
|
|
## alertmanager container image
|
|
##
|
|
image:
|
|
repository: quay.io/prometheus/alertmanager
|
|
tag: v0.23.0
|
|
pullPolicy: IfNotPresent
|
|
|
|
## alertmanager priorityClassName
|
|
##
|
|
priorityClassName: ""
|
|
|
|
## Custom HTTP headers for Readiness Probe
|
|
##
|
|
## Useful for providing HTTP Basic Auth to healthchecks
|
|
probeHeaders: []
|
|
|
|
## Additional alertmanager container arguments
|
|
##
|
|
extraArgs: {}
|
|
|
|
## Additional InitContainers to initialize the pod
|
|
##
|
|
extraInitContainers: []
|
|
|
|
## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
|
|
## so that the various internal URLs are still able to access as they are in the default case.
|
|
## (Optional)
|
|
prefixURL: ""
|
|
|
|
## External URL which can access alertmanager
|
|
baseURL: "http://localhost:9093"
|
|
|
|
## Additional alertmanager container environment variable
|
|
## For instance to add a http_proxy
|
|
##
|
|
extraEnv: {}
|
|
|
|
## Additional alertmanager Secret mounts
|
|
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
|
|
extraSecretMounts: []
|
|
# - name: secret-files
|
|
# mountPath: /etc/secrets
|
|
# subPath: ""
|
|
# secretName: alertmanager-secret-files
|
|
# readOnly: true
|
|
|
|
## Additional alertmanager Configmap mounts
|
|
extraConfigmapMounts: []
|
|
# - name: template-files
|
|
# mountPath: /etc/config/templates.d
|
|
# configMap: alertmanager-template-files
|
|
# readOnly: true
|
|
|
|
## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}
|
|
## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml
|
|
## to NOT generate a ConfigMap resource
|
|
##
|
|
configMapOverrideName: ""
|
|
|
|
## The name of a secret in the same kubernetes namespace which contains the Alertmanager config
|
|
## Defining configFromSecret will cause templates/alertmanager-configmap.yaml
|
|
## to NOT generate a ConfigMap resource
|
|
##
|
|
configFromSecret: ""
|
|
|
|
## The configuration file name to be loaded to alertmanager
|
|
## Must match the key within configuration loaded from ConfigMap/Secret
|
|
##
|
|
configFileName: alertmanager.yml
|
|
|
|
ingress:
|
|
## If true, alertmanager Ingress will be created
|
|
##
|
|
enabled: false
|
|
|
|
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
|
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
|
# ingressClassName: nginx
|
|
|
|
## alertmanager Ingress annotations
|
|
##
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: 'true'
|
|
|
|
## alertmanager Ingress additional labels
|
|
##
|
|
extraLabels: {}
|
|
|
|
## alertmanager Ingress hostnames with optional path
|
|
## Must be provided if Ingress is enabled
|
|
##
|
|
hosts: []
|
|
# - alertmanager.domain.com
|
|
# - domain.com/alertmanager
|
|
|
|
path: /
|
|
|
|
# pathType is only for k8s >= 1.18
|
|
pathType: Prefix
|
|
|
|
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
|
|
extraPaths: []
|
|
# - path: /*
|
|
# backend:
|
|
# serviceName: ssl-redirect
|
|
# servicePort: use-annotation
|
|
|
|
## alertmanager Ingress TLS configuration
|
|
## Secrets must be manually created in the namespace
|
|
##
|
|
tls: []
|
|
# - secretName: prometheus-alerts-tls
|
|
# hosts:
|
|
# - alertmanager.domain.com
|
|
|
|
## Alertmanager Deployment Strategy type
|
|
# strategy:
|
|
# type: Recreate
|
|
|
|
## Node tolerations for alertmanager scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node labels for alertmanager pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Pod affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## PodDisruptionBudget settings
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
##
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
maxUnavailable: 1
|
|
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
# schedulerName:
|
|
|
|
persistentVolume:
|
|
## If true, alertmanager will create/use a Persistent Volume Claim
|
|
## If false, use emptyDir
|
|
##
|
|
enabled: true
|
|
|
|
## alertmanager data Persistent Volume access modes
|
|
## Must match those of existing PV or dynamic provisioner
|
|
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
|
|
## alertmanager data Persistent Volume Claim annotations
|
|
##
|
|
annotations: {}
|
|
|
|
## alertmanager data Persistent Volume existing claim name
|
|
## Requires alertmanager.persistentVolume.enabled: true
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
existingClaim: ""
|
|
|
|
## alertmanager data Persistent Volume mount root path
|
|
##
|
|
mountPath: /data
|
|
|
|
## alertmanager data Persistent Volume size
|
|
##
|
|
size: 2Gi
|
|
|
|
## alertmanager data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
|
|
## alertmanager data Persistent Volume Binding Mode
|
|
## If defined, volumeBindingMode: <volumeBindingMode>
|
|
## If undefined (the default) or set to null, no volumeBindingMode spec is
|
|
## set, choosing the default mode.
|
|
##
|
|
# volumeBindingMode: ""
|
|
|
|
## Subdirectory of alertmanager data Persistent Volume to mount
|
|
## Useful if the volume's root directory is not empty
|
|
##
|
|
subPath: ""
|
|
|
|
## Persistent Volume Claim Selector
|
|
## Useful if Persistent Volumes have been provisioned in advance
|
|
## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
|
|
##
|
|
# selector:
|
|
# matchLabels:
|
|
# release: "stable"
|
|
# matchExpressions:
|
|
# - { key: environment, operator: In, values: [ dev ] }
|
|
|
|
emptyDir:
|
|
## alertmanager emptyDir volume size limit
|
|
##
|
|
sizeLimit: ""
|
|
|
|
## Annotations to be added to alertmanager pods
|
|
##
|
|
podAnnotations: {}
|
|
## Tell prometheus to use a specific set of alertmanager pods
|
|
## instead of all alertmanager pods found in the same namespace
|
|
## Useful if you deploy multiple releases within the same namespace
|
|
##
|
|
## prometheus.io/probe: alertmanager-teamA
|
|
|
|
## Labels to be added to Prometheus AlertManager pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Specify if a Pod Security Policy for node-exporter must be created
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
##
|
|
podSecurityPolicy:
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
##
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
|
|
|
## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
|
|
##
|
|
replicaCount: 1
|
|
|
|
## Annotations to be added to deployment
|
|
##
|
|
deploymentAnnotations: {}
|
|
|
|
statefulSet:
