Integrate and patch prometheus-stack chart to customize alerts
This commit is contained in:
parent
4892d6c073
commit
67f1157848
14
Makefile
Normal file
14
Makefile
Normal file
@ -0,0 +1,14 @@
|
||||
BUCKET ?= zero-downtime
|
||||
BUCKET_PREFIX ?= /cloudbender/distfiles
|
||||
FILES ?= distfiles.txt
|
||||
|
||||
.PHONY: clean update
|
||||
|
||||
all: update
|
||||
|
||||
|
||||
clean:
|
||||
rm -f kubezero*.tgz
|
||||
|
||||
update:
|
||||
./script/update_helm.sh
|
@ -17,7 +17,8 @@ dependencies:
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
- name: kube-prometheus-stack
|
||||
version: 12.8.0
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
||||
# repository: https://prometheus-community.github.io/helm-charts
|
||||
- name: prometheus-adapter
|
||||
version: 2.10.1
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
|
@ -0,0 +1,26 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# helm/charts
|
||||
OWNERS
|
||||
hack/
|
||||
ci/
|
||||
kube-prometheus-*.tgz
|
@ -0,0 +1,12 @@
|
||||
# Contributing Guidelines
|
||||
|
||||
## How to contribute to this chart
|
||||
|
||||
1. Fork this repository, develop and test your Chart.
|
||||
1. Bump the chart version for every change.
|
||||
1. Ensure PR title has the prefix `[kube-prometheus-stack]`
|
||||
1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories
|
||||
1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes.
|
||||
1. Check for changes of RBAC rules.
|
||||
1. Check for changes in CRD specs.
|
||||
1. PR must pass the linter (`helm lint`)
|
@ -0,0 +1,50 @@
|
||||
annotations:
|
||||
artifacthub.io/links: |
|
||||
- name: Chart Source
|
||||
url: https://github.com/prometheus-community/helm-charts
|
||||
- name: Upstream Project
|
||||
url: https://github.com/prometheus-operator/kube-prometheus
|
||||
artifacthub.io/operator: "true"
|
||||
apiVersion: v2
|
||||
appVersion: 0.44.0
|
||||
dependencies:
|
||||
- condition: kubeStateMetrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://charts.helm.sh/stable
|
||||
version: 2.9.*
|
||||
- condition: nodeExporter.enabled
|
||||
name: prometheus-node-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 1.12.*
|
||||
- condition: grafana.enabled
|
||||
name: grafana
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
version: 5.8.*
|
||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
||||
and Prometheus rules combined with documentation and scripts to provide easy to
|
||||
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
||||
Operator.
|
||||
home: https://github.com/prometheus-operator/kube-prometheus
|
||||
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||
keywords:
|
||||
- operator
|
||||
- prometheus
|
||||
- kube-prometheus
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- name: vsliouniaev
|
||||
- name: bismarck
|
||||
- email: gianrubio@gmail.com
|
||||
name: gianrubio
|
||||
- email: github.gkarthiks@gmail.com
|
||||
name: gkarthiks
|
||||
- email: scott@r6by.com
|
||||
name: scottrigby
|
||||
- email: miroslav.hadzhiev@gmail.com
|
||||
name: Xtigyro
|
||||
name: kube-prometheus-stack
|
||||
sources:
|
||||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
version: 12.8.0
|
396
charts/kubezero-metrics/charts/kube-prometheus-stack/README.md
Normal file
396
charts/kubezero-metrics/charts/kube-prometheus-stack/README.md
Normal file
@ -0,0 +1,396 @@
|
||||
# kube-prometheus-stack
|
||||
|
||||
Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator).
|
||||
|
||||
See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts.
|
||||
|
||||
_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.16+
|
||||
- Helm 3+
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo add stable https://charts.helm.sh/stable
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
# Helm
|
||||
$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Dependencies
|
||||
|
||||
By default this chart installs additional, dependent charts:
|
||||
|
||||
- [stable/kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics)
|
||||
- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
|
||||
- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
|
||||
|
||||
To disable dependencies during installation, see [multiple releases](#multiple-releases) below.
|
||||
|
||||
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
# Helm
|
||||
$ helm uninstall [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
CRDs created by this chart are not removed by default and should be manually cleaned up:
|
||||
|
||||
```console
|
||||
kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
|
||||
kubectl delete crd alertmanagers.monitoring.coreos.com
|
||||
kubectl delete crd podmonitors.monitoring.coreos.com
|
||||
kubectl delete crd probes.monitoring.coreos.com
|
||||
kubectl delete crd prometheuses.monitoring.coreos.com
|
||||
kubectl delete crd prometheusrules.monitoring.coreos.com
|
||||
kubectl delete crd servicemonitors.monitoring.coreos.com
|
||||
kubectl delete crd thanosrulers.monitoring.coreos.com
|
||||
```
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
# Helm
|
||||
$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack
|
||||
```
|
||||
|
||||
With Helm v3, CRDs created by this chart are not updated by default and should be manually updated.
|
||||
Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions).
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
### Upgrading an existing Release to a new major version
|
||||
|
||||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
|
||||
|
||||
### From 11.x to 12.x
|
||||
|
||||
The chart was migrated to support only helm v3 and later.
|
||||
|
||||
### From 10.x to 11.x
|
||||
|
||||
Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
|
||||
```
|
||||
|
||||
Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0.
|
||||
|
||||
### From 9.x to 10.x
|
||||
|
||||
Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
|
||||
|
||||
```console
|
||||
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||
```
|
||||
|
||||
### From 8.x to 9.x
|
||||
|
||||
Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration.
|
||||
|
||||
### From 7.x to 8.x
|
||||
|
||||
Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0
|
||||
```
|
||||
|
||||
Then upgrade to 8.x.x
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x]
|
||||
```
|
||||
|
||||
Minimal recommended Prometheus version for this chart release is `2.12.x`
|
||||
|
||||
### From 6.x to 7.x
|
||||
|
||||
Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0.
|
||||
|
||||
### From 5.x to 6.x
|
||||
|
||||
Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified:
|
||||
|
||||
```console
|
||||
invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable
|
||||
```
|
||||
|
||||
If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
|
||||
|
||||
```console
|
||||
helm show values prometheus-community/kube-prometheus-stack
|
||||
```
|
||||
|
||||
You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
|
||||
|
||||
### Multiple releases
|
||||
|
||||
The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`.
|
||||
|
||||
## Work-Arounds for Known Issues
|
||||
|
||||
### Running on private GKE clusters
|
||||
|
||||
When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod.
|
||||
|
||||
You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules)
|
||||
|
||||
Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`.
|
||||
|
||||
## PrometheusRules Admission Webhooks
|
||||
|
||||
With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster.
|
||||
|
||||
### How the Chart Configures the Hooks
|
||||
|
||||
A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
|
||||
|
||||
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits.
|
||||
2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate.
|
||||
3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set.
|
||||
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
|
||||
|
||||
### Alternatives
|
||||
|
||||
It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested.
|
||||
|
||||
### Limitations
|
||||
|
||||
Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default.
|
||||
|
||||
## Developing Prometheus Rules and Grafana Dashboards
|
||||
|
||||
This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts.
|
||||
|
||||
## Further Information
|
||||
|
||||
For more in-depth documentation of configuration options meanings, please see
|
||||
|
||||
- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
|
||||
- [Prometheus](https://prometheus.io/docs/introduction/overview/)
|
||||
- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart)
|
||||
|
||||
## prometheus.io/scrape
|
||||
|
||||
The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options.
|
||||
For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here:
|
||||
|
||||
- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-servicemonitors)
|
||||
- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-podmonitors)
|
||||
- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/running-exporters.md)
|
||||
|
||||
By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release.
|
||||
Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications.
|
||||
An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering.
|
||||
To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`.
|
||||
|
||||
## Migrating from stable/prometheus-operator chart
|
||||
|
||||
## Zero downtime
|
||||
|
||||
Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved.
|
||||
However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime).
|
||||
|
||||
You can override the name to achieve this:
|
||||
|
||||
```console
|
||||
helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator
|
||||
```
|
||||
|
||||
**Note**: It is recommended to run this first with `--dry-run --debug`.
|
||||
|
||||
## Redeploy with new name (downtime)
|
||||
|
||||
If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration:
|
||||
|
||||
> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace.
|
||||
|
||||
1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy:
|
||||
|
||||
```console
|
||||
kubectl patch pv/<PersistentVolume name> -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
|
||||
```
|
||||
|
||||
**Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
||||
|
||||
2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released.
|
||||
|
||||
```console
|
||||
helm uninstall prometheus-operator -n monitoring
|
||||
kubectl delete pvc/<PersistenceVolumeClaim name> -n monitoring
|
||||
```
|
||||
|
||||
Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service.
|
||||
|
||||
```console
|
||||
kubectl delete service/prometheus-operator-kubelet -n kube-system
|
||||
```
|
||||
|
||||
You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to.
|
||||
|
||||
3. Remove current `spec.claimRef` values to change the PV's status from Released to Available.
|
||||
|
||||
```console
|
||||
kubectl patch pv/<PersistentVolume name> --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring
|
||||
```
|
||||
|
||||
**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
||||
|
||||
After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`.
|
||||
|
||||
The binding is done via matching a specific amount of storage requested and with certain access modes.
|
||||
|
||||
For example, if you had storage specified as this with **prometheus-operator**:
|
||||
|
||||
```yaml
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
storageClassName: gp2
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
```
|
||||
|
||||
You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode.
|
||||
|
||||
Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV.
|
||||
|
||||
This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to:
|
||||
|
||||
```yaml
|
||||
nodeSelector:
|
||||
failure-domain.beta.kubernetes.io/zone: east-west-1a
|
||||
```
|
||||
|
||||
or passing these values as `--set` overrides during installation.
|
||||
|
||||
The new release should now re-attach your previously released PV with its content.
|
||||
|
||||
## Migrating from coreos/prometheus-operator chart
|
||||
|
||||
The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster.
|
||||
|
||||
There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support.
|
||||
|
||||
The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy.
|
||||
|
||||
You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765).
|
||||
|
||||
### High-level overview of Changes
|
||||
|
||||
#### Added dependencies
|
||||
|
||||
The chart has added 3 [dependencies](#dependencies).
|
||||
|
||||
- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components
|
||||
- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/helm/charts/tree/master/stable/grafana)
|
||||
|
||||
#### Kubelet Service
|
||||
|
||||
Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice.
|
||||
|
||||
#### Persistent Volumes
|
||||
|
||||
If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: pvc-prometheus-migration-prometheus-0
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
azureDisk:
|
||||
cachingMode: None
|
||||
diskName: pvc-prometheus-migration-prometheus-0
|
||||
diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0
|
||||
fsType: ""
|
||||
kind: Managed
|
||||
readOnly: false
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
persistentVolumeReclaimPolicy: Delete
|
||||
storageClassName: prometheus
|
||||
volumeMode: Filesystem
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
app: prometheus
|
||||
prometheus: prometheus-migration-prometheus
|
||||
name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0
|
||||
namespace: monitoring
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: prometheus
|
||||
volumeMode: Filesystem
|
||||
volumeName: pvc-prometheus-migration-prometheus-0
|
||||
```
|
||||
|
||||
The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used.
|
||||
|
||||
#### KubeProxy
|
||||
|
||||
The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them.
|
||||
|
||||
Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example:
|
||||
|
||||
```console
|
||||
kubectl -n kube-system edit cm kube-proxy
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
data:
|
||||
config.conf: |-
|
||||
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
||||
kind: KubeProxyConfiguration
|
||||
# ...
|
||||
# metricsBindAddress: 127.0.0.1:10249
|
||||
metricsBindAddress: 0.0.0.0:10249
|
||||
# ...
|
||||
kubeconfig.conf: |-
|
||||
# ...
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-proxy
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
```
|
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.vscode
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
OWNERS
|
@ -0,0 +1,19 @@
|
||||
apiVersion: v1
|
||||
appVersion: 7.2.1
|
||||
description: The leading tool for querying and visualizing time series and metrics.
|
||||
home: https://grafana.net
|
||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||
kubeVersion: ^1.8.0-0
|
||||
maintainers:
|
||||
- email: zanhsieh@gmail.com
|
||||
name: zanhsieh
|
||||
- email: rluckie@cisco.com
|
||||
name: rtluckie
|
||||
- email: maor.friedman@redhat.com
|
||||
name: maorfr
|
||||
- email: miroslav.hadzhiev@gmail.com
|
||||
name: Xtigyro
|
||||
name: grafana
|
||||
sources:
|
||||
- https://github.com/grafana/grafana
|
||||
version: 5.8.16
|
@ -0,0 +1,499 @@
|
||||
# Grafana Helm Chart
|
||||
|
||||
* Installs the web dashboarding system [Grafana](http://grafana.org/)
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add grafana https://grafana.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install --name my-release grafana/grafana
|
||||
```
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the my-release deployment:
|
||||
|
||||
```console
|
||||
helm delete my-release
|
||||
```
|
||||
|
||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
## Upgrading an existing Release to a new major version
|
||||
|
||||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
|
||||
incompatible breaking change needing manual actions.
|
||||
|
||||
### To 4.0.0 (And 3.12.1)
|
||||
|
||||
This version requires Helm >= 2.12.0.
|
||||
|
||||
### To 5.0.0
|
||||
|
||||
You have to add --force to your helm upgrade command as the labels of the chart have changed.
