ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

feat: version upgrades for kubezero-metrics

Browse Source
This commit is contained in:
Stefan Reimer 2024-04-04 13:39:36 +00:00
parent 3ce7c1e438
commit 8aee0e62a8
145 changed files with 31297 additions and 43326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
charts/kubezero-metrics/README.md
View File

@ -1,6 +1,6 @@
# kubezero-metrics # kubezero-metrics
![Version: 0.9.5](https://img.shields.io/badge/Version-0.9.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.6](https://img.shields.io/badge/Version-0.9.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations. KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
@ -19,9 +19,9 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 54.2.2 | | https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 57.2.0 |
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 4.9.0 | | https://prometheus-community.github.io/helm-charts | prometheus-adapter | 4.9.1 |
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.4.2 | | https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.8.0 |
## Values ## Values
@ -177,29 +177,30 @@ Kubernetes: `>= 1.26.0`
| kube-prometheus-stack.prometheusOperator.enabled | bool | `true` | | | kube-prometheus-stack.prometheusOperator.enabled | bool | `true` | |
| kube-prometheus-stack.prometheusOperator.logFormat | string | `"json"` | | | kube-prometheus-stack.prometheusOperator.logFormat | string | `"json"` | |
| kube-prometheus-stack.prometheusOperator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | kube-prometheus-stack.prometheusOperator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
| kube-prometheus-stack.prometheusOperator.resources.limits.memory | string | `"64Mi"` | | | kube-prometheus-stack.prometheusOperator.resources.limits.memory | string | `"128Mi"` | |
| kube-prometheus-stack.prometheusOperator.resources.requests.cpu | string | `"20m"` | | | kube-prometheus-stack.prometheusOperator.resources.requests.cpu | string | `"10m"` | |
| kube-prometheus-stack.prometheusOperator.resources.requests.memory | string | `"32Mi"` | | | kube-prometheus-stack.prometheusOperator.resources.requests.memory | string | `"64Mi"` | |
| kube-prometheus-stack.prometheusOperator.tolerations[0].effect | string | `"NoSchedule"` | | | kube-prometheus-stack.prometheusOperator.tolerations[0].effect | string | `"NoSchedule"` | |
| kube-prometheus-stack.prometheusOperator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | kube-prometheus-stack.prometheusOperator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
| prometheus-adapter.enabled | bool | `true` | | | prometheus-adapter.enabled | bool | `true` | |
| prometheus-adapter.logLevel | int | `1` | | | prometheus-adapter.logLevel | int | `1` | |
| prometheus-adapter.metricsRelistInterval | string | `"3m"` | |
| prometheus-adapter.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | prometheus-adapter.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
| prometheus-adapter.prometheus.url | string | `"http://metrics-kube-prometheus-st-prometheus"` | | | prometheus-adapter.prometheus.url | string | `"http://metrics-kube-prometheus-st-prometheus"` | |
| prometheus-adapter.rules.default | bool | `false` | | | prometheus-adapter.rules.default | bool | `false` | |
| prometheus-adapter.rules.resource.cpu.containerLabel | string | `"container"` | | | prometheus-adapter.rules.resource.cpu.containerLabel | string | `"container"` | |
| prometheus-adapter.rules.resource.cpu.containerQuery | string | `"sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)"` | | | prometheus-adapter.rules.resource.cpu.containerQuery | string | `"sum by (<<.GroupBy>>) (\n irate (\n container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}[120s]\n )\n)\n"` | |
| prometheus-adapter.rules.resource.cpu.nodeQuery | string | `"sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)"` | | | prometheus-adapter.rules.resource.cpu.nodeQuery | string | `"sum(1 - irate(node_cpu_seconds_total{<<.LabelMatchers>>, mode=\"idle\"}[120s])) by (<<.GroupBy>>)\n"` | |
| prometheus-adapter.rules.resource.cpu.resources.overrides.instance.resource | string | `"node"` | |
| prometheus-adapter.rules.resource.cpu.resources.overrides.namespace.resource | string | `"namespace"` | | | prometheus-adapter.rules.resource.cpu.resources.overrides.namespace.resource | string | `"namespace"` | |
| prometheus-adapter.rules.resource.cpu.resources.overrides.node.resource | string | `"node"` | |
| prometheus-adapter.rules.resource.cpu.resources.overrides.pod.resource | string | `"pod"` | | | prometheus-adapter.rules.resource.cpu.resources.overrides.pod.resource | string | `"pod"` | |
| prometheus-adapter.rules.resource.memory.containerLabel | string | `"container"` | | | prometheus-adapter.rules.resource.memory.containerLabel | string | `"container"` | |
| prometheus-adapter.rules.resource.memory.containerQuery | string | `"sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)"` | | | prometheus-adapter.rules.resource.memory.containerQuery | string | `"sum by (<<.GroupBy>>) (\n container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"\",pod!=\"\",container!=\"POD\"}\n)\n"` | |
| prometheus-adapter.rules.resource.memory.nodeQuery | string | `"sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)"` | | | prometheus-adapter.rules.resource.memory.nodeQuery | string | `"sum(node_memory_MemTotal_bytes{<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>)\n"` | |
| prometheus-adapter.rules.resource.memory.resources.overrides.instance.resource | string | `"node"` | |
| prometheus-adapter.rules.resource.memory.resources.overrides.namespace.resource | string | `"namespace"` | | | prometheus-adapter.rules.resource.memory.resources.overrides.namespace.resource | string | `"namespace"` | |
| prometheus-adapter.rules.resource.memory.resources.overrides.node.resource | string | `"node"` | |
| prometheus-adapter.rules.resource.memory.resources.overrides.pod.resource | string | `"pod"` | | | prometheus-adapter.rules.resource.memory.resources.overrides.pod.resource | string | `"pod"` | |
| prometheus-adapter.rules.resource.window | string | `"5m"` | | | prometheus-adapter.rules.resource.window | string | `"2m"` | |
| prometheus-adapter.tolerations[0].effect | string | `"NoSchedule"` | | | prometheus-adapter.tolerations[0].effect | string | `"NoSchedule"` | |
| prometheus-adapter.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | prometheus-adapter.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
| prometheus-pushgateway.enabled | bool | `false` | | | prometheus-pushgateway.enabled | bool | `false` | |