|
|
## If true, use a statefulset instead of a deployment for pod management.
|
|
## This allows to scale replicas to more than 1 pod
|
|
##
|
|
enabled: false
|
|
|
|
annotations: {}
|
|
labels: {}
|
|
podManagementPolicy: OrderedReady
|
|
|
|
## Alertmanager headless service to use for the statefulset
|
|
##
|
|
headless:
|
|
annotations: {}
|
|
labels: {}
|
|
|
|
## Enabling peer mesh service end points for enabling the HA alert manager
|
|
## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
|
|
enableMeshPeer: false
|
|
|
|
servicePort: 80
|
|
|
|
## alertmanager resource requests and limits
|
|
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
# requests:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
|
|
# Custom DNS configuration to be added to alertmanager pods
|
|
dnsConfig: {}
|
|
# nameservers:
|
|
# - 1.2.3.4
|
|
# searches:
|
|
# - ns1.svc.cluster-domain.example
|
|
# - my.dns.search.suffix
|
|
# options:
|
|
# - name: ndots
|
|
# value: "2"
|
|
# - name: edns0
|
|
|
|
## Security context to be added to alertmanager pods
|
|
##
|
|
securityContext:
|
|
runAsUser: 65534
|
|
runAsNonRoot: true
|
|
runAsGroup: 65534
|
|
fsGroup: 65534
|
|
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
clusterIP: ""
|
|
|
|
## Enabling peer mesh service end points for enabling the HA alert manager
|
|
## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
|
|
# enableMeshPeer : true
|
|
|
|
## List of IP addresses at which the alertmanager service is available
|
|
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
|
|
##
|
|
externalIPs: []
|
|
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
servicePort: 80
|
|
# nodePort: 30000
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
|
|
## List of initial peers
|
|
## Ref: https://github.com/prometheus/alertmanager/blob/main/README.md#high-availability
|
|
clusterPeers: []
|
|
|
|
## Monitors ConfigMap changes and POSTs to a URL
|
|
## Ref: https://github.com/jimmidyson/configmap-reload
|
|
##
|
|
configmapReload:
|
|
prometheus:
|
|
## If false, the configmap-reload container will not be deployed
|
|
##
|
|
enabled: true
|
|
|
|
## configmap-reload container name
|
|
##
|
|
name: configmap-reload
|
|
|
|
## configmap-reload container image
|
|
##
|
|
image:
|
|
repository: jimmidyson/configmap-reload
|
|
tag: v0.5.0
|
|
pullPolicy: IfNotPresent
|
|
|
|
# containerPort: 9533
|
|
|
|
## Additional configmap-reload container arguments
|
|
##
|
|
extraArgs: {}
|
|
## Additional configmap-reload volume directories
|
|
##
|
|
extraVolumeDirs: []
|
|
|
|
|
|
## Additional configmap-reload mounts
|
|
##
|
|
extraConfigmapMounts: []
|
|
# - name: prometheus-alerts
|
|
# mountPath: /etc/alerts.d
|
|
# subPath: ""
|
|
# configMap: prometheus-alerts
|
|
# readOnly: true
|
|
|
|
|
|
## configmap-reload resource requests and limits
|
|
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
alertmanager:
|
|
## If false, the configmap-reload container will not be deployed
|
|
##
|
|
enabled: true
|
|
|
|
## configmap-reload container name
|
|
##
|
|
name: configmap-reload
|
|
|
|
## configmap-reload container image
|
|
##
|
|
image:
|
|
repository: jimmidyson/configmap-reload
|
|
tag: v0.5.0
|
|
pullPolicy: IfNotPresent
|
|
|
|
# containerPort: 9533
|
|
|
|
## Additional configmap-reload container arguments
|
|
##
|
|
extraArgs: {}
|
|
## Additional configmap-reload volume directories
|
|
##
|
|
extraVolumeDirs: []
|
|
|
|
|
|
## Additional configmap-reload mounts
|
|
##
|
|
extraConfigmapMounts: []
|
|
# - name: prometheus-alerts
|
|
# mountPath: /etc/alerts.d
|
|
# subPath: ""
|
|
# configMap: prometheus-alerts
|
|
# readOnly: true
|
|
|
|
|
|
## configmap-reload resource requests and limits
|
|
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
|
|
kubeStateMetrics:
|
|
## If false, kube-state-metrics sub-chart will not be installed
|
|
##
|
|
enabled: true
|
|
|
|
## kube-state-metrics sub-chart configurable values
|
|
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics
|
|
##
|
|
# kube-state-metrics:
|
|
|
|
nodeExporter:
|
|
## If false, node-exporter will not be installed
|
|
##
|
|
enabled: true
|
|
|
|
## If true, node-exporter pods share the host network namespace
|
|
##
|
|
hostNetwork: true
|
|
|
|
## If true, node-exporter pods share the host PID namespace
|
|
##
|
|
hostPID: true
|
|
|
|
## If true, node-exporter pods mounts host / at /host/root
|
|
##
|
|
hostRootfs: true
|
|
|
|
## node-exporter container name
|
|
##
|
|
name: node-exporter
|
|
|
|
## node-exporter container image
|
|
##
|
|
image:
|
|
repository: quay.io/prometheus/node-exporter
|
|
tag: v1.3.0
|
|
pullPolicy: IfNotPresent
|
|
|
|
## Specify if a Pod Security Policy for node-exporter must be created
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
##
|
|
podSecurityPolicy:
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
##
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
|
|
|
## node-exporter priorityClassName
|
|
##
|
|
priorityClassName: ""
|
|
|
|
## Custom Update Strategy
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
|
|
## Additional node-exporter container arguments
|
|
##
|
|
extraArgs: {}
|
|
|
|
## Additional InitContainers to initialize the pod
|
|
##
|
|