|
||||
|
||||
## Configuration
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
|
||||
| `replicas` | Number of nodes | `1` |
|
||||
| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
|
||||
| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
|
||||
| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
|
||||
| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
|
||||
| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
|
||||
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
|
||||
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
|
||||
| `image.repository` | Image repository | `grafana/grafana` |
|
||||
| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.0.3` |
|
||||
| `image.sha` | Image sha (optional) | `17cbd08b9515fda889ca959e9d72ee6f3327c8f1844a3336dfd952134f38e2fe` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Image pull secrets | `{}` |
|
||||
| `service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `service.port` | Kubernetes port where service is exposed | `80` |
|
||||
| `service.portName` | Name of the port on the service | `service` |
|
||||
| `service.targetPort` | Internal service is port | `3000` |
|
||||
| `service.nodePort` | Kubernetes service nodePort | `nil` |
|
||||
| `service.annotations` | Service annotations | `{}` |
|
||||
| `service.labels` | Custom labels | `{}` |
|
||||
| `service.clusterIP` | internal cluster service IP | `nil` |
|
||||
| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
|
||||
| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
|
||||
| `service.externalIPs` | service external IP addresses | `[]` |
|
||||
| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
|
||||
| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
|
||||
| `ingress.enabled` | Enables Ingress | `false` |
|
||||
| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
|
||||
| `ingress.labels` | Custom labels | `{}` |
|
||||
| `ingress.path` | Ingress accepted path | `/` |
|
||||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` |
|
||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
| `affinity` | Affinity settings for pod assignment | `{}` |
|
||||
| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
|
||||
| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` |
|
||||
| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
|
||||
| `persistence.enabled` | Use persistent volume to store data | `false` |
|
||||
| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
|
||||
| `persistence.size` | Size of persistent volume claim | `10Gi` |
|
||||
| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` |
|
||||
| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
|
||||
| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
|
||||
| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
|
||||
| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
|
||||
| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` |
|
||||
| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
|
||||
| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
|
||||
| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
|
||||
| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
|
||||
| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
|
||||
| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
|
||||
| `schedulerName` | Alternate scheduler name | `nil` |
|
||||
| `env` | Extra environment variables passed to pods | `{}` |
|
||||
| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` |
|
||||
| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
|
||||
| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` |
|
||||
| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
|
||||
| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
|
||||
| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` |
|
||||
| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
|
||||
| `plugins` | Plugins to be loaded along with Grafana | `[]` |
|
||||
| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
|
||||
| `notifiers` | Configure grafana notifiers | `{}` |
|
||||
| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
|
||||
| `dashboards` | Dashboards to import | `{}` |
|
||||
| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
|
||||
| `grafana.ini` | Grafana's primary configuration | `{}` |
|
||||
| `ldap.enabled` | Enable LDAP authentication | `false` |
|
||||
| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
|
||||
| `ldap.config` | Grafana's LDAP configuration | `""` |
|
||||
| `annotations` | Deployment annotations | `{}` |
|
||||
| `labels` | Deployment labels | `{}` |
|
||||
| `podAnnotations` | Pod annotations | `{}` |
|
||||
| `podLabels` | Pod labels | `{}` |
|
||||
| `podPortName` | Name of the grafana port on the pod | `grafana` |
|
||||
| `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` |
|
||||
| `sidecar.image.tag` | Sidecar image tag | `1.1.0` |
|
||||
| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
|
||||
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
|
||||
| `sidecar.resources` | Sidecar resources | `{}` |
|
||||
| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` |
|
||||
| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
|
||||
| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
|
||||
| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
|
||||
| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
|
||||
| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
|
||||
| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
|
||||
| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
|
||||
| `sidecar.dashboards.provider.type` | Provider type | `file` |
|
||||
| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
|
||||
| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
|
||||
| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
|
||||
| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
|
||||
| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
|
||||
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
|
||||
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
||||
| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
||||
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
|
||||
| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana |`false` |
|
||||
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
|
||||
| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
|
||||
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
|
||||
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
|
||||
| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` |
|
||||
| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
|
||||
| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
|
||||
| `serviceAccount.annotations` | ServiceAccount annotations | |
|
||||
| `serviceAccount.create` | Create service account | `true` |
|
||||
| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
|
||||
| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
|
||||
| `rbac.create` | Create and use RBAC resources | `true` |
|
||||
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
|
||||
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
|
||||
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
|
||||
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
|
||||
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
|
||||
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
|
||||
| `command` | Define command to be executed by grafana container at startup | `nil` |
|
||||
| `testFramework.enabled` | Whether to create test-related resources | `true` |
|
||||
| `testFramework.image` | `test-framework` image repository. | `bats/bats` |
|
||||
| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` |
|
||||
| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
|
||||
| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
|
||||
| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
|
||||
| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
|
||||
| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` |
|
||||
| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` |
|
||||
| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
|
||||
| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
|
||||
| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
|
||||
| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
|
||||
| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
|
||||
| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
|
||||
| `serviceMonitor.path` | Path to scrape | `/metrics` |
|
||||
| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
|
||||
| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
|
||||
| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
|
||||
| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
|
||||
| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
|
||||
| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
|
||||
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
|
||||
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
|
||||
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
|
||||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
||||
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
|
||||
| `imageRenderer.service.portName` | image-renderer service port name | `'http'` |
|
||||
| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` |
|
||||
| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
|
||||
| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
|
||||
| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
|
||||
| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
|
||||
| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` |
|
||||
|
||||
### Example ingress with path
|
||||
|
||||
With grafana 6.3 and above
|
||||
```yaml
|
||||
grafana.ini:
|
||||
server:
|
||||
domain: monitoring.example.com
|
||||
root_url: "%(protocol)s://%(domain)s/grafana"
|
||||
serve_from_sub_path: true
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- "monitoring.example.com"
|
||||
path: "/grafana"
|
||||
```
|
||||
|
||||
### Example of extraVolumeMounts
|
||||
|
||||
```yaml
|
||||
- extraVolumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /var/lib/grafana/plugins
|
||||
subPath: configs/grafana/plugins
|
||||
existingClaim: existing-grafana-claim
|
||||
readOnly: false
|
||||
```
|
||||
|
||||
## Import dashboards
|
||||
|
||||
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
|
||||
|
||||
```yaml
|
||||
dashboards:
|
||||
default:
|
||||
some-dashboard:
|
||||
json: |
|
||||
{
|
||||
"annotations":
|
||||
|
||||
...
|
||||
# Complete json file here
|
||||
...
|
||||
|
||||
"title": "Some Dashboard",
|
||||
"uid": "abcd1234",
|
||||
"version": 1
|
||||
}
|
||||
custom-dashboard:
|
||||
# This is a path to a file inside the dashboards directory inside the chart directory
|
||||
file: dashboards/custom-dashboard.json
|
||||
prometheus-stats:
|
||||
# Ref: https://grafana.com/dashboards/2
|
||||
gnetId: 2
|
||||
revision: 2
|
||||
datasource: Prometheus
|
||||
local-dashboard:
|
||||
url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
|
||||
```
|
||||
|
||||
## BASE64 dashboards
|
||||
|
||||
Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
|
||||
A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
|
||||
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
|
||||
|
||||
### Gerrit use case
|
||||
|
||||
Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
|
||||
{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
|
||||
the url value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
|
||||
|
||||
## Sidecar for dashboards
|
||||
|
||||
If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
|
||||
pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
|
||||
a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
|
||||
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
|
||||
dashboards are deleted/updated.
|
||||
|
||||
A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
|
||||
one configmap is currently not properly mirrored in grafana.
|
||||
|
||||
Example dashboard config:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sample-grafana-dashboard
|
||||
labels:
|
||||
grafana_dashboard: "1"
|
||||
data:
|
||||
k8s-dashboard.json: |-
|
||||
[...]
|
||||
```
|
||||
|
||||
## Sidecar for datasources
|
||||
|
||||
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
|
||||
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
|
||||
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
|
||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
||||
the data sources in grafana can be imported. The secrets must be created before `helm install` so
|
||||
that the datasources init container can list the secrets.
|
||||
|
||||
Secrets are recommended over configmaps for this usecase because datasources usually contain private
|
||||
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
||||
|
||||
Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: sample-grafana-datasource
|
||||
labels:
|
||||
grafana_datasource: "1"
|
||||
type: Opaque
|
||||
stringData:
|
||||
datasource.yaml: |-
|
||||
# config file version
|
||||
apiVersion: 1
|
||||
|
||||
# list of datasources that should be deleted from the database
|
||||
deleteDatasources:
|
||||
- name: Graphite
|
||||
orgId: 1
|
||||
|
||||
# list of datasources to insert/update depending
|
||||
# whats available in the database
|
||||
datasources:
|
||||
# <string, required> name of the datasource. Required
|
||||
- name: Graphite
|
||||
# <string, required> datasource type. Required
|
||||
type: graphite
|
||||
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
|
||||
access: proxy
|
||||
# <int> org id. will default to orgId 1 if not specified
|
||||
orgId: 1
|
||||
# <string> url
|
||||
url: http://localhost:8080
|
||||
# <string> database password, if used
|
||||
password:
|
||||
# <string> database user, if used
|
||||
user:
|
||||
# <string> database name, if used
|
||||
database:
|
||||
# <bool> enable/disable basic auth
|
||||
basicAuth:
|
||||
# <string> basic auth username
|
||||
basicAuthUser:
|
||||
# <string> basic auth password
|
||||
basicAuthPassword:
|
||||
# <bool> enable/disable with credentials headers
|
||||
withCredentials:
|
||||
# <bool> mark as default datasource. Max one per org
|
||||
isDefault:
|
||||
# <map> fields that will be converted to json and stored in json_data
|
||||
jsonData:
|
||||
graphiteVersion: "1.1"
|
||||
tlsAuth: true
|
||||
tlsAuthWithCACert: true
|
||||
# <string> json object of data that will be encrypted.
|
||||
secureJsonData:
|
||||
tlsCACert: "..."
|
||||
tlsClientCert: "..."
|
||||
tlsClientKey: "..."
|
||||
version: 1
|
||||
# <bool> allow users to edit datasources from the UI.
|
||||
editable: false
|
||||
|
||||
```
|
||||
|
||||
## Sidecar for notifiers
|
||||
|
||||
If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
|
||||
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
|
||||
filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
|
||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
||||
the notification channels in grafana can be imported. The secrets must be created before
|
||||
`helm install` so that the notifiers init container can list the secrets.
|
||||
|
||||
Secrets are recommended over configmaps for this usecase because alert notification channels usually contain
|
||||
private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
||||
|
||||
Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels):
|
||||
|
||||
```yaml
|
||||
notifiers:
|
||||
- name: notification-channel-1
|
||||
type: slack
|
||||
uid: notifier1
|
||||
# either
|
||||
org_id: 2
|
||||
# or
|
||||
org_name: Main Org.
|
||||
is_default: true
|
||||
send_reminder: true
|
||||
frequency: 1h
|
||||
disable_resolve_message: false
|
||||
# See `Supported Settings` section for settings supporter for each
|
||||
# alert notification type.
|
||||
settings:
|
||||
recipient: 'XXX'
|
||||
token: 'xoxb'
|
||||
uploadImage: true
|
||||
url: https://slack.com
|
||||
|
||||
delete_notifiers:
|
||||
- name: notification-channel-1
|
||||
uid: notifier1
|
||||
org_id: 2
|
||||
- name: notification-channel-2
|
||||
# default org_id: 1
|
||||
```
|
||||
|
||||
## How to serve Grafana with a path prefix (/grafana)
|
||||
|
||||
In order to serve Grafana with a prefix (e.g., <http://example.com/grafana>), add the following to your values.yaml.
|
||||
|
||||
```yaml
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /$1
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
|
||||
path: /grafana/?(.*)
|
||||
hosts:
|
||||
- k8s.example.dev
|
||||
|
||||
grafana.ini:
|
||||
server:
|
||||
root_url: http://localhost:3000/grafana # this host can be localhost
|
||||
```
|
||||
|
||||
## How to securely reference secrets in grafana.ini
|
||||
|
||||
This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets.
|
||||
|
||||
In grafana.ini:
|
||||
|
||||
```yaml
|
||||
grafana.ini:
|
||||
[auth.generic_oauth]
|
||||
enabled = true
|
||||
client_id = $__file{/etc/secrets/auth_generic_oauth/client_id}
|
||||
client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret}
|
||||
```
|
||||
|
||||
Existing secret, or created along with helm:
|
||||
|
||||
```yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: auth-generic-oauth-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
client_id: <value>
|
||||
client_secret: <value>
|
||||
```
|
||||
|
||||
Include in the `extraSecretMounts` configuration flag:
|
||||
|
||||
```yaml
|
||||
- extraSecretMounts:
|
||||
- name: auth-generic-oauth-secret-mount
|
||||
secretName: auth-generic-oauth-secret
|
||||
defaultMode: 0440
|
||||
mountPath: /etc/secrets/auth_generic_oauth
|
||||
readOnly: true
|
||||
```
|
||||
|
||||
## Image Renderer Plug-In
|
||||
|
||||
This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md)
|
||||
|
||||
```yaml
|
||||
imageRenderer:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
### Image Renderer NetworkPolicy
|
||||
|
||||
By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance
|
@ -0,0 +1 @@
|
||||
# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
|
@ -0,0 +1,53 @@
|
||||
dashboards:
|
||||
my-provider:
|
||||
my-awesome-dashboard:
|
||||
# An empty but valid dashboard
|
||||
json: |
|
||||
{
|
||||
"__inputs": [],
|
||||
"__requires": [
|
||||
{
|
||||
"type": "grafana",
|
||||
"id": "grafana",
|
||||
"name": "Grafana",
|
||||
"version": "6.3.5"
|
||||
}
|
||||
],
|
||||
"annotations": {
|
||||
"list": [
|
||||
{
|
||||
"builtIn": 1,
|
||||
"datasource": "-- Grafana --",
|
||||
"enable": true,
|
||||
"hide": true,
|
||||
"iconColor": "rgba(0, 211, 255, 1)",
|
||||
"name": "Annotations & Alerts",
|
||||
"type": "dashboard"
|
||||
}
|
||||
]
|
||||
},
|
||||
"editable": true,
|
||||
"gnetId": null,
|
||||
"graphTooltip": 0,
|
||||
"id": null,
|
||||
"links": [],
|
||||
"panels": [],
|
||||
"schemaVersion": 19,
|
||||
"style": "dark",
|
||||
"tags": [],
|
||||
"templating": {
|
||||
"list": []
|
||||
},
|
||||
"time": {
|
||||
"from": "now-6h",
|
||||
"to": "now"
|
||||
},
|
||||
"timepicker": {
|
||||
"refresh_intervals": ["5s"]
|
||||
},
|
||||
"timezone": "",
|
||||
"title": "Dummy Dashboard",
|
||||
"uid": "IdcYQooWk",
|
||||
"version": 1
|
||||
}
|
||||
datasource: Prometheus
|
@ -0,0 +1,19 @@
|
||||
dashboards:
|
||||
my-provider:
|
||||
my-awesome-dashboard:
|
||||
gnetId: 10000
|
||||
revision: 1
|
||||
datasource: Prometheus
|
||||
dashboardProviders:
|
||||
dashboardproviders.yaml:
|
||||
apiVersion: 1
|
||||
providers:
|
||||
- name: 'my-provider'
|
||||
orgId: 1
|
||||
folder: ''
|
||||
type: file
|
||||
updateIntervalSeconds: 10
|
||||
disableDeletion: true
|
||||
editable: true
|
||||
options:
|
||||
path: /var/lib/grafana/dashboards/my-provider
|
@ -0,0 +1,19 @@
|
||||
podLabels:
|
||||
customLableA: Aaaaa
|
||||
imageRenderer:
|
||||
enabled: true
|
||||
env:
|
||||
RENDERING_ARGS: --disable-gpu,--window-size=1280x758
|
||||
RENDERING_MODE: clustered
|
||||
podLabels:
|
||||
customLableB: Bbbbb
|
||||
networkPolicy:
|
||||
limitIngress: true
|
||||
limitEgress: true
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1000Mi
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 50Mi
|
@ -0,0 +1 @@
|
||||
{}
|
@ -0,0 +1,54 @@
|
||||
1. Get your '{{ .Values.adminUser }}' user password by running:
|
||||
|
||||
kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
|
||||
|
||||
2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
|
||||
|
||||
{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local
|
||||
{{ if .Values.ingress.enabled }}
|
||||
If you bind grafana to 80, please update values in values.yaml and reinstall:
|
||||
```
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
command:
|
||||
- "setcap"
|
||||
- "'cap_net_bind_service=+ep'"
|
||||
- "/usr/sbin/grafana-server &&"
|
||||
- "sh"
|
||||
- "/run.sh"
|
||||
```
|
||||
Details refer to https://grafana.com/docs/installation/configuration/#http-port.