5
charts/kubezero-metrics/charts/kube-prometheus-stack/.editorconfig Normal file
View File

@ -0,0 +1,5 @@
root = true
[files/dashboards/*.json]
indent_size = 2
indent_style = space

1
charts/kubezero-metrics/charts/kube-prometheus-stack/.helmignore
View File

@ -26,3 +26,4 @@ ci/
kube-prometheus-*.tgz kube-prometheus-*.tgz
unittests/ unittests/
files/dashboards/

14
charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml
View File

@ -7,7 +7,7 @@ annotations:
url: https://github.com/prometheus-operator/kube-prometheus url: https://github.com/prometheus-operator/kube-prometheus
artifacthub.io/operator: "true" artifacthub.io/operator: "true"
apiVersion: v2 apiVersion: v2
appVersion: v0.69.1 appVersion: v0.72.0
dependencies: dependencies:
- condition: crds.enabled - condition: crds.enabled
name: crds name: crds
@ -16,19 +16,19 @@ dependencies:
- condition: kubeStateMetrics.enabled - condition: kubeStateMetrics.enabled
name: kube-state-metrics name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 5.15.* version: 5.18.*
- condition: nodeExporter.enabled - condition: nodeExporter.enabled
name: prometheus-node-exporter name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 4.24.* version: 4.32.*
- condition: grafana.enabled - condition: grafana.enabled
name: grafana name: grafana
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 7.0.* version: 7.3.*
- condition: windowsMonitoring.enabled - condition: windowsMonitoring.enabled
name: prometheus-windows-exporter name: prometheus-windows-exporter
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 0.1.* version: 0.3.*
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
and Prometheus rules combined with documentation and scripts to provide easy to and Prometheus rules combined with documentation and scripts to provide easy to
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
@ -49,6 +49,8 @@ maintainers:
name: gkarthiks name: gkarthiks
- email: kube-prometheus-stack@sisti.pt - email: kube-prometheus-stack@sisti.pt
name: GMartinez-Sisti name: GMartinez-Sisti
- email: github@jkroepke.de
name: jkroepke
- email: scott@r6by.com - email: scott@r6by.com
name: scottrigby name: scottrigby
- email: miroslav.hadzhiev@gmail.com - email: miroslav.hadzhiev@gmail.com
@ -60,4 +62,4 @@ sources:
- https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus - https://github.com/prometheus-operator/kube-prometheus
type: application type: application
version: 54.2.2 version: 57.2.0