extraInitContainers: []
|
|
|
|
## Additional node-exporter hostPath mounts
|
|
##
|
|
extraHostPathMounts: []
|
|
# - name: textfile-dir
|
|
# mountPath: /srv/txt_collector
|
|
# hostPath: /var/lib/node-exporter
|
|
# readOnly: true
|
|
# mountPropagation: HostToContainer
|
|
|
|
extraConfigmapMounts: []
|
|
# - name: certs-configmap
|
|
# mountPath: /prometheus
|
|
# configMap: certs-configmap
|
|
# readOnly: true
|
|
|
|
## Node tolerations for node-exporter scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node labels for node-exporter pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Annotations to be added to node-exporter pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to node-exporter pods
|
|
##
|
|
pod:
|
|
labels: {}
|
|
|
|
## PodDisruptionBudget settings
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
##
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
maxUnavailable: 1
|
|
|
|
## node-exporter resource limits & requests
|
|
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 200m
|
|
# memory: 50Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 30Mi
|
|
container:
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
# Custom DNS configuration to be added to node-exporter pods
|
|
dnsConfig: {}
|
|
# nameservers:
|
|
# - 1.2.3.4
|
|
# searches:
|
|
# - ns1.svc.cluster-domain.example
|
|
# - my.dns.search.suffix
|
|
# options:
|
|
# - name: ndots
|
|
# value: "2"
|
|
# - name: edns0
|
|
|
|
## Security context to be added to node-exporter pods
|
|
##
|
|
securityContext:
|
|
fsGroup: 65534
|
|
runAsGroup: 65534
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
labels: {}
|
|
|
|
# Exposed as a headless service:
|
|
# https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
|
|
clusterIP: None
|
|
|
|
## List of IP addresses at which the node-exporter service is available
|
|
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
|
|
##
|
|
externalIPs: []
|
|
|
|
hostPort: 9100
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
servicePort: 9100
|
|
type: ClusterIP
|
|
|
|
server:
|
|
## Prometheus server container name
|
|
##
|
|
enabled: true
|
|
|
|
## Use a ClusterRole (and ClusterRoleBinding)
|
|
## - If set to false - we define a RoleBinding in the defined namespaces ONLY
|
|
##
|
|
## NB: because we need a Role with nonResourceURL's ("/metrics") - you must get someone with Cluster-admin privileges to define this role for you, before running with this setting enabled.
|
|
## This makes prometheus work - for users who do not have ClusterAdmin privs, but wants prometheus to operate on their own namespaces, instead of clusterwide.
|
|
##
|
|
## You MUST also set namespaces to the ones you have access to and want monitored by Prometheus.
|
|
##
|
|
# useExistingClusterRoleName: nameofclusterrole
|
|
|
|
## namespaces to monitor (instead of monitoring all - clusterwide). Needed if you want to run without Cluster-admin privileges.
|
|
# namespaces:
|
|
# - yournamespace
|
|
|
|
name: server
|
|
|
|
# sidecarContainers - add more containers to prometheus server
|
|
# Key/Value where Key is the sidecar `- name: <Key>`
|
|
# Example:
|
|
# sidecarContainers:
|
|
# webserver:
|
|
# image: nginx
|
|
sidecarContainers: {}
|
|
|
|
# sidecarTemplateValues - context to be used in template for sidecarContainers
|
|
# Example:
|
|
# sidecarTemplateValues: *your-custom-globals
|
|
# sidecarContainers:
|
|
# webserver: |-
|
|
# {{ include "webserver-container-template" . }}
|
|
# Template for `webserver-container-template` might looks like this:
|
|
# image: "{{ .Values.server.sidecarTemplateValues.repository }}:{{ .Values.server.sidecarTemplateValues.tag }}"
|
|
# ...
|
|
#
|
|
sidecarTemplateValues: {}
|
|
|
|
## Prometheus server container image
|
|
##
|
|
image:
|
|
repository: quay.io/prometheus/prometheus
|
|
tag: v2.34.0
|
|
pullPolicy: IfNotPresent
|
|
|
|
## prometheus server priorityClassName
|
|
##
|
|
priorityClassName: ""
|
|
|
|
## EnableServiceLinks indicates whether information about services should be injected
|
|
## into pod's environment variables, matching the syntax of Docker links.
|
|
## WARNING: the field is unsupported and will be skipped in K8s prior to v1.13.0.
|
|
##
|
|
enableServiceLinks: true
|
|
|
|
## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
|
|
## so that the various internal URLs are still able to access as they are in the default case.
|
|
## (Optional)
|
|
prefixURL: ""
|
|
|
|
## External URL which can access prometheus
|
|
## Maybe same with Ingress host name
|
|
baseURL: ""
|
|
|
|
## Additional server container environment variables
|
|
##
|
|
## You specify this manually like you would a raw deployment manifest.
|
|
## This means you can bind in environment variables from secrets.
|
|
##
|
|
## e.g. static environment variable:
|
|
## - name: DEMO_GREETING
|
|
## value: "Hello from the environment"
|
|
##
|
|
## e.g. secret environment variable:
|
|
## - name: USERNAME
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: mysecret
|
|
## key: username
|
|
env: []
|
|
|
|
# List of flags to override default parameters, e.g:
|
|
# - --enable-feature=agent
|
|
# - --storage.agent.retention.max-time=30m
|
|
defaultFlagsOverride: []
|
|
|
|
extraFlags:
|
|
- web.enable-lifecycle
|
|
## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as
|
|
## deleting time series. This is disabled by default.
|
|
# - web.enable-admin-api
|
|
##
|
|
## storage.tsdb.no-lockfile flag controls BD locking
|
|
# - storage.tsdb.no-lockfile
|
|
##
|
|
## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL)
|
|
# - storage.tsdb.wal-compression
|
|
|
|
## Path to a configuration file on prometheus server container FS
|
|
configPath: /etc/config/prometheus.yml
|
|
|
|
### The data directory used by prometheus to set --storage.tsdb.path
|
|
### When empty server.persistentVolume.mountPath is used instead
|
|
storagePath: ""
|
|
|
|
global:
|
|
## How frequently to scrape targets by default
|
|
##
|
|
scrape_interval: 1m
|
|
## How long until a scrape request times out
|
|
##
|
|
scrape_timeout: 10s
|
|
## How frequently to evaluate rules
|
|
##
|
|
evaluation_interval: 1m
|
|
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
|
|
##
|
|
remoteWrite: []
|
|
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read
|
|
##
|
|
remoteRead: []
|
|
|
|
## Custom HTTP headers for Liveness/Readiness/Startup Probe
|
|
##
|
|
## Useful for providing HTTP Basic Auth to healthchecks
|
|
probeHeaders: []
|
|
|
|
## Additional Prometheus server container arguments
|
|
##
|
|
extraArgs: {}
|
|
|
|
## Additional InitContainers to initialize the pod
|
|
##
|
|
extraInitContainers: []
|
|
|
|
## Additional Prometheus server Volume mounts
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Additional Prometheus server Volumes
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Additional Prometheus server hostPath mounts
|
|
##
|
|
extraHostPathMounts: []
|
|
# - name: certs-dir
|
|
# mountPath: /etc/kubernetes/certs
|
|
# subPath: ""
|
|
# hostPath: /etc/kubernetes/certs
|
|
# readOnly: true
|
|
|
|
extraConfigmapMounts: []
|
|
# - name: certs-configmap
|
|
# mountPath: /prometheus
|
|
# subPath: ""
|
|
# configMap: certs-configmap
|
|
# readOnly: true
|
|
|
|
## Additional Prometheus server Secret mounts
|
|
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
|
|
extraSecretMounts: []
|
|
# - name: secret-files
|
|
# mountPath: /etc/secrets
|
|
# subPath: ""
|
|
# secretName: prom-secret-files
|
|
# readOnly: true
|
|
|
|
## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}}
|
|
## Defining configMapOverrideName will cause templates/server-configmap.yaml
|
|
## to NOT generate a ConfigMap resource
|
|
##
|
|
configMapOverrideName: ""
|
|
|
|
ingress:
|
|
## If true, Prometheus server Ingress will be created
|
|
##
|
|
enabled: false
|
|
|
|
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
|
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
|
# ingressClassName: nginx
|
|
|
|
## Prometheus server Ingress annotations
|
|
##
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: 'true'
|
|
|
|
## Prometheus server Ingress additional labels
|
|
##
|
|
extraLabels: {}
|
|
|
|
## Prometheus server Ingress hostnames with optional path
|
|
## Must be provided if Ingress is enabled
|
|
##
|
|
hosts: []
|
|
# - prometheus.domain.com
|
|
# - domain.com/prometheus
|
|
|
|
path: /
|
|
|
|
# pathType is only for k8s >= 1.18
|
|
pathType: Prefix
|
|
|
|
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
|
|
extraPaths: []
|
|
# - path: /*
|
|
# backend:
|
|
# serviceName: ssl-redirect
|
|
# servicePort: use-annotation
|
|
|
|
## Prometheus server Ingress TLS configuration
|
|
## Secrets must be manually created in the namespace
|
|
##
|
|
tls: []
|
|
# - secretName: prometheus-server-tls
|
|
# hosts:
|
|
# - prometheus.domain.com
|
|
|
|
## Server Deployment Strategy type
|
|
# strategy:
|
|
# type: Recreate
|
|
|
|
## hostAliases allows adding entries to /etc/hosts inside the containers
|
|
hostAliases: []
|
|
# - ip: "127.0.0.1"
|
|
# hostnames:
|
|
# - "example.com"
|
|
|
|
## Node tolerations for server scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node labels for Prometheus server pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Pod affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## PodDisruptionBudget settings
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
##
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
maxUnavailable: 1
|
|
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
# schedulerName:
|
|
|
|
persistentVolume:
|
|
## If true, Prometheus server will create/use a Persistent Volume Claim
|
|
## If false, use emptyDir
|
|
##
|
|
enabled: true
|
|
|
|
## Prometheus server data Persistent Volume access modes
|
|
## Must match those of existing PV or dynamic provisioner
|
|
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
|
|
## Prometheus server data Persistent Volume annotations
|
|
##
|
|
annotations: {}
|
|
|
|
## Prometheus server data Persistent Volume existing claim name
|
|
## Requires server.persistentVolume.enabled: true
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
existingClaim: ""
|
|
|
|
## Prometheus server data Persistent Volume mount root path
|
|
##
|
|
mountPath: /data
|
|
|
|
## Prometheus server data Persistent Volume size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Prometheus server data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
|
|
## Prometheus server data Persistent Volume Binding Mode
|
|
## If defined, volumeBindingMode: <volumeBindingMode>
|
|
## If undefined (the default) or set to null, no volumeBindingMode spec is
|
|
## set, choosing the default mode.
|
|
##
|
|
# volumeBindingMode: ""
|
|
|
|
## Subdirectory of Prometheus server data Persistent Volume to mount
|
|
## Useful if the volume's root directory is not empty
|
|
##
|
|
subPath: ""
|
|
|
|
## Persistent Volume Claim Selector
|
|
## Useful if Persistent Volumes have been provisioned in advance
|
|
## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
|
|
##
|
|
# selector:
|
|
# matchLabels:
|
|
# release: "stable"
|
|
# matchExpressions:
|
|
# - { key: environment, operator: In, values: [ dev ] }
|
|
|
|
emptyDir:
|
|
## Prometheus server emptyDir volume size limit
|
|
##
|
|
sizeLimit: ""
|
|
|
|
## Annotations to be added to Prometheus server pods
|
|
##
|
|
podAnnotations: {}
|
|
# iam.amazonaws.com/role: prometheus
|
|
|
|
## Labels to be added to Prometheus server pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Prometheus AlertManager configuration
|
|
##
|
|
alertmanagers: []
|
|
|
|
## Specify if a Pod Security Policy for node-exporter must be created
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
##
|
|
podSecurityPolicy:
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
##
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
|
|
|
## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
|
|
##
|
|
replicaCount: 1
|
|
|
|
## Annotations to be added to deployment
|
|
##
|
|
deploymentAnnotations: {}
|
|
|
|
statefulSet:
|
|
## If true, use a statefulset instead of a deployment for pod management.
|
|
## This allows to scale replicas to more than 1 pod
|
|
##
|
|
enabled: false
|
|
|
|
annotations: {}
|
|
labels: {}
|
|
podManagementPolicy: OrderedReady
|
|
|
|
## Alertmanager headless service to use for the statefulset
|
|
##
|
|
headless:
|
|
annotations: {}
|
|
labels: {}
|
|
servicePort: 80
|
|
## Enable gRPC port on service to allow auto discovery with thanos-querier
|
|
gRPC:
|
|
enabled: false
|
|
servicePort: 10901
|
|
# nodePort: 10901
|
|
|
|
## Prometheus server readiness and liveness probe initial delay and timeout
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
|
##
|
|
tcpSocketProbeEnabled: false
|
|
probeScheme: HTTP
|
|
readinessProbeInitialDelay: 30
|
|
readinessProbePeriodSeconds: 5
|
|
readinessProbeTimeout: 4
|
|
readinessProbeFailureThreshold: 3
|
|
readinessProbeSuccessThreshold: 1
|
|
livenessProbeInitialDelay: 30
|
|
livenessProbePeriodSeconds: 15
|
|
livenessProbeTimeout: 10
|
|
livenessProbeFailureThreshold: 3
|
|
livenessProbeSuccessThreshold: 1
|
|
startupProbe:
|
|
enabled: false
|
|
periodSeconds: 5
|
|
failureThreshold: 30
|
|
timeoutSeconds: 10
|
|
|
|
## Prometheus server resource requests and limits
|
|
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 500m
|
|
# memory: 512Mi
|
|
# requests:
|
|
# cpu: 500m
|
|
# memory: 512Mi
|
|
|
|
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
|
|
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
|
|
##
|
|
hostNetwork: false
|
|
|
|
# When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet
|
|
dnsPolicy: ClusterFirst
|
|
|
|
# Use hostPort
|
|
# hostPort: 9090
|
|
|
|
## Vertical Pod Autoscaler config
|
|
## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
|
|
verticalAutoscaler:
|
|
## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs)
|
|
enabled: false
|
|
# updateMode: "Auto"
|
|
# containerPolicies:
|
|
# - containerName: 'prometheus-server'
|
|
|
|
# Custom DNS configuration to be added to prometheus server pods
|
|
dnsConfig: {}
|
|
# nameservers:
|
|
# - 1.2.3.4
|
|
# searches:
|
|
# - ns1.svc.cluster-domain.example
|
|
# - my.dns.search.suffix
|
|
# options:
|
|
# - name: ndots
|
|
# value: "2"
|
|
# - name: edns0
|
|
## Security context to be added to server pods
|
|
##
|
|
securityContext:
|
|
runAsUser: 65534
|
|
runAsNonRoot: true
|
|
runAsGroup: 65534
|
|
fsGroup: 65534
|
|
|
|
service:
|
|
## If false, no Service will be created for the Prometheus server
|
|
##
|
|
enabled: true
|
|
|
|
annotations: {}
|
|
labels: {}
|
|
clusterIP: ""
|
|
|
|
## List of IP addresses at which the Prometheus server service is available
|
|
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
|
|
##
|
|
externalIPs: []
|
|
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
servicePort: 80
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
|
|
## Enable gRPC port on service to allow auto discovery with thanos-querier
|
|
gRPC:
|
|
enabled: false
|
|
servicePort: 10901
|
|
# nodePort: 10901
|
|
|
|
## If using a statefulSet (statefulSet.enabled=true), configure the
|
|
## service to connect to a specific replica to have a consistent view
|
|
## of the data.
|
|
statefulsetReplica:
|
|
enabled: false
|
|
replica: 0
|
|
|
|
## Prometheus server pod termination grace period
|
|
##
|
|
terminationGracePeriodSeconds: 300
|
|
|
|
## Prometheus data retention period (default if not specified is 15 days)
|
|
##
|
|
retention: "15d"
|
|
|
|
pushgateway:
|
|
## If false, pushgateway will not be installed
|
|
##
|
|
enabled: true
|
|
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
# schedulerName:
|
|
|
|
## pushgateway container name
|
|
##
|
|
name: pushgateway
|
|
|
|
## pushgateway container image
|
|
##
|
|
image:
|
|
repository: prom/pushgateway
|
|
tag: v1.4.2
|
|
pullPolicy: IfNotPresent
|
|
|
|
## pushgateway priorityClassName
|
|
##
|
|
priorityClassName: ""
|
|
|
|
## Additional pushgateway container arguments
|
|
##
|
|
## for example: persistence.file: /data/pushgateway.data
|
|
extraArgs: {}
|
|
|
|
## Additional InitContainers to initialize the pod
|
|
##
|
|
extraInitContainers: []
|
|
|
|
ingress:
|
|
## If true, pushgateway Ingress will be created
|
|
##
|
|
enabled: false
|
|
|
|
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
|
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
|
# ingressClassName: nginx
|
|
|
|
## pushgateway Ingress annotations
|
|
##
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: 'true'
|
|
|
|
## pushgateway Ingress hostnames with optional path
|
|
## Must be provided if Ingress is enabled
|
|
##
|
|
hosts: []
|
|
# - pushgateway.domain.com
|
|
# - domain.com/pushgateway
|
|
|
|
path: /
|
|
|
|
# pathType is only for k8s >= 1.18
|
|
pathType: Prefix
|
|
|
|
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
|
|
extraPaths: []
|
|
# - path: /*
|
|
# backend:
|
|
# serviceName: ssl-redirect
|
|
# servicePort: use-annotation
|
|
|
|
## pushgateway Ingress TLS configuration
|
|
## Secrets must be manually created in the namespace
|
|
##
|
|
tls: []
|
|
# - secretName: prometheus-alerts-tls
|
|
# hosts:
|
|
# - pushgateway.domain.com
|
|
|
|
## Node tolerations for pushgateway scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node labels for pushgateway pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Annotations to be added to pushgateway pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to pushgateway pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Specify if a Pod Security Policy for node-exporter must be created
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
##
|
|
podSecurityPolicy:
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
##
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
|
|
|
replicaCount: 1
|
|
|
|