|
||||
Or grafana would always crash.
|
||||
|
||||
From outside the cluster, the server URL(s) are:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
http://{{ . }}
|
||||
{{- end }}
|
||||
{{ else }}
|
||||
Get the Grafana URL to visit by running these commands in the same shell:
|
||||
{{ if contains "NodePort" .Values.service.type -}}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{ else if contains "LoadBalancer" .Values.service.type -}}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
http://$SERVICE_IP:{{ .Values.service.port -}}
|
||||
{{ else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
|
||||
|
||||
{{- if not .Values.persistence.enabled }}
|
||||
#################################################################################
|
||||
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
||||
###### the Grafana pod is terminated. #####
|
||||
#################################################################################
|
||||
{{- end }}
|
@ -0,0 +1,102 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "grafana.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "grafana.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "grafana.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account
|
||||
*/}}
|
||||
{{- define "grafana.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "grafana.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "grafana.serviceAccountNameTest" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.nameTest }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "grafana.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "grafana.labels" -}}
|
||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
||||
{{ include "grafana.selectorLabels" . }}
|
||||
{{- if or .Chart.AppVersion .Values.image.tag }}
|
||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "grafana.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "grafana.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "grafana.imageRenderer.labels" -}}
|
||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
||||
{{ include "grafana.imageRenderer.selectorLabels" . }}
|
||||
{{- if or .Chart.AppVersion .Values.image.tag }}
|
||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Selector labels ImageRenderer
|
||||
*/}}
|
||||
{{- define "grafana.imageRenderer.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
@ -0,0 +1,464 @@
|
||||
|
||||
{{- define "grafana.pod" -}}
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: "{{ .Values.schedulerName }}"
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "grafana.serviceAccountName" . }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.securityContext | indent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.hostAliases }}
|
||||
hostAliases:
|
||||
{{ toYaml .Values.hostAliases | indent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }}
|
||||
initContainers:
|
||||
{{- end }}
|
||||
{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }}
|
||||
- name: init-chown-data
|
||||
{{- if .Values.initChownData.image.sha }}
|
||||
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }}
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"]
|
||||
resources:
|
||||
{{ toYaml .Values.initChownData.resources | indent 6 }}
|
||||
volumeMounts:
|
||||
- name: storage
|
||||
mountPath: "/var/lib/grafana"
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboards }}
|
||||
- name: download-dashboards
|
||||
{{- if .Values.downloadDashboardsImage.sha }}
|
||||
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
|
||||
command: ["/bin/sh"]
|
||||
args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ]
|
||||
resources:
|
||||
{{ toYaml .Values.downloadDashboards.resources | indent 6 }}
|
||||
env:
|
||||
{{- range $key, $value := .Values.downloadDashboards.env }}
|
||||
- name: "{{ $key }}"
|
||||
value: "{{ $value }}"
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: "/etc/grafana/download_dashboards.sh"
|
||||
subPath: download_dashboards.sh
|
||||
- name: storage
|
||||
mountPath: "/var/lib/grafana"
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.datasources.enabled }}
|
||||
- name: {{ template "grafana.name" . }}-sc-datasources
|
||||
{{- if .Values.sidecar.image.sha }}
|
||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
||||
env:
|
||||
- name: METHOD
|
||||
value: LIST
|
||||
- name: LABEL
|
||||
value: "{{ .Values.sidecar.datasources.label }}"
|
||||
- name: FOLDER
|
||||
value: "/etc/grafana/provisioning/datasources"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.datasources.searchNamespace }}
|
||||
- name: NAMESPACE
|
||||
value: "{{ .Values.sidecar.datasources.searchNamespace }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.skipTlsVerify }}
|
||||
- name: SKIP_TLS_VERIFY
|
||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
||||
volumeMounts:
|
||||
- name: sc-datasources-volume
|
||||
mountPath: "/etc/grafana/provisioning/datasources"
|
||||
{{- end}}
|
||||
{{- if .Values.sidecar.notifiers.enabled }}
|
||||
- name: {{ template "grafana.name" . }}-sc-notifiers
|
||||
{{- if .Values.sidecar.image.sha }}
|
||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
||||
env:
|
||||
- name: METHOD
|
||||
value: LIST
|
||||
- name: LABEL
|
||||
value: "{{ .Values.sidecar.notifiers.label }}"
|
||||
- name: FOLDER
|
||||
value: "/etc/grafana/provisioning/notifiers"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.notifiers.searchNamespace }}
|
||||
- name: NAMESPACE
|
||||
value: "{{ .Values.sidecar.notifiers.searchNamespace }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.skipTlsVerify }}
|
||||
- name: SKIP_TLS_VERIFY
|
||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
||||
volumeMounts:
|
||||
- name: sc-notifiers-volume
|
||||
mountPath: "/etc/grafana/provisioning/notifiers"
|
||||
{{- end}}
|
||||
{{- if .Values.extraInitContainers }}
|
||||
{{ toYaml .Values.extraInitContainers | indent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
containers:
|
||||
{{- if .Values.sidecar.dashboards.enabled }}
|
||||
- name: {{ template "grafana.name" . }}-sc-dashboard
|
||||
{{- if .Values.sidecar.image.sha }}
|
||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
|
||||
env:
|
||||
- name: METHOD
|
||||
value: {{ .Values.sidecar.dashboards.watchMethod }}
|
||||
- name: LABEL
|
||||
value: "{{ .Values.sidecar.dashboards.label }}"
|
||||
- name: FOLDER
|
||||
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.dashboards.searchNamespace }}
|
||||
- name: NAMESPACE
|
||||
value: "{{ .Values.sidecar.dashboards.searchNamespace }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.skipTlsVerify }}
|
||||
- name: SKIP_TLS_VERIFY
|
||||
value: "{{ .Values.sidecar.skipTlsVerify }}"
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.dashboards.folderAnnotation }}
|
||||
- name: FOLDER_ANNOTATION
|
||||
value: "{{ .Values.sidecar.dashboards.folderAnnotation }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.sidecar.resources | indent 6 }}
|
||||
volumeMounts:
|
||||
- name: sc-dashboard-volume
|
||||
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
|
||||
{{- end}}
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- if .Values.image.sha }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if .Values.command }}
|
||||
command:
|
||||
{{- range .Values.command }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: "/etc/grafana/grafana.ini"
|
||||
subPath: grafana.ini
|
||||
{{- if .Values.ldap.enabled }}
|
||||
- name: ldap
|
||||
mountPath: "/etc/grafana/ldap.toml"
|
||||
subPath: ldap.toml
|
||||
{{- end }}
|
||||
{{- range .Values.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath | default "" }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
- name: storage
|
||||
mountPath: "/var/lib/grafana"
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboards }}
|
||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
||||
{{- range $key, $value := $dashboards }}
|
||||
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
|
||||
- name: dashboards-{{ $provider }}
|
||||
mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
|
||||
subPath: "{{ $key }}.json"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if .Values.dashboardsConfigMaps }}
|
||||
{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }}
|
||||
- name: dashboards-{{ . }}
|
||||
mountPath: "/var/lib/grafana/dashboards/{{ . }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.datasources }}
|
||||
- name: config
|
||||
mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
|
||||
subPath: datasources.yaml
|
||||
{{- end }}
|
||||
{{- if .Values.notifiers }}
|
||||
- name: config
|
||||
mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml"
|
||||
subPath: notifiers.yaml
|
||||
{{- end }}
|
||||
{{- if .Values.dashboardProviders }}
|
||||
- name: config
|
||||
mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
|
||||
subPath: dashboardproviders.yaml
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.dashboards.enabled }}
|
||||
- name: sc-dashboard-volume
|
||||
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
|
||||
{{ if .Values.sidecar.dashboards.SCProvider }}
|
||||
- name: sc-dashboard-provider
|
||||
mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
|
||||
subPath: provider.yaml
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
{{- if .Values.sidecar.datasources.enabled }}
|
||||
- name: sc-datasources-volume
|
||||
mountPath: "/etc/grafana/provisioning/datasources"
|
||||
{{- end}}
|
||||
{{- if .Values.sidecar.notifiers.enabled }}
|
||||
- name: sc-notifiers-volume
|
||||
mountPath: "/etc/grafana/provisioning/notifiers"
|
||||
{{- end}}
|
||||
{{- range .Values.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
subPath: {{ .subPath | default "" }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraVolumeMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath | default "" }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraEmptyDirMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.service.portName }}
|
||||
containerPort: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
- name: {{ .Values.podPortName }}
|
||||
containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
{{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
|
||||
- name: GF_SECURITY_ADMIN_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
|
||||
key: {{ .Values.admin.userKey | default "admin-user" }}
|
||||
{{- end }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }}
|
||||
- name: GF_SECURITY_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
|
||||
key: {{ .Values.admin.passwordKey | default "admin-password" }}
|
||||
{{- end }}
|
||||
{{- if .Values.plugins }}
|
||||
- name: GF_INSTALL_PLUGINS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
key: plugins
|
||||
{{- end }}
|
||||
{{- if .Values.smtp.existingSecret }}
|
||||
- name: GF_SMTP_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.smtp.existingSecret }}
|
||||
key: {{ .Values.smtp.userKey | default "user" }}
|
||||
- name: GF_SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.smtp.existingSecret }}
|
||||
key: {{ .Values.smtp.passwordKey | default "password" }}
|
||||
{{- end }}
|
||||
{{ if .Values.imageRenderer.enabled }}
|
||||
- name: GF_RENDERING_SERVER_URL
|
||||
value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render
|
||||
- name: GF_RENDERING_CALLBACK_URL
|
||||
value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/
|
||||
{{ end }}
|
||||
{{- range $key, $value := .Values.envValueFrom }}
|
||||
- name: {{ $key | quote }}
|
||||
valueFrom:
|
||||
{{ toYaml $value | indent 10 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.env }}
|
||||
- name: "{{ tpl $key $ }}"
|
||||
value: "{{ tpl (print $value) $ }}"
|
||||
{{- end }}
|
||||
{{- if .Values.envFromSecret }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ tpl .Values.envFromSecret . }}
|
||||
{{- end }}
|
||||
{{- if .Values.envRenderSecret }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ template "grafana.fullname" . }}-env
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
{{ toYaml .Values.livenessProbe | indent 6 }}
|
||||
readinessProbe:
|
||||
{{ toYaml .Values.readinessProbe | indent 6 }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 6 }}
|
||||
{{- with .Values.extraContainers }}
|
||||
{{ tpl . $ | indent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 2 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
{{- range .Values.extraConfigmapMounts }}
|
||||
- name: {{ .name }}
|
||||
configMap:
|
||||
name: {{ .configMap }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboards }}
|
||||
{{- range (keys .Values.dashboards | sortAlpha) }}
|
||||
- name: dashboards-{{ . }}
|
||||
configMap:
|
||||
name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.dashboardsConfigMaps }}
|
||||
{{ $root := . }}
|
||||
{{- range $provider, $name := .Values.dashboardsConfigMaps }}
|
||||
- name: dashboards-{{ $provider }}
|
||||
configMap:
|
||||
name: {{ tpl $name $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ldap.enabled }}
|
||||
- name: ldap
|
||||
secret:
|
||||
{{- if .Values.ldap.existingSecret }}
|
||||
secretName: {{ .Values.ldap.existingSecret }}
|
||||
{{- else }}
|
||||
secretName: {{ template "grafana.fullname" . }}
|
||||
{{- end }}
|
||||
items:
|
||||
- key: ldap-toml
|
||||
path: ldap.toml
|
||||
{{- end }}
|
||||
{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }}
|
||||
- name: storage
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }}
|
||||
{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }}
|
||||
# nothing
|
||||
{{- else }}
|
||||
- name: storage
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- if .Values.sidecar.dashboards.enabled }}
|
||||
- name: sc-dashboard-volume
|
||||
emptyDir: {}
|
||||
{{- if .Values.sidecar.dashboards.SCProvider }}
|
||||
- name: sc-dashboard-provider
|
||||
configMap:
|
||||
name: {{ template "grafana.fullname" . }}-config-dashboards
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.datasources.enabled }}
|
||||
- name: sc-datasources-volume
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- if .Values.sidecar.notifiers.enabled }}
|
||||
- name: sc-notifiers-volume
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- range .Values.extraSecretMounts }}
|
||||
{{- if .secretName }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
defaultMode: {{ .defaultMode }}
|
||||
{{- else if .projected }}
|
||||
- name: {{ .name }}
|
||||
projected: {{- toYaml .projected | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraVolumeMounts }}
|
||||
- name: {{ .name }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .existingClaim }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraEmptyDirMounts }}
|
||||
- name: {{ .name }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- if .Values.extraContainerVolumes }}
|
||||
{{ toYaml .Values.extraContainerVolumes | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,25 @@
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "grafana.fullname" . }}-clusterrole
|
||||
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }}
|
||||
rules:
|
||||
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }}
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resources: ["configmaps", "secrets"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
{{- end}}
|
||||
{{- with .Values.rbac.extraClusterRoleRules }}
|
||||
{{ toYaml . | indent 0 }}
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
rules: []
|
||||
{{- end}}
|
||||
{{- end}}
|
@ -0,0 +1,24 @@
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-clusterrolebinding
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "grafana.serviceAccountName" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
{{- if (not .Values.rbac.useExistingRole) }}
|
||||
name: {{ template "grafana.fullname" . }}-clusterrole
|
||||
{{- else }}
|
||||
name: {{ .Values.rbac.useExistingRole }}
|
||||
{{- end }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
@ -0,0 +1,26 @@
|
||||
{{- if .Values.sidecar.dashboards.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "grafana.fullname" . }}-config-dashboards
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
data:
|
||||
provider.yaml: |-
|
||||
apiVersion: 1
|
||||
providers:
|
||||
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
|
||||
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
|
||||
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
|
||||
type: {{ .Values.sidecar.dashboards.provider.type }}
|
||||
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
|
||||
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
|
||||
options:
|
||||
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
|
||||
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
|
||||
{{- end}}
|
@ -0,0 +1,69 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
data:
|
||||
{{- if .Values.plugins }}
|
||||
plugins: {{ join "," .Values.plugins }}
|