57
charts/kubezero-metrics/charts/kube-prometheus-stack/README.md
View File

@ -82,6 +82,63 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
### From 56.x to 57.x
This version upgrades Prometheus-Operator to v0.72.0
Run these commands to update the CRDs before applying the upgrade.
```console
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
```
### From 55.x to 56.x
This version upgrades Prometheus-Operator to v0.71.0, Prometheus to 2.49.1
Run these commands to update the CRDs before applying the upgrade.
```console
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.71.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
```
### From 54.x to 55.x
This version upgrades Prometheus-Operator to v0.70.0
Run these commands to update the CRDs before applying the upgrade.
```console
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.70.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
```
### From 53.x to 54.x ### From 53.x to 54.x
Grafana Helm Chart has bumped to version 7 Grafana Helm Chart has bumped to version 7

3167
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml
View File

File diff suppressed because it is too large Load Diff

4907
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml
View File

File diff suppressed because it is too large Load Diff

388
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml
View File

@ -1,13 +1,12 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.69.1 operator.prometheus.io/version: 0.72.0
argocd.argoproj.io/sync-options: ServerSideApply=true argocd.argoproj.io/sync-options: ServerSideApply=true
creationTimestamp: null
name: podmonitors.monitoring.coreos.com name: podmonitors.monitoring.coreos.com
spec: spec:
group: monitoring.coreos.com group: monitoring.coreos.com
@ -28,63 +27,47 @@ spec:
description: PodMonitor defines monitoring for a set of pods. description: PodMonitor defines monitoring for a set of pods.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: Specification of desired Pod selection for target discovery description: Specification of desired Pod selection for target discovery by Prometheus.
by Prometheus.
properties: properties:
attachMetadata: attachMetadata:
description: Attaches node metadata to discovered targets. Requires description: "`attachMetadata` defines additional metadata which is added to the discovered targets. \n It requires Prometheus >= v2.37.0."
Prometheus v2.35.0 and above.
properties: properties:
node: node:
description: When set to true, Prometheus must have permissions description: When set to true, Prometheus must have the `get` permission on the `Nodes` objects.
to get Nodes.
type: boolean type: boolean
type: object type: object
jobLabel: jobLabel:
description: The label to use to retrieve the job name from. description: "The label to use to retrieve the job name from. `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. \n For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"` label to all ingested metrics. \n If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `<namespace>/<name>`)."
type: string type: string
keepDroppedTargets: keepDroppedTargets:
description: "Per-scrape limit on the number of targets dropped by description: "Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. \n It requires Prometheus >= v2.47.0."
relabeling that will be kept in memory. 0 means no limit. \n It
requires Prometheus >= v2.47.0."
format: int64 format: int64
type: integer type: integer
labelLimit: labelLimit:
description: Per-scrape limit on number of labels that will be accepted description: "Per-scrape limit on number of labels that will be accepted for a sample. \n It requires Prometheus >= v2.27.0."
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
format: int64 format: int64
type: integer type: integer
labelNameLengthLimit: labelNameLengthLimit:
description: Per-scrape limit on length of labels name that will be description: "Per-scrape limit on length of labels name that will be accepted for a sample. \n It requires Prometheus >= v2.27.0."
accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64 format: int64
type: integer type: integer
labelValueLengthLimit: labelValueLengthLimit:
description: Per-scrape limit on length of labels value that will description: "Per-scrape limit on length of labels value that will be accepted for a sample. \n It requires Prometheus >= v2.27.0."
be accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64 format: int64
type: integer type: integer
namespaceSelector: namespaceSelector:
description: Selector to select which namespaces the Endpoints objects description: Selector to select which namespaces the Kubernetes `Pods` objects are discovered from.
are discovered from.
properties: properties:
any: any:
description: Boolean describing whether all namespaces are selected description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
in contrast to a list restricting them.
type: boolean type: boolean
matchNames: matchNames:
description: List of namespace names to select from. description: List of namespace names to select from.
@ -93,79 +76,63 @@ spec:
type: array type: array
type: object type: object
podMetricsEndpoints: podMetricsEndpoints:
description: A list of endpoints allowed as part of this PodMonitor. description: List of endpoints part of this PodMonitor.
items: items:
description: PodMetricsEndpoint defines a scrapeable endpoint of description: PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
a Kubernetes Pod serving Prometheus metrics.
properties: properties:
authorization: authorization:
description: Authorization section for this endpoint description: "`authorization` configures the Authorization header credentials to use when scraping the target. \n Cannot be set at the same time as `basicAuth`, or `oauth2`."
properties: properties:
credentials: credentials:
description: Selects a key of a Secret in the namespace description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
that contains the credentials for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: type:
description: "Defines the authentication type. The value description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\""
is case-insensitive. \n \"Basic\" is not a supported value.
\n Default: \"Bearer\""
type: string type: string
type: object type: object
basicAuth: basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over description: "`basicAuth` configures the Basic Authentication credentials to use when scraping the target. \n Cannot be set at the same time as `authorization`, or `oauth2`."
basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
properties: properties:
password: password:
description: The secret in the service monitor namespace description: '`password` specifies a key of a Secret containing the password for authentication.'
that contains the password for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
username: username:
description: The secret in the service monitor namespace description: '`username` specifies a key of a Secret containing the username for authentication.'