## Annotations to be added to deployment
|
|
##
|
|
deploymentAnnotations: {}
|
|
|
|
## PodDisruptionBudget settings
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
##
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
maxUnavailable: 1
|
|
|
|
## pushgateway resource requests and limits
|
|
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
# requests:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
|
|
## Vertical Pod Autoscaler config
|
|
## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
|
|
verticalAutoscaler:
|
|
## If true a VPA object will be created for the controller
|
|
enabled: false
|
|
# updateMode: "Auto"
|
|
# containerPolicies:
|
|
# - containerName: 'prometheus-pushgateway'
|
|
|
|
# Custom DNS configuration to be added to push-gateway pods
|
|
dnsConfig: {}
|
|
# nameservers:
|
|
# - 1.2.3.4
|
|
# searches:
|
|
# - ns1.svc.cluster-domain.example
|
|
# - my.dns.search.suffix
|
|
# options:
|
|
# - name: ndots
|
|
# value: "2"
|
|
# - name: edns0
|
|
|
|
## Security context to be added to push-gateway pods
|
|
##
|
|
securityContext:
|
|
runAsUser: 65534
|
|
runAsNonRoot: true
|
|
|
|
service:
|
|
annotations:
|
|
prometheus.io/probe: pushgateway
|
|
labels: {}
|
|
clusterIP: ""
|
|
|
|
## List of IP addresses at which the pushgateway service is available
|
|
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
|
|
##
|
|
externalIPs: []
|
|
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
servicePort: 9091
|
|
type: ClusterIP
|
|
|
|
## pushgateway Deployment Strategy type
|
|
# strategy:
|
|
# type: Recreate
|
|
|
|
persistentVolume:
|
|
## If true, pushgateway will create/use a Persistent Volume Claim
|
|
##
|
|
enabled: false
|
|
|
|
## pushgateway data Persistent Volume access modes
|
|
## Must match those of existing PV or dynamic provisioner
|
|
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
|
|
## pushgateway data Persistent Volume Claim annotations
|
|
##
|
|
annotations: {}
|
|
|
|
## pushgateway data Persistent Volume existing claim name
|
|
## Requires pushgateway.persistentVolume.enabled: true
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
existingClaim: ""
|
|
|
|
## pushgateway data Persistent Volume mount root path
|
|
##
|
|
mountPath: /data
|
|
|
|
## pushgateway data Persistent Volume size
|
|
##
|
|
size: 2Gi
|
|
|
|
## pushgateway data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
|
|
## pushgateway data Persistent Volume Binding Mode
|
|
## If defined, volumeBindingMode: <volumeBindingMode>
|
|
## If undefined (the default) or set to null, no volumeBindingMode spec is
|
|
## set, choosing the default mode.
|
|
##
|
|
# volumeBindingMode: ""
|
|
|
|
## Subdirectory of pushgateway data Persistent Volume to mount
|
|
## Useful if the volume's root directory is not empty
|
|
##
|
|
subPath: ""
|
|
|
|
|
|
## alertmanager ConfigMap entries
|
|
##
|
|
alertmanagerFiles:
|
|
alertmanager.yml:
|
|
global: {}
|
|
# slack_api_url: ''
|
|
|
|
receivers:
|
|
- name: default-receiver
|
|
# slack_configs:
|
|
# - channel: '@you'
|
|
# send_resolved: true
|
|
|
|
route:
|
|
group_wait: 10s
|
|
group_interval: 5m
|
|
receiver: default-receiver
|
|
repeat_interval: 3h
|
|
|
|
## Prometheus server ConfigMap entries for rule files (allow prometheus labels interpolation)
|
|
ruleFiles: {}
|
|
|
|
## Prometheus server ConfigMap entries
|
|
##
|
|
serverFiles:
|
|
|
|
## Alerts configuration
|
|
## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
|
|
alerting_rules.yml: {}
|
|
# groups:
|
|
# - name: Instances
|
|
# rules:
|
|
# - alert: InstanceDown
|
|
# expr: up == 0
|
|
# for: 5m
|
|
# labels:
|
|
# severity: page
|
|
# annotations:
|
|
# description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.'
|
|
# summary: 'Instance {{ $labels.instance }} down'
|
|
## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml
|
|
alerts: {}
|
|
|
|
## Records configuration
|
|
## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
|
|
recording_rules.yml: {}
|
|
## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml
|
|
rules: {}
|
|
|
|
prometheus.yml:
|
|
rule_files:
|
|
- /etc/config/recording_rules.yml
|
|
- /etc/config/alerting_rules.yml
|
|
## Below two files are DEPRECATED will be removed from this default values file
|
|
- /etc/config/rules
|
|
- /etc/config/alerts
|
|
|
|
scrape_configs:
|
|
- job_name: prometheus
|
|
static_configs:
|
|
- targets:
|
|
- localhost:9090
|
|
|
|
# A scrape configuration for running Prometheus on a Kubernetes cluster.
|
|
# This uses separate scrape configs for cluster components (i.e. API server, node)
|
|
# and services to allow each to use different authentication configs.
|
|
#
|
|
# Kubernetes labels will be added as Prometheus labels on metrics via the
|
|
# `labelmap` relabeling action.
|
|
|
|
# Scrape config for API servers.
|
|
#
|
|
# Kubernetes exposes API servers as endpoints to the default/kubernetes
|
|
# service so this uses `endpoints` role and uses relabelling to only keep
|
|
# the endpoints associated with the default/kubernetes service using the
|
|
# default named port `https`. This works for single API server deployments as
|
|
# well as HA API server deployments.
|
|
- job_name: 'kubernetes-apiservers'
|
|
|
|
kubernetes_sd_configs:
|
|
- role: endpoints
|
|
|
|
# Default to scraping over https. If required, just disable this or change to
|
|
# `http`.
|
|
scheme: https
|
|
|
|
# This TLS & bearer token file config is used to connect to the actual scrape
|
|
# endpoints for cluster components. This is separate to discovery auth
|
|
# configuration because discovery & scraping are two separate concerns in
|
|
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
|
|
# the cluster. Otherwise, more config options have to be provided within the
|
|
# <kubernetes_sd_config>.
|
|
tls_config:
|
|
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
# If your node certificates are self-signed or use a different CA to the
|
|
# master CA, then disable certificate verification below. Note that
|
|
# certificate verification is an integral part of a secure infrastructure
|
|
# so this should only be disabled in a controlled environment. You can
|
|
# disable certificate verification by uncommenting the line below.
|
|
#
|
|
insecure_skip_verify: true
|
|
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
|
|
# Keep only the default/kubernetes service endpoints for the https port. This
|
|
# will add targets for each API server which Kubernetes adds an endpoint to
|
|
# the default/kubernetes service.
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
|
|
action: keep
|
|
regex: default;kubernetes;https
|
|
|
|
- job_name: 'kubernetes-nodes'
|
|
|
|
# Default to scraping over https. If required, just disable this or change to
|
|
# `http`.
|
|
scheme: https
|
|
|
|
# This TLS & bearer token file config is used to connect to the actual scrape
|
|
# endpoints for cluster components. This is separate to discovery auth
|
|
# configuration because discovery & scraping are two separate concerns in
|
|
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
|
|
# the cluster. Otherwise, more config options have to be provided within the
|
|
# <kubernetes_sd_config>.
|
|
tls_config:
|
|
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
# If your node certificates are self-signed or use a different CA to the
|
|
# master CA, then disable certificate verification below. Note that
|
|
# certificate verification is an integral part of a secure infrastructure
|
|
# so this should only be disabled in a controlled environment. You can
|
|
# disable certificate verification by uncommenting the line below.
|
|
#
|
|
insecure_skip_verify: true
|
|
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
|
|
kubernetes_sd_configs:
|
|
- role: node
|
|
|
|
relabel_configs:
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_node_label_(.+)
|
|
- target_label: __address__
|
|
replacement: kubernetes.default.svc:443
|
|
- source_labels: [__meta_kubernetes_node_name]
|
|
regex: (.+)
|
|
target_label: __metrics_path__
|
|
replacement: /api/v1/nodes/$1/proxy/metrics
|
|
|
|
|
|
- job_name: 'kubernetes-nodes-cadvisor'
|
|
|
|
# Default to scraping over https. If required, just disable this or change to
|
|
# `http`.
|
|
scheme: https
|
|
|
|
# This TLS & bearer token file config is used to connect to the actual scrape
|
|
# endpoints for cluster components. This is separate to discovery auth
|
|
# configuration because discovery & scraping are two separate concerns in
|
|
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
|
|
# the cluster. Otherwise, more config options have to be provided within the
|
|
# <kubernetes_sd_config>.
|
|
tls_config:
|
|
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
# If your node certificates are self-signed or use a different CA to the
|
|
# master CA, then disable certificate verification below. Note that
|
|
# certificate verification is an integral part of a secure infrastructure
|
|
# so this should only be disabled in a controlled environment. You can
|
|
# disable certificate verification by uncommenting the line below.
|
|
#
|
|
insecure_skip_verify: true
|
|
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
|
|
kubernetes_sd_configs:
|
|
- role: node
|
|
|
|
# This configuration will work only on kubelet 1.7.3+
|
|
# As the scrape endpoints for cAdvisor have changed
|
|
# if you are using older version you need to change the replacement to
|
|
# replacement: /api/v1/nodes/$1:4194/proxy/metrics
|
|
# more info here https://github.com/coreos/prometheus-operator/issues/633
|
|
relabel_configs:
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_node_label_(.+)
|
|
- target_label: __address__
|
|
replacement: kubernetes.default.svc:443
|
|
- source_labels: [__meta_kubernetes_node_name]
|
|
regex: (.+)
|
|
target_label: __metrics_path__
|
|
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
|
|
|
|
# Scrape config for service endpoints.
|
|
#
|
|
# The relabeling allows the actual service scrape endpoint to be configured
|
|
# via the following annotations:
|
|
#
|
|
# * `prometheus.io/scrape`: Only scrape services that have a value of
|
|
# `true`, except if `prometheus.io/scrape-slow` is set to `true` as well.
|
|
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
|
|
# to set this to `https` & most likely set the `tls_config` of the scrape config.
|
|
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
|
|
# * `prometheus.io/port`: If the metrics are exposed on a different port to the
|
|
# service then set this appropriately.
|
|
# * `prometheus.io/param_<parameter>`: If the metrics endpoint uses parameters
|
|
# then you can set any parameter
|
|
- job_name: 'kubernetes-service-endpoints'
|
|
honor_labels: true
|
|
|
|
kubernetes_sd_configs:
|
|
- role: endpoints
|
|
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
|
|
action: keep
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
|
|
action: drop
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
|
|
action: replace
|
|
target_label: __scheme__
|
|
regex: (https?)
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
|
|
action: replace
|
|
target_label: __metrics_path__
|
|
regex: (.+)
|
|
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
|
|
action: replace
|
|
target_label: __address__
|
|
regex: ([^:]+)(?::\d+)?;(\d+)
|
|
replacement: $1:$2
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
|
|
replacement: __param_$1
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_service_label_(.+)
|
|
- source_labels: [__meta_kubernetes_namespace]
|
|
action: replace
|
|
target_label: namespace
|
|
- source_labels: [__meta_kubernetes_service_name]
|
|
action: replace
|
|
target_label: service
|
|
- source_labels: [__meta_kubernetes_pod_node_name]
|
|
action: replace
|
|
target_label: node
|
|
|
|
# Scrape config for slow service endpoints; same as above, but with a larger
|
|
# timeout and a larger interval
|
|
#
|
|
# The relabeling allows the actual service scrape endpoint to be configured
|
|
# via the following annotations:
|
|
#
|
|
# * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true`
|
|
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
|
|
# to set this to `https` & most likely set the `tls_config` of the scrape config.
|
|
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
|
|
# * `prometheus.io/port`: If the metrics are exposed on a different port to the
|
|
# service then set this appropriately.
|
|
# * `prometheus.io/param_<parameter>`: If the metrics endpoint uses parameters
|
|
# then you can set any parameter
|
|
- job_name: 'kubernetes-service-endpoints-slow'
|
|
honor_labels: true
|
|
|
|
scrape_interval: 5m
|
|
scrape_timeout: 30s
|
|
|
|
kubernetes_sd_configs:
|
|
- role: endpoints
|
|
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
|
|
action: keep
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
|
|
action: replace
|
|
target_label: __scheme__
|
|
regex: (https?)