||||
{{- end }}
|
||||
grafana.ini: |
|
||||
{{- range $key, $value := index .Values "grafana.ini" }}
|
||||
[{{ $key }}]
|
||||
{{- range $elem, $elemVal := $value }}
|
||||
{{ $elem }} = {{ $elemVal }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.datasources }}
|
||||
{{ $root := . }}
|
||||
{{- range $key, $value := .Values.datasources }}
|
||||
{{ $key }}: |
|
||||
{{ tpl (toYaml $value | indent 4) $root }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.notifiers }}
|
||||
{{- range $key, $value := .Values.notifiers }}
|
||||
{{ $key }}: |
|
||||
{{ toYaml $value | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.dashboardProviders }}
|
||||
{{- range $key, $value := .Values.dashboardProviders }}
|
||||
{{ $key }}: |
|
||||
{{ toYaml $value | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.dashboards }}
|
||||
download_dashboards.sh: |
|
||||
#!/usr/bin/env sh
|
||||
set -euf
|
||||
{{- if .Values.dashboardProviders }}
|
||||
{{- range $key, $value := .Values.dashboardProviders }}
|
||||
{{- range $value.providers }}
|
||||
mkdir -p {{ .options.path }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
||||
{{- range $key, $value := $dashboards }}
|
||||
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
|
||||
curl -skf \
|
||||
--connect-timeout 60 \
|
||||
--max-time 60 \
|
||||
{{- if not $value.b64content }}
|
||||
-H "Accept: application/json" \
|
||||
-H "Content-Type: application/json;charset=UTF-8" \
|
||||
{{ end }}
|
||||
{{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \
|
||||
> "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,35 @@
|
||||
{{- if .Values.dashboards }}
|
||||
{{ $files := .Files }}
|
||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }}
|
||||
namespace: {{ template "grafana.namespace" $ }}
|
||||
labels:
|
||||
{{- include "grafana.labels" $ | nindent 4 }}
|
||||
dashboard-provider: {{ $provider }}
|
||||
{{- if $dashboards }}
|
||||
data:
|
||||
{{- $dashboardFound := false }}
|
||||
{{- range $key, $value := $dashboards }}
|
||||
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
|
||||
{{- $dashboardFound = true }}
|
||||
{{ print $key | indent 2 }}.json:
|
||||
{{- if hasKey $value "json" }}
|
||||
|-
|
||||
{{ $value.json | indent 6 }}
|
||||
{{- end }}
|
||||
{{- if hasKey $value "file" }}
|
||||
{{ toYaml ( $files.Get $value.file ) | indent 4}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not $dashboardFound }}
|
||||
{}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
@ -0,0 +1,48 @@
|
||||
{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- if .Values.labels }}
|
||||
{{ toYaml .Values.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
{{- with .Values.deploymentStrategy }}
|
||||
strategy:
|
||||
{{ toYaml . | trim | indent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.envRenderSecret }}
|
||||
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "grafana.pod" . | nindent 6 }}
|
||||
{{- end }}
|
@ -0,0 +1,18 @@
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-headless
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
||||
type: ClusterIP
|
||||
{{- end }}
|
@ -0,0 +1,112 @@
|
||||
{{ if .Values.imageRenderer.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-image-renderer
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
||||
{{- if .Values.imageRenderer.labels }}
|
||||
{{ toYaml .Values.imageRenderer.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.imageRenderer.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
{{- with .Values.imageRenderer.deploymentStrategy }}
|
||||
strategy:
|
||||
{{ toYaml . | trim | indent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.imageRenderer.podLabels }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
{{- with .Values.imageRenderer.podAnnotations }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
|
||||
{{- if .Values.imageRenderer.schedulerName }}
|
||||
schedulerName: "{{ .Values.imageRenderer.schedulerName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.imageRenderer.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.imageRenderer.securityContext | indent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imageRenderer.hostAliases }}
|
||||
hostAliases:
|
||||
{{ toYaml .Values.imageRenderer.hostAliases | indent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imageRenderer.priorityClassName }}
|
||||
priorityClassName: {{ .Values.imageRenderer.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.imageRenderer.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.imageRenderer.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-image-renderer
|
||||
{{- if .Values.imageRenderer.image.sha }}
|
||||
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
|
||||
{{- if .Values.imageRenderer.command }}
|
||||
command:
|
||||
{{- range .Values.imageRenderer.command }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
ports:
|
||||
- name: {{ .Values.imageRenderer.service.portName }}
|
||||
containerPort: {{ .Values.imageRenderer.service.port }}
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: HTTP_PORT
|
||||
value: {{ .Values.imageRenderer.service.port | quote }}
|
||||
{{- range $key, $value := .Values.imageRenderer.env }}
|
||||
- name: {{ $key | quote }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop: ['all']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: image-renderer-tmpfs
|
||||
{{- with .Values.imageRenderer.resources }}
|
||||
resources:
|
||||
{{ toYaml . | indent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: image-renderer-tmpfs
|
||||
emptyDir: {}
|
||||
{{- end }}
|
@ -0,0 +1,76 @@
|
||||
{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-image-renderer-ingress
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
annotations:
|
||||
comment: Limit image-renderer ingress traffic from grafana
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
{{- if .Values.imageRenderer.podLabels }}
|
||||
{{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.imageRenderer.service.port }}
|
||||
protocol: TCP
|
||||
from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: {{ template "grafana.namespace" . }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 14 }}
|
||||
{{- if .Values.podLabels }}
|
||||
{{ toYaml .Values.podLabels | nindent 14 }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
||||
{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-image-renderer-egress
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
annotations:
|
||||
comment: Limit image-renderer egress traffic to grafana
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
{{- if .Values.imageRenderer.podLabels }}
|
||||
{{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
# allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# talk only to grafana
|
||||
- ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: {{ template "grafana.namespace" . }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 14 }}
|
||||
{{- if .Values.podLabels }}
|
||||
{{ toYaml .Values.podLabels | nindent 14 }}
|
||||
{{- end }}
|
||||
{{ end }}
|
@ -0,0 +1,28 @@
|
||||
{{ if .Values.imageRenderer.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-image-renderer
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
||||
{{- if .Values.imageRenderer.service.labels }}
|
||||
{{ toYaml .Values.imageRenderer.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
{{- if .Values.imageRenderer.service.clusterIP }}
|
||||
clusterIP: {{ .Values.imageRenderer.service.clusterIP }}
|
||||
{{end}}
|
||||
ports:
|
||||
- name: {{ .Values.imageRenderer.service.portName }}
|
||||
port: {{ .Values.imageRenderer.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.imageRenderer.service.targetPort }}
|
||||
selector:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
|
||||
{{ end }}
|
@ -0,0 +1,55 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "grafana.fullname" . -}}
|
||||
{{- $servicePort := .Values.service.port -}}
|
||||
{{- $ingressPath := .Values.ingress.path -}}
|
||||
{{- $extraPaths := .Values.ingress.extraPaths -}}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{ else }}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{ end -}}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- if .Values.ingress.labels }}
|
||||
{{ toYaml .Values.ingress.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.ingress.annotations }}
|
||||
{{ $key }}: {{ tpl $value $ | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{ toYaml .Values.ingress.tls | indent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.ingress.hosts }}
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ . }}
|
||||
http:
|
||||
paths:
|
||||
{{ if $extraPaths }}
|
||||
{{ toYaml $extraPaths | indent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ $ingressPath }}
|
||||
backend:
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- if $ingressPath }}
|
||||
path: {{ $ingressPath }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
@ -0,0 +1,22 @@
|
||||
{{- if .Values.podDisruptionBudget }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- if .Values.labels }}
|
||||
{{ toYaml .Values.labels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
@ -0,0 +1,52 @@
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
|
||||
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||
{{- if .Values.rbac.pspUseAppArmor }}
|
||||
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
|
||||
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
# Default set from Docker, without DAC_OVERRIDE or CHOWN
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SETPCAP
|
||||
- NET_BIND_SERVICE
|
||||
- NET_RAW
|
||||
- SYS_CHROOT
|
||||
- MKNOD
|
||||
- AUDIT_WRITE
|
||||
- SETFCAP
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'persistentVolumeClaim'
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'RunAsAny'
|
||||
fsGroup:
|
||||
rule: 'RunAsAny'
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
@ -0,0 +1,28 @@
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.finalizers }}
|
||||
finalizers:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClassName }}
|
||||
storageClassName: {{ .Values.persistence.storageClassName }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,32 @@
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }}
|
||||
rules:
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
- apiGroups: ['extensions']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: [{{ template "grafana.fullname" . }}]
|
||||
{{- end }}
|
||||
{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }}
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resources: ["configmaps", "secrets"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
{{- end }}
|
||||
{{- with .Values.rbac.extraRoleRules }}
|
||||
{{ toYaml . | indent 0 }}
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
rules: []
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,25 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
{{- if (not .Values.rbac.useExistingRole) }}
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
{{- else }}
|
||||
name: {{ .Values.rbac.useExistingRole }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "grafana.serviceAccountName" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
{{- end -}}
|
@ -0,0 +1,14 @@
|
||||
{{- if .Values.envRenderSecret }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-env
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- range $key, $val := .Values.envRenderSecret }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
@ -0,0 +1,22 @@
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
|
||||
admin-user: {{ .Values.adminUser | b64enc | quote }}
|
||||
{{- if .Values.adminPassword }}
|
||||
admin-password: {{ .Values.adminPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
admin-password: {{ randAlphaNum 40 | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not .Values.ldap.existingSecret }}
|
||||
ldap-toml: {{ .Values.ldap.config | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,50 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- if .Values.service.labels }}
|
||||
{{ toYaml .Values.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.service.clusterIP }}
|
||||
clusterIP: {{ .Values.service.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.service.portName }}
|
||||
port: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
||||
nodePort: {{.Values.service.nodePort}}
|
||||
{{ end }}
|
||||
{{- if .Values.extraExposePorts }}
|
||||
{{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
||||
|
@ -0,0 +1,13 @@
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "grafana.serviceAccountName" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
{{- end }}
|
@ -0,0 +1,36 @@
|
||||
{{- if .Values.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
{{- if .Values.serviceMonitor.namespace }}
|
||||
namespace: {{ .Values.serviceMonitor.namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- if .Values.serviceMonitor.labels }}
|
||||
{{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- interval: {{ .Values.serviceMonitor.interval }}
|
||||
{{- if .Values.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: true
|
||||
port: {{ .Values.service.portName }}
|
||||
path: {{ .Values.serviceMonitor.path }}
|
||||
{{- if .Values.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
|
||||
{{- end }}
|
||||
jobLabel: "{{ .Release.Name }}"
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "grafana.name" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
{{- end }}
|
@ -0,0 +1,47 @@
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
serviceName: {{ template "grafana.fullname" . }}-headless
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "grafana.pod" . | nindent 6 }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: storage
|
||||
spec:
|
||||
accessModes: {{ .Values.persistence.accessModes }}
|
||||
storageClassName: {{ .Values.persistence.storageClassName }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size }}
|
||||
{{- end }}
|
@ -0,0 +1,17 @@
|
||||
{{- if .Values.testFramework.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
data:
|
||||
run.sh: |-
|
||||
@test "Test Health" {
|
||||
url="http://{{ template "grafana.fullname" . }}/api/health"
|
||||
|
||||
code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}')
|
||||
[ "$code" == "200" ]
|
||||
}
|
||||
{{- end }}
|
@ -0,0 +1,29 @@
|
||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
spec:
|
||||
allowPrivilegeEscalation: true
|
||||
privileged: false
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- projected
|
||||
- secret
|
||||
{{- end }}
|
@ -0,0 +1,14 @@
|
||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ['policy']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: [{{ template "grafana.fullname" . }}-test]
|
||||
{{- end }}
|
@ -0,0 +1,17 @@
|
||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "grafana.serviceAccountNameTest" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
{{- end }}
|
@ -0,0 +1,9 @@
|
||||
{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
name: {{ template "grafana.serviceAccountNameTest" . }}
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
{{- end }}
|
@ -0,0 +1,48 @@
|
||||
{{- if .Values.testFramework.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
namespace: {{ template "grafana.namespace" . }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }}
|
||||
{{- if .Values.testFramework.securityContext }}
|
||||
securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Release.Name }}-test
|
||||
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
|
||||
imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}"
|
||||
command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
|
||||
volumeMounts:
|
||||
- mountPath: /tests
|
||||
name: tests
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: tests
|
||||
configMap:
|
||||
name: {{ template "grafana.fullname" . }}-test
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
@ -0,0 +1,648 @@
|
||||
rbac:
|
||||
create: true
|
||||
## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
|
||||
# useExistingRole: name-of-some-(cluster)role
|
||||
pspEnabled: true
|
||||
pspUseAppArmor: true
|
||||
namespaced: false
|
||||
extraRoleRules: []
|
||||
# - apiGroups: []
|
||||
# resources: []
|
||||
# verbs: []
|
||||
extraClusterRoleRules: []
|
||||
# - apiGroups: []
|
||||
# resources: []
|
||||
# verbs: []
|
||||
serviceAccount:
|
||||
create: true
|
||||
name:
|
||||
nameTest:
|
||||
# annotations:
|
||||
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
|
||||
|
||||
replicas: 1
|
||||
|
||||
## See `kubectl explain poddisruptionbudget.spec` for more
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget: {}
|
||||
# minAvailable: 1
|
||||
# maxUnavailable: 1
|
||||
|
||||
## See `kubectl explain deployment.spec.strategy` for more
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
||||
deploymentStrategy:
|
||||
type: RollingUpdate
|
||||
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
port: 3000
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
port: 3000
|
||||
initialDelaySeconds: 60
|
||||
timeoutSeconds: 30
|
||||
failureThreshold: 10
|
||||
|
||||
## Use an alternate scheduler, e.g. "stork".
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
# schedulerName: "default-scheduler"
|
||||
|
||||
image:
|
||||
repository: grafana/grafana
|
||||
tag: 7.2.1
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
##
|
||||
# pullSecrets:
|
||||
# - myRegistrKeySecretName
|
||||
|
||||
testFramework:
|
||||
enabled: true
|
||||
image: "bats/bats"
|
||||
tag: "v1.1.0"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext: {}
|
||||
|
||||
securityContext:
|
||||
runAsUser: 472
|
||||
runAsGroup: 472
|
||||
fsGroup: 472
|
||||
|
||||
|
||||
extraConfigmapMounts: []
|
||||
# - name: certs-configmap
|
||||
# mountPath: /etc/grafana/ssl/
|
||||
# subPath: certificates.crt # (optional)
|
||||
# configMap: certs-configmap
|
||||
# readOnly: true
|
||||
|
||||
|
||||
extraEmptyDirMounts: []
|
||||
# - name: provisioning-notifiers
|
||||
# mountPath: /etc/grafana/provisioning/notifiers
|
||||
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName:
|
||||
|
||||
downloadDashboardsImage:
|
||||
repository: curlimages/curl
|
||||
tag: 7.73.0
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
downloadDashboards:
|
||||
env: {}
|
||||
resources: {}
|
||||
|
||||
## Pod Annotations
|
||||
# podAnnotations: {}
|
||||
|
||||
## Pod Labels
|
||||
# podLabels: {}
|
||||
|
||||
podPortName: grafana
|
||||
|
||||
## Deployment annotations
|
||||
# annotations: {}
|
||||
|
||||
## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
|
||||
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
|
||||
## ref: http://kubernetes.io/docs/user-guide/services/
|
||||
##
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
targetPort: 3000
|
||||
# targetPort: 4181 To be used with a proxy extraContainer
|
||||
annotations: {}
|
||||
labels: {}
|
||||
portName: service
|
||||
|
||||
serviceMonitor:
|
||||
## If true, a ServiceMonitor CRD is created for a prometheus operator
|
||||
## https://github.com/coreos/prometheus-operator
|
||||
##
|
||||
enabled: false
|
||||
path: /metrics
|
||||
# namespace: monitoring (defaults to use the namespace this chart is deployed to)
|
||||
labels: {}
|
||||
interval: 1m
|
||||
scrapeTimeout: 30s
|
||||
relabelings: []
|
||||
|
||||
extraExposePorts: []
|
||||
# - name: keycloak
|
||||
# port: 8080
|
||||
# targetPort: 8080
|
||||
# type: ClusterIP
|
||||
|
||||
# overrides pod.spec.hostAliases in the grafana deployment's pods
|
||||
hostAliases: []
|
||||
# - ip: "1.2.3.4"
|
||||
# hostnames:
|
||||
# - "my.host.com"
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
# Values can be templated
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
labels: {}
|
||||
path: /
|
||||
hosts:
|
||||
- chart-example.local
|
||||
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
|
||||
extraPaths: []
|
||||
# - path: /*
|
||||
# backend:
|
||||
# serviceName: ssl-redirect
|
||||
# servicePort: use-annotation
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
resources: {}
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
## Node labels for pod assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
#
|
||||
nodeSelector: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
|
||||
## Affinity for pod assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
extraInitContainers: []
|
||||
|
||||
## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
|
||||
extraContainers: |
|
||||
# - name: proxy
|
||||
# image: quay.io/gambol99/keycloak-proxy:latest
|
||||
# args:
|
||||
# - -provider=github
|
||||
# - -client-id=
|
||||
# - -client-secret=
|
||||
# - -github-org=<ORG_NAME>
|
||||
# - -email-domain=*
|
||||
# - -cookie-secret=
|
||||
# - -http-address=http://0.0.0.0:4181
|
||||
# - -upstream-url=http://127.0.0.1:3000
|
||||
# ports:
|
||||
# - name: proxy-web
|
||||
# containerPort: 4181
|
||||
|
||||
## Volumes that can be used in init containers that will not be mounted to deployment pods
|
||||
extraContainerVolumes: []
|
||||
# - name: volume-from-secret
|
||||
# secret:
|
||||
# secretName: secret-to-mount
|
||||
# - name: empty-dir-volume
|
||||
# emptyDir: {}
|
||||
|
||||
## Enable persistence using Persistent Volume Claims
|
||||
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||||
##
|
||||
persistence:
|
||||
type: pvc
|
||||
enabled: false
|
||||
# storageClassName: default
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
size: 10Gi
|
||||
# annotations: {}
|
||||
finalizers:
|
||||
- kubernetes.io/pvc-protection
|
||||
# subPath: ""
|
||||
# existingClaim:
|
||||
|
||||
initChownData:
|
||||
## If false, data ownership will not be reset at startup
|
||||
## This allows the prometheus-server to be run with an arbitrary user
|
||||
##
|
||||
enabled: true
|
||||
|
||||
## initChownData container image
|
||||
##
|
||||
image:
|
||||
repository: busybox
|
||||
tag: "1.31.1"
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## initChownData resource requests and limits
|
||||
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
resources: {}
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
|
||||
# Administrator credentials when not using an existing secret (see below)
|
||||
adminUser: admin
|
||||
# adminPassword: strongpassword
|
||||
|
||||
# Use an existing secret for the admin user.
|
||||
admin:
|
||||
existingSecret: ""
|
||||
userKey: admin-user
|
||||
passwordKey: admin-password
|
||||
|
||||
## Define command to be executed at startup by grafana container
|
||||
## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)
|
||||
## Default is "run.sh" as defined in grafana's Dockerfile
|
||||
# command:
|
||||
# - "sh"
|
||||
# - "/run.sh"
|
||||
|
||||
## Use an alternate scheduler, e.g. "stork".
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
# schedulerName:
|
||||
|
||||
## Extra environment variables that will be pass onto deployment pods
|
||||
##
|
||||
## to provide grafana with access to CloudWatch on AWS EKS:
|
||||
## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later)
|
||||
## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the
|
||||
## same oidc eks provider as noted before (same as the existing line)
|
||||
## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name
|
||||
##
|
||||
## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana",
|
||||
##
|
||||
## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess
|
||||
## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name)
|
||||
##
|
||||
## env:
|
||||
## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
|
||||
## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
|
||||
## AWS_REGION: us-east-1
|
||||
##
|
||||
## 5. uncomment the EKS section in extraSecretMounts: below
|
||||
## 6. uncomment the annotation section in the serviceAccount: above
|
||||
## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn
|
||||
|
||||
env: {}
|
||||
|
||||
## "valueFrom" environment variable references that will be added to deployment pods
|
||||
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core
|
||||
## Renders in container spec as:
|
||||
## env:
|
||||
## ...
|
||||
## - name: <key>
|
||||
## valueFrom:
|
||||
## <value rendered as YAML>
|
||||
envValueFrom: {}
|
||||
|
||||
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
|
||||
## This can be useful for auth tokens, etc. Value is templated.
|
||||
envFromSecret: ""
|
||||
|
||||
## Sensible environment variables that will be rendered as new secret object
|
||||
## This can be useful for auth tokens, etc
|
||||
envRenderSecret: {}
|
||||
|
||||
## Additional grafana server secret mounts
|
||||
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
|
||||
extraSecretMounts: []
|
||||
# - name: secret-files
|
||||
# mountPath: /etc/secrets
|
||||
# secretName: grafana-secret-files
|
||||
# readOnly: true
|
||||
# subPath: ""
|
||||
#
|
||||
# for AWS EKS (cloudwatch) use the following (see also instruction in env: above)
|
||||
# - name: aws-iam-token
|
||||
# mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
|
||||
# readOnly: true
|
||||
# projected:
|
||||
# defaultMode: 420
|
||||
# sources:
|
||||
# - serviceAccountToken:
|
||||
# audience: sts.amazonaws.com
|
||||
# expirationSeconds: 86400
|
||||
# path: token
|
||||
|
||||
## Additional grafana server volume mounts
|
||||
# Defines additional volume mounts.
|
||||
extraVolumeMounts: []
|
||||
# - name: extra-volume
|
||||
# mountPath: /mnt/volume
|
||||
# readOnly: true
|
||||
# existingClaim: volume-claim
|
||||
|
||||
## Pass the plugins you want installed as a list.
|
||||
##
|
||||
plugins: []
|
||||
# - digrich-bubblechart-panel
|
||||
# - grafana-clock-panel
|
||||
|
||||
## Configure grafana datasources
|
||||
## ref: http://docs.grafana.org/administration/provisioning/#datasources
|
||||
##
|
||||
datasources: {}
|
||||
# datasources.yaml:
|
||||
# apiVersion: 1
|
||||
# datasources:
|
||||
# - name: Prometheus
|
||||
# type: prometheus
|
||||
# url: http://prometheus-prometheus-server
|
||||
# access: proxy
|
||||
# isDefault: true
|
||||
# - name: CloudWatch
|
||||
# type: cloudwatch
|
||||
# access: proxy
|
||||
# uid: cloudwatch
|
||||
# editable: false
|
||||
# jsonData:
|
||||
# authType: credentials
|
||||
# defaultRegion: us-east-1
|
||||
|
||||
## Configure notifiers
|
||||
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels
|
||||
##
|
||||
notifiers: {}
|
||||
# notifiers.yaml:
|
||||
# notifiers:
|
||||
# - name: email-notifier
|
||||
# type: email
|
||||
# uid: email1
|
||||
# # either:
|
||||
# org_id: 1
|
||||
# # or
|
||||
# org_name: Main Org.
|
||||
# is_default: true
|
||||
# settings:
|
||||
# addresses: an_email_address@example.com
|
||||
# delete_notifiers:
|
||||
|
||||
## Configure grafana dashboard providers
|
||||
## ref: http://docs.grafana.org/administration/provisioning/#dashboards
|
||||
##
|
||||
## `path` must be /var/lib/grafana/dashboards/<provider_name>
|
||||
##
|
||||
dashboardProviders: {}
|
||||
# dashboardproviders.yaml:
|
||||
# apiVersion: 1
|
||||
# providers:
|
||||
# - name: 'default'
|
||||
# orgId: 1
|
||||
# folder: ''
|
||||
# type: file
|
||||
# disableDeletion: false
|
||||
# editable: true
|
||||
# options:
|
||||
# path: /var/lib/grafana/dashboards/default
|
||||
|
||||
## Configure grafana dashboard to import
|
||||
## NOTE: To use dashboards you must also enable/configure dashboardProviders
|
||||
## ref: https://grafana.com/dashboards
|
||||
##
|
||||
## dashboards per provider, use provider name as key.
|
||||
##
|
||||
dashboards: {}
|
||||
# default:
|
||||
# some-dashboard:
|
||||
# json: |
|
||||
# $RAW_JSON
|
||||
# custom-dashboard:
|
||||
# file: dashboards/custom-dashboard.json
|
||||
# prometheus-stats:
|
||||
# gnetId: 2
|
||||
# revision: 2
|
||||
# datasource: Prometheus
|
||||
# local-dashboard:
|
||||
# url: https://example.com/repository/test.json
|
||||
# local-dashboard-base64:
|
||||
# url: https://example.com/repository/test-b64.json
|
||||
# b64content: true
|
||||
|
||||
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
|
||||
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
|
||||
## ConfigMap data example:
|
||||
##
|
||||
## data:
|
||||
## example-dashboard.json: |
|
||||
## RAW_JSON
|
||||
##
|
||||
dashboardsConfigMaps: {}
|
||||
# default: ""
|
||||
|
||||
## Grafana's primary configuration
|
||||
## NOTE: values in map will be converted to ini format
|
||||
## ref: http://docs.grafana.org/installation/configuration/
|
||||
##
|
||||
grafana.ini:
|
||||
paths:
|
||||
data: /var/lib/grafana/data
|
||||
logs: /var/log/grafana
|
||||
plugins: /var/lib/grafana/plugins
|
||||
provisioning: /etc/grafana/provisioning
|
||||
analytics:
|
||||
check_for_updates: true
|
||||
log:
|
||||
mode: console
|
||||
grafana_net:
|
||||
url: https://grafana.net
|
||||
## grafana Authentication can be enabled with the following values on grafana.ini
|
||||
# server:
|
||||
# The full public facing url you use in browser, used for redirects and emails
|
||||
# root_url:
|
||||
# https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana
|
||||
# auth.github:
|
||||
# enabled: false
|
||||
# allow_sign_up: false
|
||||
# scopes: user:email,read:org
|
||||
# auth_url: https://github.com/login/oauth/authorize
|
||||
# token_url: https://github.com/login/oauth/access_token
|
||||
# api_url: https://api.github.com/user
|
||||
# team_ids:
|
||||
# allowed_organizations:
|
||||
# client_id:
|
||||
# client_secret:
|
||||
## LDAP Authentication can be enabled with the following values on grafana.ini
|
||||
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
|
||||
# auth.ldap:
|
||||
# enabled: true
|
||||
# allow_sign_up: true
|
||||
# config_file: /etc/grafana/ldap.toml
|
||||
|
||||
## Grafana's LDAP configuration
|
||||
## Templated by the template in _helpers.tpl
|
||||
## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
|
||||
## ref: http://docs.grafana.org/installation/configuration/#auth-ldap
|
||||
## ref: http://docs.grafana.org/installation/ldap/#configuration
|
||||
ldap:
|
||||
enabled: false
|
||||
# `existingSecret` is a reference to an existing secret containing the ldap configuration
|
||||
# for Grafana in a key `ldap-toml`.
|
||||
existingSecret: ""
|
||||
# `config` is the content of `ldap.toml` that will be stored in the created secret
|
||||
config: ""
|
||||
# config: |-
|
||||
# verbose_logging = true
|
||||
|
||||
# [[servers]]
|
||||
# host = "my-ldap-server"
|
||||
# port = 636
|
||||
# use_ssl = true
|
||||
# start_tls = false
|
||||
# ssl_skip_verify = false
|
||||
# bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"
|
||||
|
||||
## Grafana's SMTP configuration
|
||||
## NOTE: To enable, grafana.ini must be configured with smtp.enabled
|
||||
## ref: http://docs.grafana.org/installation/configuration/#smtp
|
||||
smtp:
|
||||
# `existingSecret` is a reference to an existing secret containing the smtp configuration
|
||||
# for Grafana.
|
||||
existingSecret: ""
|
||||
userKey: "user"
|
||||
passwordKey: "password"
|
||||
|
||||
## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders
|
||||
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
|
||||
sidecar:
|
||||
image:
|
||||
repository: kiwigrid/k8s-sidecar
|
||||
tag: 1.1.0
|
||||
sha: ""
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 100Mi
|
||||
# requests:
|
||||
# cpu: 50m
|
||||
# memory: 50Mi
|
||||
# skipTlsVerify Set to true to skip tls verification for kube api calls
|
||||
# skipTlsVerify: true
|
||||
enableUniqueFilenames: false
|
||||
dashboards:
|
||||
enabled: false
|
||||
SCProvider: true
|
||||
# label that the configmaps with dashboards are marked with
|
||||
label: grafana_dashboard
|
||||
# folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set)
|
||||
folder: /tmp/dashboards
|
||||
# The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead
|
||||
defaultFolderName: null
|
||||
# If specified, the sidecar will search for dashboard config-maps inside this namespace.
|
||||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
# If specified, the sidecar will look for annotation with this name to create folder and put graph here.
|
||||
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
|
||||
folderAnnotation: null
|
||||
# provider configuration that lets grafana manage the dashboards
|
||||
provider:
|
||||
# name of the provider, should be unique
|
||||
name: sidecarProvider
|
||||
# orgid as configured in grafana
|
||||
orgid: 1
|
||||
# folder in which the dashboards should be imported in grafana
|
||||
folder: ''
|
||||
# type of the provider
|
||||
type: file
|
||||
# disableDelete to activate a import-only behaviour
|
||||
disableDelete: false
|
||||
# allow updating provisioned dashboards from the UI
|
||||
allowUiUpdates: false
|
||||
# allow Grafana to replicate dashboard structure from filesystem
|
||||
foldersFromFilesStructure: false
|
||||
datasources:
|
||||
enabled: false
|
||||
# label that the configmaps with datasources are marked with
|
||||
label: grafana_datasource
|
||||
# If specified, the sidecar will search for datasource config-maps inside this namespace.
|
||||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
notifiers:
|
||||
enabled: false
|
||||
# label that the configmaps with notifiers are marked with
|
||||
label: grafana_notifier
|
||||
# If specified, the sidecar will search for notifier config-maps inside this namespace.
|
||||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
|
||||
## Number of old ReplicaSets to retain
|
||||
##
|
||||
revisionHistoryLimit: 10
|
||||
|
||||
## Add a seperate remote image renderer deployment/service
|
||||
imageRenderer:
|
||||
# Enable the image-renderer deployment & service
|
||||
enabled: false
|
||||
replicas: 1
|
||||
image:
|
||||
# image-renderer Image repository
|
||||
repository: grafana/grafana-image-renderer
|
||||
# image-renderer Image tag
|
||||
tag: latest
|
||||
# image-renderer Image sha (optional)
|
||||
sha: ""
|
||||
# image-renderer ImagePullPolicy
|
||||
pullPolicy: Always
|
||||
# extra environment variables
|
||||
env: {}
|
||||
# RENDERING_ARGS: --disable-gpu,--window-size=1280x758
|
||||
# RENDERING_MODE: clustered
|
||||
# image-renderer deployment securityContext
|
||||
securityContext: {}
|
||||
# image-renderer deployment Host Aliases
|
||||
hostAliases: []
|
||||
# image-renderer deployment priority class
|
||||
priorityClassName: ''
|
||||
service:
|
||||
# image-renderer service port name
|
||||
portName: 'http'
|
||||
# image-renderer service port used by both service and deployment
|
||||
port: 8081
|
||||
# name of the image-renderer port on the pod
|
||||
podPortName: http
|
||||
# number of image-renderer replica sets to keep
|
||||
revisionHistoryLimit: 10
|
||||
networkPolicy:
|
||||
# Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods
|
||||
limitIngress: true
|
||||
# Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods
|
||||
limitEgress: false
|
||||
resources: {}
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 100Mi
|
||||
# requests:
|
||||
# cpu: 50m
|
||||
# memory: 50Mi
|
@ -0,0 +1,21 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
appVersion: 1.9.7
|
||||
deprecated: true
|
||||
description: DEPRECATED - Install kube-state-metrics to generate and expose cluster-level
|
||||
metrics
|
||||
home: https://github.com/kubernetes/kube-state-metrics/
|
||||
keywords:
|
||||
- metric
|
||||
- monitoring
|
||||
- prometheus
|
||||
- kubernetes
|
||||
name: kube-state-metrics
|
||||
sources:
|
||||
- https://github.com/kubernetes/kube-state-metrics/
|
||||
version: 2.9.4
|
@ -0,0 +1,91 @@
|
||||
# ⚠️ Repo Archive Notice
|
||||
|
||||
As of Nov 13, 2020, charts in this repo will no longer be updated.
|
||||
For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/).
|
||||
|
||||
# kube-state-metrics Helm Chart
|
||||
|
||||
* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
|
||||
|
||||
## DEPRECATION NOTICE
|
||||
|
||||
This chart is deprecated and no longer supported.
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```bash
|
||||
$ helm install stable/kube-state-metrics
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------|
|
||||
| `image.repository` | The image repository to pull from | `quay.io/coreos/kube-state-metrics` |
|
||||
| `image.tag` | The image tag to pull from | `v1.9.7` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `imagePullSecrets` | List of container registry secrets | `[]` |
|
||||
| `replicas` | Number of replicas | `1` |
|
||||
| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` |
|
||||
| `service.port` | The port of the container | `8080` |
|
||||
| `service.annotations` | Annotations to be added to the service | `{}` |
|
||||
| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` |
|
||||
| `hostNetwork` | Whether or not to use the host network | `false` |
|
||||
| `prometheusScrape` | Whether or not enable prom scrape | `true` |
|
||||
| `rbac.create` | If true, create & use RBAC resources | `true` |
|
||||
| `serviceAccount.create` | If true, create & use serviceAccount | `true` |
|
||||
| `serviceAccount.name` | If not set & create is true, use template fullname | |
|
||||
| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` |
|
||||
| `serviceAccount.annotations` | Annotations to be added to the serviceAccount | `{}` |
|
||||
| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources. Note that related RBACs are created only if `rbac.enabled` is `true`. | `false` |
|
||||
| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
|
||||
| `podSecurityPolicy.additionalVolumes` | Specify allowed volumes in the pod security policy (`secret` is always allowed) | `[]` |
|
||||
| `securityContext.enabled` | Enable security context | `true` |
|
||||
| `securityContext.fsGroup` | Group ID for the filesystem | `65534` |
|
||||
| `securityContext.runAsGroup` | Group ID for the container | `65534` |
|
||||
| `securityContext.runAsUser` | User ID for the container | `65534` |
|
||||
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `affinity` | Affinity settings for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `podAnnotations` | Annotations to be added to the pod | `{}` |
|
||||
| `podDisruptionBudget` | Optional PodDisruptionBudget | `{}` |
|
||||
| `resources` | kube-state-metrics resource requests and limits | `{}` |
|
||||
| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` |
|
||||
| `collectors.configmaps` | Enable the configmaps collector. | `true` |
|
||||
| `collectors.cronjobs` | Enable the cronjobs collector. | `true` |
|
||||
| `collectors.daemonsets` | Enable the daemonsets collector. | `true` |
|
||||
| `collectors.deployments` | Enable the deployments collector. | `true` |
|
||||
| `collectors.endpoints` | Enable the endpoints collector. | `true` |
|
||||
| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` |
|
||||
| `collectors.ingresses` | Enable the ingresses collector. | `true` |
|
||||
| `collectors.jobs` | Enable the jobs collector. | `true` |
|
||||
| `collectors.limitranges` | Enable the limitranges collector. | `true` |
|
||||
| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `true` |
|
||||
| `collectors.namespaces` | Enable the namespaces collector. | `true` |
|
||||
| `collectors.networkpolicies` | Enable the networkpolicies collector. | `true` |
|
||||
| `collectors.nodes` | Enable the nodes collector. | `true` |
|
||||
| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` |
|
||||
| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` |
|
||||
| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` |
|
||||
| `collectors.pods` | Enable the pods collector. | `true` |
|
||||
| `collectors.replicasets` | Enable the replicasets collector. | `true` |
|
||||
| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` |
|
||||
| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` |
|
||||
| `collectors.secrets` | Enable the secrets collector. | `true` |
|
||||
| `collectors.services` | Enable the services collector. | `true` |
|
||||
| `collectors.statefulsets` | Enable the statefulsets collector. | `true` |
|
||||
| `collectors.storageclasses` | Enable the storageclasses collector. | `true` |
|
||||
| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `true` |
|
||||
| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `true` |
|
||||
| `collectors.volumeattachments` | Enable the volumeattachments collector. | `true` |
|
||||
| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
|
||||
| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` |
|
||||
| `prometheus.monitor.honorLabels` | Honor metric labels | `false` |
|
||||
| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
|
||||
| `kubeTargetVersionOverride` | Override the k8s version of the target cluster | `""` |
|
||||
| `kubeconfig.enabled` | Adds --kubeconfig arg to container at startup | `""` |
|
||||
| `kubeconfig.secret` | Base64 encoded kubeconfig file | `""` |
|
@ -0,0 +1,10 @@
|
||||
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
|
||||
The exposed metrics can be found here:
|
||||
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
|
||||
|
||||
The metrics are exported on the HTTP endpoint /metrics on the listening port.
|
||||
In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
|
||||
|
||||
They are served either as plaintext or protobuf depending on the Accept header.
|
||||
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
|
||||
|
@ -0,0 +1,47 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,180 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
rules:
|
||||
{{ if .Values.collectors.certificatesigningrequests }}
|
||||
- apiGroups: ["certificates.k8s.io"]
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.configmaps }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- configmaps
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.cronjobs }}
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- cronjobs
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.daemonsets }}
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- daemonsets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.deployments }}
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- deployments
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.endpoints }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- endpoints
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.horizontalpodautoscalers }}
|
||||
- apiGroups: ["autoscaling"]
|
||||
resources:
|
||||
- horizontalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.ingresses }}
|
||||
- apiGroups: ["extensions", "networking.k8s.io"]
|
||||
resources:
|
||||
- ingresses
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.jobs }}
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- jobs
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.limitranges }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- limitranges
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.mutatingwebhookconfigurations }}
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- mutatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.namespaces }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- namespaces
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.networkpolicies }}
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.nodes }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- nodes
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.persistentvolumeclaims }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.persistentvolumes }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumes
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.poddisruptionbudgets }}
|
||||
- apiGroups: ["policy"]
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.pods }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- pods
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.replicasets }}
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- replicasets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.replicationcontrollers }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- replicationcontrollers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.resourcequotas }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- resourcequotas
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.secrets }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- secrets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.services }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- services
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.statefulsets }}
|
||||
- apiGroups: ["apps"]
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.storageclasses }}
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.validatingwebhookconfigurations }}
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.volumeattachments }}
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- volumeattachments
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if .Values.collectors.verticalpodautoscalers }}
|
||||
- apiGroups: ["autoscaling.k8s.io"]
|
||||
resources:
|
||||
- verticalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,19 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end -}}
|
@ -0,0 +1,206 @@
|
||||
apiVersion: apps/v1
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
kind: StatefulSet
|
||||
{{- else }}
|
||||
kind: Deployment
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
serviceName: {{ template "kube-state-metrics.fullname" . }}
|
||||
volumeClaimTemplates: []
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
hostNetwork: {{ .Values.hostNetwork }}
|
||||
serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
runAsGroup: {{ .Values.securityContext.runAsGroup }}
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- end }}
|
||||
args:
|
||||
{{ if .Values.collectors.certificatesigningrequests }}
|
||||
- --collectors=certificatesigningrequests
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.configmaps }}
|
||||
- --collectors=configmaps
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.cronjobs }}
|
||||
- --collectors=cronjobs
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.daemonsets }}
|
||||
- --collectors=daemonsets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.deployments }}
|
||||
- --collectors=deployments
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.endpoints }}
|
||||
- --collectors=endpoints
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.horizontalpodautoscalers }}
|
||||
- --collectors=horizontalpodautoscalers
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.ingresses }}
|
||||
- --collectors=ingresses
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.jobs }}
|
||||
- --collectors=jobs
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.limitranges }}
|
||||
- --collectors=limitranges
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.mutatingwebhookconfigurations }}
|
||||
- --collectors=mutatingwebhookconfigurations
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.namespaces }}
|
||||
- --collectors=namespaces
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.networkpolicies }}
|
||||
- --collectors=networkpolicies
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.nodes }}
|
||||
- --collectors=nodes
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.persistentvolumeclaims }}
|
||||
- --collectors=persistentvolumeclaims
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.persistentvolumes }}
|
||||
- --collectors=persistentvolumes
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.poddisruptionbudgets }}
|
||||
- --collectors=poddisruptionbudgets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.pods }}
|
||||
- --collectors=pods
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.replicasets }}
|
||||
- --collectors=replicasets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.replicationcontrollers }}
|
||||
- --collectors=replicationcontrollers
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.resourcequotas }}
|
||||
- --collectors=resourcequotas
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.secrets }}
|
||||
- --collectors=secrets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.services }}
|
||||
- --collectors=services
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.statefulsets }}
|
||||
- --collectors=statefulsets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.storageclasses }}
|
||||
- --collectors=storageclasses
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.validatingwebhookconfigurations }}
|
||||
- --collectors=validatingwebhookconfigurations
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.verticalpodautoscalers }}
|
||||
- --collectors=verticalpodautoscalers
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.volumeattachments }}
|
||||
- --collectors=volumeattachments
|
||||
{{ end }}
|
||||
{{ if .Values.namespace }}
|
||||
- --namespace={{ .Values.namespace }}
|
||||
{{ end }}
|
||||
{{ if .Values.autosharding.enabled }}
|
||||
- --pod=$(POD_NAME)
|
||||
- --pod-namespace=$(POD_NAMESPACE)
|
||||
{{ end }}
|
||||
{{ if .Values.kubeconfig.enabled }}
|
||||
- --kubeconfig=/opt/k8s/.kube/config
|
||||
{{ end }}
|
||||
{{- if .Values.kubeconfig.enabled }}
|
||||
volumeMounts:
|
||||
- name: kubeconfig
|
||||
mountPath: /opt/k8s/.kube/
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
{{- if .Values.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeconfig.enabled}}
|
||||
volumes:
|
||||
- name: kubeconfig
|
||||
secret:
|
||||
secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||
{{- end }}
|
@ -0,0 +1,15 @@
|
||||
{{- if .Values.kubeconfig.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
type: Opaque
|
||||
data:
|
||||
config: '{{ .Values.kubeconfig.secret }}'
|
||||
{{- end -}}
|
@ -0,0 +1,17 @@
|
||||
{{- if .Values.podDisruptionBudget -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
||||
{{- end -}}
|
@ -0,0 +1,42 @@
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Values.podSecurityPolicy.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
volumes:
|
||||
- 'secret'
|
||||
{{- if .Values.podSecurityPolicy.additionalVolumes }}
|
||||
{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
|
||||
{{- end }}
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'MustRunAsNonRoot'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
@ -0,0 +1,22 @@
|
||||
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
rules:
|
||||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
|
||||
- apiGroups: ['policy']
|
||||
{{- else }}
|
||||
- apiGroups: ['extensions']
|
||||
{{- end }}
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "kube-state-metrics.fullname" . }}
|
||||
{{- end }}
|
@ -0,0 +1,19 @@
|
||||
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end }}
|
@ -0,0 +1,36 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if .Values.prometheusScrape }}
|
||||
prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
|
||||
{{- end }}
|
||||
{{- if .Values.service.annotations }}
|
||||
{{- toYaml .Values.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: "{{ .Values.service.type }}"
|
||||
ports:
|
||||
- name: "http"
|
||||
protocol: TCP
|
||||
port: {{ .Values.service.port }}
|
||||
{{- if .Values.service.nodePort }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
targetPort: 8080
|
||||
{{- if .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
|
||||
{{- end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
@ -0,0 +1,18 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- if .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
|
||||
{{- end -}}
|
@ -0,0 +1,25 @@
|
||||
{{- if .Values.prometheus.monitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
{{- if .Values.prometheus.monitor.additionalLabels }}
|
||||
{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,29 @@
|
||||
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- apps
|
||||
resourceNames:
|
||||
- {{ template "kube-state-metrics.fullname" . }}
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
{{- end }}
|
@ -0,0 +1,20 @@
|
||||
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end }}
|
@ -0,0 +1,161 @@
|
||||
# Default values for kube-state-metrics.
|
||||
prometheusScrape: true
|
||||
image:
|
||||
repository: quay.io/coreos/kube-state-metrics
|
||||
tag: v1.9.7
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
|
||||
# will be automatically sharded across <.Values.replicas> pods using the built-in
|
||||
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
|
||||
# This is an experimental feature and there are no stability guarantees.
|
||||
autosharding:
|
||||
enabled: false
|
||||
|
||||
replicas: 1
|
||||
|
||||
service:
|
||||
port: 8080
|
||||
# Default to clusterIP for backward compatibility
|
||||
type: ClusterIP
|
||||
nodePort: 0
|
||||
loadBalancerIP: ""
|
||||
annotations: {}
|
||||
|
||||
customLabels: {}
|
||||
|
||||
hostNetwork: false
|
||||
|
||||
rbac:
|
||||
# If true, create & use RBAC resources
|
||||
create: true
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created, require rbac true
|
||||
create: true
|
||||
# The name of the ServiceAccount to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
# Reference to one or more secrets to be used when pulling images
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
imagePullSecrets: []
|
||||
# ServiceAccount annotations.
|
||||
# Use case: AWS EKS IAM roles for service accounts
|
||||
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
|
||||
annotations: {}
|
||||
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
honorLabels: false
|
||||
|
||||
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||
##
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
## Specify pod annotations
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
||||
##
|
||||
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
||||
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||
|
||||
additionalVolumes: []
|
||||
|
||||
securityContext:
|
||||
enabled: true
|
||||
runAsGroup: 65534
|
||||
runAsUser: 65534
|
||||
fsGroup: 65534
|
||||
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
nodeSelector: {}
|
||||
|
||||
## Affinity settings for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||
affinity: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations: []
|
||||
|
||||
# Annotations to be added to the pod
|
||||
podAnnotations: {}
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName: ""
|
||||
|
||||
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget: {}
|
||||
|
||||
# Available collectors for kube-state-metrics. By default all available
|
||||
# collectors are enabled.
|
||||
collectors:
|
||||
certificatesigningrequests: true
|
||||
configmaps: true
|
||||
cronjobs: true
|
||||
daemonsets: true
|
||||
deployments: true
|
||||
endpoints: true
|
||||
horizontalpodautoscalers: true
|
||||
ingresses: true
|
||||
jobs: true
|
||||
limitranges: true
|
||||
mutatingwebhookconfigurations: true
|
||||
namespaces: true
|
||||
networkpolicies: true
|
||||
nodes: true
|
||||
persistentvolumeclaims: true
|
||||
persistentvolumes: true
|
||||
poddisruptionbudgets: true
|
||||
pods: true
|
||||
replicasets: true
|
||||
replicationcontrollers: true
|
||||
resourcequotas: true
|
||||
secrets: true
|
||||
services: true
|
||||
statefulsets: true
|
||||
storageclasses: true
|
||||
validatingwebhookconfigurations: true
|
||||
verticalpodautoscalers: false
|
||||
volumeattachments: true
|
||||
|
||||
# Enabling kubeconfig will pass the --kubeconfig argument to the container
|
||||
kubeconfig:
|
||||
enabled: false
|
||||
# base64 encoded kube-config file
|
||||
secret:
|
||||
|
||||
# Namespace to be enabled for collecting resources. By default all namespaces are collected.
|
||||
# namespace: ""
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 64Mi
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
|
||||
## For example: kubeTargetVersionOverride: 1.14.9
|
||||
##
|
||||
kubeTargetVersionOverride: ""
|
@ -0,0 +1,21 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
appVersion: 1.0.1
|
||||
description: A Helm chart for prometheus node-exporter
|
||||
home: https://github.com/prometheus/node_exporter/
|
||||
keywords:
|
||||
- node-exporter
|
||||
- prometheus
|
||||
- exporter
|
||||
maintainers:
|
||||
- email: gianrubio@gmail.com
|
||||
name: gianrubio
|
||||
- name: vsliouniaev
|
||||
name: prometheus-node-exporter
|
||||
sources:
|
||||
- https://github.com/prometheus/node_exporter/
|
||||
version: 1.12.0
|
@ -0,0 +1,63 @@
|
||||
# Prometheus Node Exporter
|
||||
|
||||
Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors.
|
||||
|
||||
This chart bootstraps a prometheus [Node Exporter](http://github.com/prometheus/node_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter
|
||||
|
||||
# Helm 2
|
||||
$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-node-exporter
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm uninstall [RELEASE_NAME]
|
||||
|
||||
# Helm 2
|
||||
# helm delete --purge [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
# Helm 3 or 2
|
||||
$ helm upgrade [RELEASE_NAME] [CHART] --install
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
## Configuring
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
|
||||
|
||||
```console
|
||||
# Helm 2
|
||||
$ helm inspect values prometheus-community/prometheus-node-exporter
|
||||
|
||||
# Helm 3
|
||||
$ helm show values prometheus-community/prometheus-node-exporter
|
||||
```
|
@ -0,0 +1,3 @@
|
||||
service:
|
||||
targetPort: 9102
|
||||
port: 9102
|
@ -0,0 +1,15 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:9100 to use your application"
|
||||
kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100
|
||||
{{- end }}
|
@ -0,0 +1,66 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Generate basic labels */}}
|
||||
{{- define "prometheus-node-exporter.labels" }}
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
heritage: {{.Release.Service }}
|
||||
release: {{.Release.Name }}
|
||||
chart: {{ template "prometheus-node-exporter.chart" . }}
|
||||
{{- if .Values.podLabels}}
|
||||
{{ toYaml .Values.podLabels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,159 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.rbac.create .Values.serviceAccount.create }}
|
||||
serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: node-exporter
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
- --path.procfs=/host/proc
|
||||
- --path.sysfs=/host/sys
|
||||
- --path.rootfs=/host/root
|
||||
- --web.listen-address=$(HOST_IP):{{ .Values.service.port }}
|
||||
{{- if .Values.extraArgs }}
|
||||
{{ toYaml .Values.extraArgs | indent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: HOST_IP
|
||||
{{- if .Values.service.listenOnAllInterfaces }}
|
||||
value: 0.0.0.0
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.port }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.port }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: proc
|
||||
mountPath: /host/proc
|
||||
readOnly: true
|
||||
- name: sys
|
||||
mountPath: /host/sys
|
||||
readOnly: true
|
||||
- name: root
|
||||
mountPath: /host/root
|
||||
mountPropagation: HostToContainer
|
||||
readOnly: true
|
||||
{{- if .Values.extraHostVolumeMounts }}
|
||||
{{- range $_, $mount := .Values.extraHostVolumeMounts }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
readOnly: {{ $mount.readOnly }}
|
||||
{{- if $mount.mountPropagation }}
|
||||
mountPropagation: {{ $mount.mountPropagation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecarVolumeMount }}
|
||||
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmaps }}
|
||||
{{- range $_, $mount := .Values.configmaps }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars }}
|
||||
{{ toYaml .Values.sidecars | indent 8 }}
|
||||
{{- if .Values.sidecarVolumeMount }}
|
||||
volumeMounts:
|
||||
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
readOnly: {{ $mount.readOnly }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.hostNetwork }}
|
||||
hostPID: true
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: root
|
||||
hostPath:
|
||||
path: /
|
||||
{{- if .Values.extraHostVolumeMounts }}
|
||||
{{- range $_, $mount := .Values.extraHostVolumeMounts }}
|
||||
- name: {{ $mount.name }}
|
||||
hostPath:
|
||||
path: {{ $mount.hostPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecarVolumeMount }}
|
||||
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||||
- name: {{ $mount.name }}
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmaps }}
|
||||
{{- range $_, $mount := .Values.configmaps }}
|
||||
- name: {{ $mount.name }}
|
||||
configMap:
|
||||
name: {{ $mount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,18 @@
|
||||
{{- if .Values.endpoints }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels:
|
||||
{{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 9100
|
||||
protocol: TCP
|
||||
{{- end }}
|
@ -0,0 +1,25 @@
|
||||
{{- if .Values.prometheus.monitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
{{- if .Values.prometheus.monitor.additionalLabels }}
|
||||
{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- if .Values.prometheus.monitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.relabelings }}
|
||||
relabelings:
|
||||
{{ toYaml .Values.prometheus.monitor.relabelings | indent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,15 @@
|
||||
{{- if .Values.rbac.create }}
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: psp-{{ template "prometheus-node-exporter.fullname" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
rules:
|
||||
- apiGroups: ['extensions']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "prometheus-node-exporter.fullname" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,17 @@
|
||||
{{- if .Values.rbac.create }}
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: psp-{{ template "prometheus-node-exporter.fullname" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: psp-{{ template "prometheus-node-exporter.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,52 @@
|
||||
{{- if .Values.rbac.create }}
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
spec:
|
||||
privileged: false
|
||||
# Required to prevent escalations to root.
|
||||
# allowPrivilegeEscalation: false
|
||||
# This is redundant with non-root + disallow privilege escalation,
|
||||
# but we can provide it for defense in depth.
|
||||
#requiredDropCapabilities:
|
||||
# - ALL
|
||||
# Allow core volume types.
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'persistentVolumeClaim'
|
||||
- 'hostPath'
|
||||
hostNetwork: true
|
||||
hostIPC: false
|
||||
hostPID: true
|
||||
hostPorts:
|
||||
- min: 0
|
||||
max: 65535
|
||||
runAsUser:
|
||||
# Permits the container to run with root privileges as well.
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
# This policy assumes the nodes are using AppArmor rather than SELinux.
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 0
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 0
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,23 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
{{- if .Values.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
{{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
selector:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
release: {{ .Release.Name }}
|
@ -0,0 +1,16 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.serviceAccountName" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
chart: {{ template "prometheus-node-exporter.chart" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,141 @@
|
||||
# Default values for prometheus-node-exporter.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
image:
|
||||
repository: quay.io/prometheus/node-exporter
|
||||
tag: v1.0.1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 9100
|
||||
targetPort: 9100
|
||||
nodePort:
|
||||
listenOnAllInterfaces: true
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
|
||||
relabelings: []
|
||||
scrapeTimeout: 10s
|
||||
|
||||
## Customize the updateStrategy if set
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 200m
|
||||
# memory: 50Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 30Mi
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created
|
||||
create: true
|
||||
# The name of the ServiceAccount to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
imagePullSecrets: []
|
||||
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65534
|
||||
|
||||
rbac:
|
||||
## If true, create & use RBAC resources
|
||||
##
|
||||
create: true
|
||||
## If true, create & use Pod Security Policy resources
|
||||
## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||
pspEnabled: true
|
||||
|
||||
# for deployments that have node_exporter deployed outside of the cluster, list
|
||||
# their addresses here
|
||||
endpoints: []
|
||||
|
||||
# Expose the service to the host network
|
||||
hostNetwork: true
|
||||
|
||||
## Assign a group of affinity scheduling rules
|
||||
##
|
||||
affinity: {}
|
||||
# nodeAffinity:
|
||||
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||
# nodeSelectorTerms:
|
||||
# - matchFields:
|
||||
# - key: metadata.name
|
||||
# operator: In
|
||||
# values:
|
||||
# - target-host-name
|
||||
|
||||
# Annotations to be added to node exporter pods
|
||||
podAnnotations: {}
|
||||
|
||||
# Extra labels to be added to node exporter pods
|
||||
podLabels: {}
|
||||
|
||||
## Assign a nodeSelector if operating a hybrid cluster
|
||||
##
|
||||
nodeSelector: {}
|
||||
# beta.kubernetes.io/arch: amd64
|
||||
# beta.kubernetes.io/os: linux
|
||||
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName: ""
|
||||
|
||||
## Additional container arguments
|
||||
##
|
||||
extraArgs: []
|
||||
# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$
|
||||
# - --collector.textfile.directory=/run/prometheus
|
||||
|
||||
## Additional mounts from the host
|
||||
##
|
||||
extraHostVolumeMounts: []
|
||||
# - name: <mountName>
|
||||
# hostPath: <hostPath>
|
||||
# mountPath: <mountPath>
|
||||
# readOnly: true|false
|
||||
# mountPropagation: None|HostToContainer|Bidirectional
|
||||
|
||||
## Additional configmaps to be mounted.
|
||||
##
|
||||
configmaps: []
|
||||
# - name: <configMapName>
|
||||
# mountPath: <mountPath>
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
|
||||
## Additional containers for export metrics to text file
|
||||
##
|
||||
sidecars: []
|
||||
## - name: nvidia-dcgm-exporter
|
||||
## image: nvidia/dcgm-exporter:1.4.3
|
||||
|
||||
## Volume for sidecar containers
|
||||
##
|
||||
sidecarVolumeMount: []
|
||||
## - name: collector-textfiles
|
||||
## mountPath: /run/prometheus
|
||||
## readOnly: false
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,356 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: podmonitors.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
kind: PodMonitor
|
||||
listKind: PodMonitorList
|
||||
plural: podmonitors
|
||||
singular: podmonitor
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: PodMonitor defines monitoring for a set of pods.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired Pod selection for target discovery by Prometheus.
|
||||
properties:
|
||||
jobLabel:
|
||||
description: The label to use to retrieve the job name from.
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: Selector to select which namespaces the Endpoints objects are discovered from.
|
||||
properties:
|
||||
any:
|
||||
description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
|
||||
type: boolean
|
||||
matchNames:
|
||||
description: List of namespace names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podMetricsEndpoints:
|
||||
description: A list of endpoints allowed as part of this PodMonitor.
|
||||
items:
|
||||
description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.
|
||||
properties:
|
||||
basicAuth:
|
||||
description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
|
||||
properties:
|
||||
password:
|
||||
description: The secret in the service monitor namespace that contains the password for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
username:
|
||||
description: The secret in the service monitor namespace that contains the username for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
bearerTokenSecret:
|
||||
description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
honorLabels:
|
||||
description: HonorLabels chooses the metric's labels on collisions with target labels.
|
||||
type: boolean
|
||||
honorTimestamps:
|
||||
description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
|
||||
type: boolean
|
||||
interval:
|
||||
description: Interval at which metrics should be scraped
|
||||
type: string
|
||||
metricRelabelings:
|
||||
description: MetricRelabelConfigs to apply to samples before ingestion.