that contains the username for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -173,64 +140,48 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
bearerTokenSecret: bearerTokenSecret:
description: Secret to mount to read bearer token for scraping description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. \n Deprecated: use `authorization` instead."
targets. The secret needs to be in the same namespace as the
pod monitor and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
enableHttp2: enableHttp2:
description: Whether to enable HTTP2. description: '`enableHttp2` can be used to disable HTTP2 when scraping the target.'
type: boolean type: boolean
filterRunning: filterRunning:
description: 'Drop pods that are not running. (Failed, Succeeded). description: "When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. \n If unset, the filtering is enabled. \n More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase"
Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
type: boolean type: boolean
followRedirects: followRedirects:
description: FollowRedirects configures whether scrape requests description: '`followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects.'
follow HTTP 3xx redirects.
type: boolean type: boolean
honorLabels: honorLabels:
description: HonorLabels chooses the metric's labels on collisions description: When true, `honorLabels` preserves the metric's labels when they collide with the target's labels.
with target labels.
type: boolean type: boolean
honorTimestamps: honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects description: '`honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by the target.'
the timestamps present in scraped data.
type: boolean type: boolean
interval: interval:
description: Interval at which metrics should be scraped If description: "Interval at which Prometheus scrapes the metrics from the target. \n If empty, Prometheus uses the global scrape interval."
not specified Prometheus' global scrape interval is used.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
metricRelabelings: metricRelabelings:
description: MetricRelabelConfigs to apply to samples before description: '`metricRelabelings` configures the relabeling rules to apply to the samples before ingestion.'
ingestion.
items: items:
description: "RelabelConfig allows dynamic rewriting of the description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
label set for targets, alerts, scraped samples and remote
write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require
Prometheus >= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -256,67 +207,47 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
label values. \n Only applicable when the action is
`HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
action is performed if the regular expression matches.
\n Regex capture groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated description: Separator is the string between concatenated SourceLabels.
SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
labels. Their content is concatenated using the configured
Separator and matched against the configured regular
expression.
items: items:
description: LabelName is a valid Prometheus label name description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
which may only contain ASCII letters, numbers, as
well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is written description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
in a replacement. \n It is mandatory for `Replace`,
`HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and
`DropEqual` actions. \n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
oauth2: oauth2:
description: OAuth2 for the URL. Only valid in Prometheus versions description: "`oauth2` configures the OAuth2 settings to use when scraping the target. \n It requires Prometheus >= 2.27.0. \n Cannot be set at the same time as `authorization`, or `basicAuth`."
2.27.0 and newer.
properties: properties:
clientId: clientId:
description: The secret or configmap containing the OAuth2 description: '`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client''s ID.'
client id
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the description: ConfigMap containing data to use for the targets.
targets.
properties: properties:
key: key:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its description: Specify whether the ConfigMap or its key must be defined
key must be defined
type: boolean type: boolean
required: required:
- key - key
@ -326,17 +257,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key description: Specify whether the Secret or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -344,19 +271,16 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
clientSecret: clientSecret:
description: The secret containing the OAuth2 client secret description: '`clientSecret` specifies a key of a Secret containing the OAuth2 client''s secret.'
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -365,15 +289,15 @@ spec:
endpointParams: endpointParams:
additionalProperties: additionalProperties:
type: string type: string
description: Parameters to append to the token URL description: '`endpointParams` configures the HTTP parameters to append to the token URL.'
type: object type: object
scopes: scopes:
description: OAuth2 scopes used for the token request description: '`scopes` defines the OAuth2 scopes used for the token request.'
items: items:
type: string type: string
type: array type: array
tokenUrl: tokenUrl:
description: The URL to fetch the token from description: '`tokenURL` configures the URL to fetch the token from.'
minLength: 1 minLength: 1
type: string type: string
required: required:
@ -386,37 +310,25 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Optional HTTP URL parameters description: '`params` define optional HTTP URL parameters.'
type: object type: object
path: path:
description: HTTP path to scrape for metrics. If empty, Prometheus description: "HTTP path from which to scrape for metrics. \n If empty, Prometheus uses the default value (e.g. `/metrics`)."
uses the default value (e.g. `/metrics`).
type: string type: string
port: port:
description: Name of the pod port this endpoint refers to. Mutually description: "Name of the Pod port which this endpoint refers to. \n It takes precedence over `targetPort`."
exclusive with targetPort.
type: string type: string
proxyUrl: proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes description: '`proxyURL` configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through when scraping the target.'
to proxy through this endpoint.
type: string type: string
relabelings: relabelings:
description: 'RelabelConfigs to apply to samples before scraping. description: "`relabelings` configures the relabeling rules to apply the target's metadata labels. \n The Operator automatically adds relabelings for a few standard Kubernetes fields. \n The original scrape job's name is available via the `__tmp_prometheus_job_name` label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