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
|
|
action: replace
|
|
target_label: __metrics_path__
|
|
regex: (.+)
|
|
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
|
|
action: replace
|
|
target_label: __address__
|
|
regex: ([^:]+)(?::\d+)?;(\d+)
|
|
replacement: $1:$2
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
|
|
replacement: __param_$1
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_service_label_(.+)
|
|
- source_labels: [__meta_kubernetes_namespace]
|
|
action: replace
|
|
target_label: namespace
|
|
- source_labels: [__meta_kubernetes_service_name]
|
|
action: replace
|
|
target_label: service
|
|
- source_labels: [__meta_kubernetes_pod_node_name]
|
|
action: replace
|
|
target_label: node
|
|
|
|
- job_name: 'prometheus-pushgateway'
|
|
honor_labels: true
|
|
|
|
kubernetes_sd_configs:
|
|
- role: service
|
|
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
|
|
action: keep
|
|
regex: pushgateway
|
|
|
|
# Example scrape config for probing services via the Blackbox Exporter.
|
|
#
|
|
# The relabeling allows the actual service scrape endpoint to be configured
|
|
# via the following annotations:
|
|
#
|
|
# * `prometheus.io/probe`: Only probe services that have a value of `true`
|
|
- job_name: 'kubernetes-services'
|
|
honor_labels: true
|
|
|
|
metrics_path: /probe
|
|
params:
|
|
module: [http_2xx]
|
|
|
|
kubernetes_sd_configs:
|
|
- role: service
|
|
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
|
|
action: keep
|
|
regex: true
|
|
- source_labels: [__address__]
|
|
target_label: __param_target
|
|
- target_label: __address__
|
|
replacement: blackbox
|
|
- source_labels: [__param_target]
|
|
target_label: instance
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_service_label_(.+)
|
|
- source_labels: [__meta_kubernetes_namespace]
|
|
target_label: namespace
|
|
- source_labels: [__meta_kubernetes_service_name]
|
|
target_label: service
|
|
|
|
# Example scrape config for pods
|
|
#
|
|
# The relabeling allows the actual pod scrape endpoint to be configured via the
|
|
# following annotations:
|
|
#
|
|
# * `prometheus.io/scrape`: Only scrape pods that have a value of `true`,
|
|
# except if `prometheus.io/scrape-slow` is set to `true` as well.
|
|
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
|
|
# to set this to `https` & most likely set the `tls_config` of the scrape config.
|
|
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
|
|
# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
|
|
- job_name: 'kubernetes-pods'
|
|
honor_labels: true
|
|
|
|
kubernetes_sd_configs:
|
|
- role: pod
|
|
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
|
|
action: keep
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
|
|
action: drop
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
|
|
action: replace
|
|
regex: (https?)
|
|
target_label: __scheme__
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
|
|
action: replace
|
|
target_label: __metrics_path__
|
|
regex: (.+)
|
|
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
|
|
action: replace
|
|
regex: ([^:]+)(?::\d+)?;(\d+)
|
|
replacement: $1:$2
|
|
target_label: __address__
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
|
|
replacement: __param_$1
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_pod_label_(.+)
|
|
- source_labels: [__meta_kubernetes_namespace]
|
|
action: replace
|
|
target_label: namespace
|
|
- source_labels: [__meta_kubernetes_pod_name]
|
|
action: replace
|
|
target_label: pod
|
|
- source_labels: [__meta_kubernetes_pod_phase]
|
|
regex: Pending|Succeeded|Failed|Completed
|
|
action: drop
|
|
|
|
# Example Scrape config for pods which should be scraped slower. An useful example
|
|
# would be stackriver-exporter which queries an API on every scrape of the pod
|
|
#
|
|
# The relabeling allows the actual pod scrape endpoint to be configured via the
|
|
# following annotations:
|
|
#
|
|
# * `prometheus.io/scrape-slow`: Only scrape pods that have a value of `true`
|
|
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
|
|
# to set this to `https` & most likely set the `tls_config` of the scrape config.
|
|
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
|
|
# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
|
|
- job_name: 'kubernetes-pods-slow'
|
|
honor_labels: true
|
|
|
|
scrape_interval: 5m
|
|
scrape_timeout: 30s
|
|
|
|
kubernetes_sd_configs:
|
|
- role: pod
|
|
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
|
|
action: keep
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
|
|
action: replace
|
|
regex: (https?)
|
|
target_label: __scheme__
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
|
|
action: replace
|
|
target_label: __metrics_path__
|
|
regex: (.+)
|
|
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
|
|
action: replace
|
|
regex: ([^:]+)(?::\d+)?;(\d+)
|
|
replacement: $1:$2
|
|
target_label: __address__
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
|
|
replacement: __param_$1
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_pod_label_(.+)
|
|
- source_labels: [__meta_kubernetes_namespace]
|
|
action: replace
|
|
target_label: namespace
|
|
- source_labels: [__meta_kubernetes_pod_name]
|
|
action: replace
|
|
target_label: pod
|
|
- source_labels: [__meta_kubernetes_pod_phase]
|
|
regex: Pending|Succeeded|Failed|Completed
|
|
action: drop
|
|
|
|
# adds additional scrape configs to prometheus.yml
|
|
# must be a string so you have to add a | after extraScrapeConfigs:
|
|
# example adds prometheus-blackbox-exporter scrape config
|
|
extraScrapeConfigs:
|
|
# - job_name: 'prometheus-blackbox-exporter'
|
|
# metrics_path: /probe
|
|
# params:
|
|
# module: [http_2xx]
|
|
# static_configs:
|
|
# - targets:
|
|
# - https://example.com
|
|
# relabel_configs:
|
|
# - source_labels: [__address__]
|
|
# target_label: __param_target
|
|
# - source_labels: [__param_target]
|
|
# target_label: instance
|
|
# - target_label: __address__
|
|
# replacement: prometheus-blackbox-exporter:9115
|
|
|
|
# Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager
|
|
# useful in H/A prometheus with different external labels but the same alerts
|
|
alertRelabelConfigs:
|
|
# alert_relabel_configs:
|
|
# - source_labels: [dc]
|
|
# regex: (.+)\d+
|
|
# target_label: dc
|
|
|
|
networkPolicy:
|
|
## Enable creation of NetworkPolicy resources.
|
|
##
|
|
enabled: false
|
|
|
|
# Force namespace of namespaced resources
|
|
forceNamespace: null
|