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching. Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
params:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: Optional HTTP URL parameters
|
||||
type: object
|
||||
path:
|
||||
description: HTTP path to scrape for metrics.
|
||||
type: string
|
||||
port:
|
||||
description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.
|
||||
type: string
|
||||
proxyUrl:
|
||||
description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
|
||||
type: string
|
||||
relabelings:
|
||||
description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching. Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
scheme:
|
||||
description: HTTP scheme to use for scraping.
|
||||
type: string
|
||||
scrapeTimeout:
|
||||
description: Timeout after which the scrape is ended
|
||||
type: string
|
||||
targetPort:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: 'Deprecated: Use ''port'' instead.'
|
||||
x-kubernetes-int-or-string: true
|
||||
tlsConfig:
|
||||
description: TLS configuration to use when scraping the endpoint.
|
||||
properties:
|
||||
ca:
|
||||
description: Struct containing the CA cert to use for the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
cert:
|
||||
description: Struct containing the client cert file for the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: Disable target certificate validation.
|
||||
type: boolean
|
||||
keySecret:
|
||||
description: Secret containing the client key file for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
serverName:
|
||||
description: Used to verify the hostname for the targets.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
podTargetLabels:
|
||||
description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
sampleLimit:
|
||||
description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
selector:
|
||||
description: Selector to select Pod objects.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
targetLimit:
|
||||
description: TargetLimit defines a limit on the number of scraped targets that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
required:
|
||||
- podMetricsEndpoints
|
||||
- selector
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,169 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: probes.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
kind: Probe
|
||||
listKind: ProbeList
|
||||
plural: probes
|
||||
singular: probe
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Probe defines monitoring for a set of static targets or ingresses.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired Ingress selection for target discovery by Prometheus.
|
||||
properties:
|
||||
interval:
|
||||
description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.
|
||||
type: string
|
||||
jobName:
|
||||
description: The job name assigned to scraped metrics by default.
|
||||
type: string
|
||||
module:
|
||||
description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
|
||||
type: string
|
||||
prober:
|
||||
description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.
|
||||
properties:
|
||||
path:
|
||||
description: Path to collect metrics from. Defaults to `/probe`.
|
||||
type: string
|
||||
scheme:
|
||||
description: HTTP scheme to use for scraping. Defaults to `http`.
|
||||
type: string
|
||||
url:
|
||||
description: Mandatory URL of the prober.
|
||||
type: string
|
||||
required:
|
||||
- url
|
||||
type: object
|
||||
scrapeTimeout:
|
||||
description: Timeout for scraping metrics from the Prometheus exporter.
|
||||
type: string
|
||||
targets:
|
||||
description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober.
|
||||
properties:
|
||||
ingress:
|
||||
description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing.
|
||||
properties:
|
||||
namespaceSelector:
|
||||
description: Select Ingress objects by namespace.
|
||||
properties:
|
||||
any:
|
||||
description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
|
||||
type: boolean
|
||||
matchNames:
|
||||
description: List of namespace names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
relabelingConfigs:
|
||||
description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching. Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
selector:
|
||||
description: Select Ingress objects by labels.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
staticConfig:
|
||||
description: 'StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
|
||||
properties:
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Labels assigned to all metrics scraped from the targets.
|
||||
type: object
|
||||
static:
|
||||
description: Targets is a list of URLs to probe using the configured prober.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,90 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: prometheusrules.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
kind: PrometheusRule
|
||||
listKind: PrometheusRuleList
|
||||
plural: prometheusrules
|
||||
singular: prometheusrule
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: PrometheusRule defines recording and alerting rules for a Prometheus instance
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired alerting rule definitions for Prometheus.
|
||||
properties:
|
||||
groups:
|
||||
description: Content of Prometheus rule file
|
||||
items:
|
||||
description: 'RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response'
|
||||
properties:
|
||||
interval:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
partial_response_strategy:
|
||||
type: string
|
||||
rules:
|
||||
items:
|
||||
description: Rule describes an alerting or recording rule.
|
||||
properties:
|
||||
alert:
|
||||
type: string
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
expr:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
for:
|
||||
type: string
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
record:
|
||||
type: string
|
||||
required:
|
||||
- expr
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- name
|
||||
- rules
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,373 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: servicemonitors.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
kind: ServiceMonitor
|
||||
listKind: ServiceMonitorList
|
||||
plural: servicemonitors
|
||||
singular: servicemonitor
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: ServiceMonitor defines monitoring for a set of services.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired Service selection for target discovery by Prometheus.
|
||||
properties:
|
||||
endpoints:
|
||||
description: A list of endpoints allowed as part of this ServiceMonitor.
|
||||
items:
|
||||
description: Endpoint defines a scrapeable endpoint serving Prometheus metrics.
|
||||
properties:
|
||||
basicAuth:
|
||||
description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
|
||||
properties:
|
||||
password:
|
||||
description: The secret in the service monitor namespace that contains the password for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
username:
|
||||
description: The secret in the service monitor namespace that contains the username for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
bearerTokenFile:
|
||||
description: File to read bearer token for scraping targets.
|
||||
type: string
|
||||
bearerTokenSecret:
|
||||
description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
honorLabels:
|
||||
description: HonorLabels chooses the metric's labels on collisions with target labels.
|
||||
type: boolean
|
||||
honorTimestamps:
|
||||
description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
|
||||
type: boolean
|
||||
interval:
|
||||
description: Interval at which metrics should be scraped
|
||||
type: string
|
||||
metricRelabelings:
|
||||
description: MetricRelabelConfigs to apply to samples before ingestion.
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching. Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
params:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: Optional HTTP URL parameters
|
||||
type: object
|
||||
path:
|
||||
description: HTTP path to scrape for metrics.
|
||||
type: string
|
||||
port:
|
||||
description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort.
|
||||
type: string
|
||||
proxyUrl:
|
||||
description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
|
||||
type: string
|
||||
relabelings:
|
||||
description: 'RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching. Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
scheme:
|
||||
description: HTTP scheme to use for scraping.
|
||||
type: string
|
||||
scrapeTimeout:
|
||||
description: Timeout after which the scrape is ended
|
||||
type: string
|
||||
targetPort:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port.
|
||||
x-kubernetes-int-or-string: true
|
||||
tlsConfig:
|
||||
description: TLS configuration to use when scraping the endpoint
|
||||
properties:
|
||||
ca:
|
||||
description: Struct containing the CA cert to use for the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
caFile:
|
||||
description: Path to the CA cert in the Prometheus container to use for the targets.
|
||||
type: string
|
||||
cert:
|
||||
description: Struct containing the client cert file for the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
certFile:
|
||||
description: Path to the client cert file in the Prometheus container for the targets.
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
description: Disable target certificate validation.
|
||||
type: boolean
|
||||
keyFile:
|
||||
description: Path to the client key file in the Prometheus container for the targets.
|
||||
type: string
|
||||
keySecret:
|
||||
description: Secret containing the client key file for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
serverName:
|
||||
description: Used to verify the hostname for the targets.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
jobLabel:
|
||||
description: The label to use to retrieve the job name from.
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: Selector to select which namespaces the Endpoints objects are discovered from.
|
||||
properties:
|
||||
any:
|
||||
description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
|
||||
type: boolean
|
||||
matchNames:
|
||||
description: List of namespace names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podTargetLabels:
|
||||
description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
sampleLimit:
|
||||
description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
selector:
|
||||
description: Selector to select Endpoints objects.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
targetLabels:
|
||||
description: TargetLabels transfers labels on the Kubernetes Service onto the target.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLimit:
|
||||
description: TargetLimit defines a limit on the number of scraped targets that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
required:
|
||||
- endpoints
|
||||
- selector
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,4 @@
|
||||
{{ $.Chart.Name }} has been installed. Check its status by running:
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}"
|
||||
|
||||
Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.
|
@ -0,0 +1,93 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}}
|
||||
{{- define "kube-prometheus-stack.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
The components in this chart create additional resources that expand the longest created name strings.
|
||||
The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26.
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 26 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Fullname suffixed with operator */}}
|
||||
{{- define "kube-prometheus-stack.operator.fullname" -}}
|
||||
{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Fullname suffixed with prometheus */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.fullname" -}}
|
||||
{{- printf "%s-prometheus" (include "kube-prometheus-stack.fullname" .) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Fullname suffixed with alertmanager */}}
|
||||
{{- define "kube-prometheus-stack.alertmanager.fullname" -}}
|
||||
{{- printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" .) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create chart name and version as used by the chart label. */}}
|
||||
{{- define "kube-prometheus-stack.chartref" -}}
|
||||
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Generate basic labels */}}
|
||||
{{- define "kube-prometheus-stack.labels" }}
|
||||
chart: {{ template "kube-prometheus-stack.chartref" . }}
|
||||
release: {{ $.Release.Name | quote }}
|
||||
heritage: {{ $.Release.Service | quote }}
|
||||
{{- if .Values.commonLabels}}
|
||||
{{ toYaml .Values.commonLabels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create the name of kube-prometheus-stack service account to use */}}
|
||||
{{- define "kube-prometheus-stack.operator.serviceAccountName" -}}
|
||||
{{- if .Values.prometheusOperator.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheusOperator.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of prometheus service account to use */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
|
||||
{{- if .Values.prometheus.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheus.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of alertmanager service account to use */}}
|
||||
{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}}
|
||||
{{- if .Values.alertmanager.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.alertmanager.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,137 @@
|
||||
{{- if .Values.alertmanager.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Alertmanager
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.image }}
|
||||
image: {{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}
|
||||
version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }}
|
||||
listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
|
||||
externalUrl: "{{ .Values.alertmanager.alertmanagerSpec.externalUrl }}"
|
||||
{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}
|
||||
externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
|
||||
{{- else }}
|
||||
externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }}
|
||||
{{- end }}
|
||||
paused: {{ .Values.alertmanager.alertmanagerSpec.paused }}
|
||||
logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }}
|
||||
logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }}
|
||||
retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.secrets }}
|
||||
secrets:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.configSecret }}
|
||||
configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.configMaps }}
|
||||
configMaps:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }}
|
||||
alertmanagerConfigSelector:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }}
|
||||
alertmanagerConfigNamespaceSelector:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.storage }}
|
||||
storage:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }}
|
||||
podMetadata:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }}
|
||||
affinity:
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.affinity }}
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }}
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }}
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.global.imagePullSecrets | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.containers }}
|
||||
containers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.initContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }}
|
||||
priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }}
|
||||
additionalPeers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.volumes }}
|
||||
volumes:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }}
|
||||
volumeMounts:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }}
|
||||
{{- end }}
|
||||
portName: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
|
||||
clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
|
||||
forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
|
||||
{{- end }}
|
@ -0,0 +1,58 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }}
|
||||
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
|
||||
{{- $servicePort := .Values.alertmanager.service.port -}}
|
||||
{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{ else }}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{ end -}}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $serviceName }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- if .Values.alertmanager.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- if .Values.alertmanager.ingress.labels }}
|
||||
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }}
|
||||
{{- if .Values.alertmanager.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.alertmanager.ingress.hosts }}
|
||||
{{- range $host := .Values.alertmanager.ingress.hosts }}
|
||||
- host: {{ tpl $host $ }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $paths }}
|
||||
- path: {{ tpl $p $ }}
|
||||
backend:
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
- http:
|
||||
paths:
|
||||
{{- range $p := $paths }}
|
||||
- path: {{ tpl $p $ }}
|
||||
backend:
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.alertmanager.ingress.tls }}
|
||||
tls:
|
||||
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,58 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }}
|
||||
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
|
||||
{{- $servicePort := .Values.alertmanager.service.port -}}
|
||||
{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
items:
|
||||
{{ range $i, $e := until $count }}
|
||||
- kind: Ingress
|
||||
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{ else }}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{ end -}}
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
|
||||
labels:
|
||||
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
|
||||
{{- if $ingressValues.labels }}
|
||||
{{ toYaml $ingressValues.labels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if $ingressValues.annotations }}
|
||||
annotations:
|
||||
{{ toYaml $ingressValues.annotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }}
|
||||
{{- if $ingressValues.ingressClassName }}
|
||||
ingressClassName: {{ $ingressValues.ingressClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $ingressValues.paths }}
|
||||
- path: {{ tpl $p $ }}
|
||||
backend:
|
||||
serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
|
||||
{{- else }}
|
||||
secretName: {{ $ingressValues.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,21 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
{{- end }}
|
@ -0,0 +1,21 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
rules:
|
||||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
|
||||
- apiGroups: ['policy']
|
||||
{{- else }}
|
||||
- apiGroups: ['extensions']
|
||||
{{- end }}
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
{{- end }}
|
@ -0,0 +1,18 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
@ -0,0 +1,52 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- if .Values.global.rbac.pspAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
privileged: false
|
||||
# Required to prevent escalations to root.
|
||||
# allowPrivilegeEscalation: false
|
||||
# This is redundant with non-root + disallow privilege escalation,
|
||||
# but we can provide it for defense in depth.
|
||||
#requiredDropCapabilities:
|
||||
# - ALL
|
||||
# Allow core volume types.
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'persistentVolumeClaim'
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
# Permits the container to run with root privileges as well.
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
# This policy assumes the nodes are using AppArmor rather than SELinux.
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 0
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 0
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
|
@ -0,0 +1,23 @@
|
||||
{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- if .Values.alertmanager.secret.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
data:
|
||||
{{- if .Values.alertmanager.tplConfig }}
|
||||
alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
|
||||
{{- else }}
|
||||
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
|
||||
{{- end}}
|
||||
{{- range $key, $val := .Values.alertmanager.templateFiles }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,50 @@
|
||||
{{- if .Values.alertmanager.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- if .Values.alertmanager.service.labels }}
|
||||
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.service.clusterIP }}
|
||||
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if eq .Values.alertmanager.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.alertmanager.service.nodePort }}
|
||||
{{- end }}
|
||||
port: {{ .Values.alertmanager.service.port }}
|
||||
targetPort: {{ .Values.alertmanager.service.targetPort }}
|
||||
protocol: TCP
|
||||
{{- if .Values.alertmanager.service.additionalPorts }}
|
||||
{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
app: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
type: "{{ .Values.alertmanager.service.type }}"
|
||||
{{- end }}
|
@ -0,0 +1,16 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- if .Values.alertmanager.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
|
||||
{{- end }}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user