Prometheus Operator automatically adds relabelings for a few
standard Kubernetes fields. The original scrape job''s name
is available via the `__tmp_prometheus_job_name` label. More
info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items: items:
description: "RelabelConfig allows dynamic rewriting of the description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
label set for targets, alerts, scraped samples and remote
write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require
Prometheus >= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -442,86 +354,63 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
label values. \n Only applicable when the action is
`HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
action is performed if the regular expression matches.
\n Regex capture groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated description: Separator is the string between concatenated SourceLabels.
SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
labels. Their content is concatenated using the configured
Separator and matched against the configured regular
expression.
items: items:
description: LabelName is a valid Prometheus label name description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
which may only contain ASCII letters, numbers, as
well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is written description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
in a replacement. \n It is mandatory for `Replace`,
`HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and
`DropEqual` actions. \n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
scheme: scheme:
description: HTTP scheme to use for scraping. `http` and `https` description: "HTTP scheme to use for scraping. \n `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. \n If empty, Prometheus uses the default value `http`."
are the expected values unless you rewrite the `__scheme__`
label via relabeling. If empty, Prometheus uses the default
value `http`.
enum: enum:
- http - http
- https - https
type: string type: string
scrapeTimeout: scrapeTimeout:
description: Timeout after which the scrape is ended If not description: "Timeout after which Prometheus considers the scrape to be failed. \n If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used."
specified, the Prometheus global scrape interval is used.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
targetPort: targetPort:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: 'Deprecated: Use ''port'' instead.' description: "Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. \n Deprecated: use 'port' instead."
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
tlsConfig: tlsConfig:
description: TLS configuration to use when scraping the endpoint. description: TLS configuration to use when scraping the target.
properties: properties:
ca: ca:
description: Certificate authority used when verifying server description: Certificate authority used when verifying server certificates.
certificates.
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the description: ConfigMap containing data to use for the targets.
targets.
properties: properties:
key: key:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its description: Specify whether the ConfigMap or its key must be defined
key must be defined
type: boolean type: boolean
required: required:
- key - key
@ -531,17 +420,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key description: Specify whether the Secret or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -552,20 +437,16 @@ spec:
description: Client certificate to present when doing client-authentication. description: Client certificate to present when doing client-authentication.
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the description: ConfigMap containing data to use for the targets.
targets.
properties: properties:
key: key:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its description: Specify whether the ConfigMap or its key must be defined
key must be defined
type: boolean type: boolean
required: required:
- key - key
@ -575,17 +456,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key description: Specify whether the Secret or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -596,20 +473,16 @@ spec:
description: Disable target certificate validation. description: Disable target certificate validation.
type: boolean type: boolean
keySecret: keySecret:
description: Secret containing the client key file for the description: Secret containing the client key file for the targets.
targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -619,45 +492,52 @@ spec:
description: Used to verify the hostname for the targets. description: Used to verify the hostname for the targets.
type: string type: string
type: object type: object
trackTimestampsStaleness:
description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. \n It requires Prometheus >= v2.48.0."
type: boolean
type: object type: object
type: array type: array
podTargetLabels: podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes Pod description: '`podTargetLabels` defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics.'
onto the target.
items: items:
type: string type: string
type: array type: array
sampleLimit: sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped description: '`sampleLimit` defines a per-scrape limit on the number of scraped samples that will be accepted.'
samples that will be accepted.
format: int64 format: int64
type: integer type: integer
scrapeClass:
description: The scrape class to apply.
minLength: 1
type: string
scrapeProtocols:
description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). \n If unset, Prometheus uses its default value. \n It requires Prometheus >= v2.49.0."
items:
description: 'ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`'
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
type: string
type: array
x-kubernetes-list-type: set
selector: selector:
description: Selector to select Pod objects. description: Label selector to select the Kubernetes `Pod` objects.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
contains values, a key, and an operator that relates the key
and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies to.
to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items: items:
type: string type: string
type: array type: array
@ -669,21 +549,15 @@ spec:
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
targetLimit: targetLimit:
description: TargetLimit defines a limit on the number of scraped description: '`targetLimit` defines a limit on the number of scraped targets that will be accepted.'
targets that will be accepted.
format: int64 format: int64
type: integer type: integer
required: required:
- podMetricsEndpoints
- selector - selector
type: object type: object
required: required:

365
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml
View File

@ -1,13 +1,12 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.69.1 operator.prometheus.io/version: 0.72.0
argocd.argoproj.io/sync-options: ServerSideApply=true argocd.argoproj.io/sync-options: ServerSideApply=true
creationTimestamp: null
name: probes.monitoring.coreos.com name: probes.monitoring.coreos.com
spec: spec:
group: monitoring.coreos.com group: monitoring.coreos.com
@ -28,88 +27,69 @@ spec:
description: Probe defines monitoring for a set of static targets or ingresses. description: Probe defines monitoring for a set of static targets or ingresses.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: Specification of desired Ingress selection for target discovery description: Specification of desired Ingress selection for target discovery by Prometheus.
by Prometheus.
properties: properties:
authorization: authorization:
description: Authorization section for this endpoint description: Authorization section for this endpoint
properties: properties:
credentials: credentials:
description: Selects a key of a Secret in the namespace that contains description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
the credentials for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must be description: The key of the secret to select from. Must be a valid secret key.
a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must be description: Specify whether the Secret or its key must be defined
defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: type:
description: "Defines the authentication type. The value is case-insensitive. description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\""
\n \"Basic\" is not a supported value. \n Default: \"Bearer\""
type: string type: string
type: object type: object
basicAuth: basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over basic description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
properties: properties:
password: password:
description: The secret in the service monitor namespace that description: '`password` specifies a key of a Secret containing the password for authentication.'
contains the password for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must be description: The key of the secret to select from. Must be a valid secret key.
a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must be description: Specify whether the Secret or its key must be defined
defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
username: username:
description: The secret in the service monitor namespace that description: '`username` specifies a key of a Secret containing the username for authentication.'
contains the username for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must be description: The key of the secret to select from. Must be a valid secret key.
a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must be description: Specify whether the Secret or its key must be defined
defined
type: boolean type: boolean
required: required:
- key - key
@ -117,17 +97,13 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
bearerTokenSecret: bearerTokenSecret:
description: Secret to mount to read bearer token for scraping targets. description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator.
The secret needs to be in the same namespace as the probe and accessible
by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must be a description: The key of the secret to select from. Must be a valid secret key.
valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must be defined description: Specify whether the Secret or its key must be defined
@ -137,49 +113,36 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
interval: interval:
description: Interval at which targets are probed using the configured description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.
prober. If not specified Prometheus' global scrape interval is used.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
jobName: jobName:
description: The job name assigned to scraped metrics by default. description: The job name assigned to scraped metrics by default.
type: string type: string
keepDroppedTargets: keepDroppedTargets:
description: "Per-scrape limit on the number of targets dropped by description: "Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. \n It requires Prometheus >= v2.47.0."
relabeling that will be kept in memory. 0 means no limit. \n It
requires Prometheus >= v2.47.0."
format: int64 format: int64
type: integer type: integer
labelLimit: labelLimit:
description: Per-scrape limit on number of labels that will be accepted description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
format: int64 format: int64
type: integer type: integer
labelNameLengthLimit: labelNameLengthLimit:
description: Per-scrape limit on length of labels name that will be description: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64 format: int64
type: integer type: integer
labelValueLengthLimit: labelValueLengthLimit:
description: Per-scrape limit on length of labels value that will description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
be accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64 format: int64
type: integer type: integer
metricRelabelings: metricRelabelings:
description: MetricRelabelConfigs to apply to samples before ingestion. description: MetricRelabelConfigs to apply to samples before ingestion.
items: items:
description: "RelabelConfig allows dynamic rewriting of the label description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
set for targets, alerts, scraped samples and remote write samples.
\n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus
>= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -205,52 +168,38 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source label description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
values. \n Only applicable when the action is `HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace action description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
is performed if the regular expression matches. \n Regex capture
groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated SourceLabels. description: Separator is the string between concatenated SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing labels. description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
Their content is concatenated using the configured Separator
and matched against the configured regular expression.
items: items:
description: LabelName is a valid Prometheus label name which description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
may only contain ASCII letters, numbers, as well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is written description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
in a replacement. \n It is mandatory for `Replace`, `HashMod`,
`Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions.
\n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
module: module:
description: 'The module to use for probing specifying how to probe description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
the target. Example module configuring in the blackbox exporter:
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
type: string type: string
oauth2: oauth2:
description: OAuth2 for the URL. Only valid in Prometheus versions description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
2.27.0 and newer.
properties: properties:
clientId: clientId:
description: The secret or configmap containing the OAuth2 client description: '`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client''s ID.'
id
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the targets. description: ConfigMap containing data to use for the targets.
@ -259,12 +208,10 @@ spec:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its key description: Specify whether the ConfigMap or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -274,16 +221,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -291,19 +235,16 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
clientSecret: clientSecret:
description: The secret containing the OAuth2 client secret description: '`clientSecret` specifies a key of a Secret containing the OAuth2 client''s secret.'
properties: properties:
key: key:
description: The key of the secret to select from. Must be description: The key of the secret to select from. Must be a valid secret key.
a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must be description: Specify whether the Secret or its key must be defined
defined
type: boolean type: boolean
required: required:
- key - key
@ -312,15 +253,15 @@ spec:
endpointParams: endpointParams:
additionalProperties: additionalProperties:
type: string type: string
description: Parameters to append to the token URL description: '`endpointParams` configures the HTTP parameters to append to the token URL.'
type: object type: object
scopes: scopes:
description: OAuth2 scopes used for the token request description: '`scopes` defines the OAuth2 scopes used for the token request.'
items: items:
type: string type: string
type: array type: array
tokenUrl: tokenUrl:
description: The URL to fetch the token from description: '`tokenURL` configures the URL to fetch the token from.'
minLength: 1 minLength: 1
type: string type: string
required: required:
@ -329,9 +270,7 @@ spec:
- tokenUrl - tokenUrl
type: object type: object
prober: prober:
description: Specification for the prober to use for probing targets. description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.
The prober.URL parameter is required. Targets cannot be probed if
left empty.
properties: properties:
path: path:
default: /probe default: /probe
@ -341,10 +280,7 @@ spec:
description: Optional ProxyURL. description: Optional ProxyURL.
type: string type: string
scheme: scheme:
description: HTTP scheme to use for scraping. `http` and `https` description: HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`.
are the expected values unless you rewrite the `__scheme__`
label via relabeling. If empty, Prometheus uses the default
value `http`.
enum: enum:
- http - http
- https - https
@ -356,35 +292,44 @@ spec:
- url - url
type: object type: object
sampleLimit: sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
samples that will be accepted.
format: int64 format: int64
type: integer type: integer
scrapeClass:
description: The scrape class to apply.
minLength: 1
type: string
scrapeProtocols:
description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). \n If unset, Prometheus uses its default value. \n It requires Prometheus >= v2.49.0."
items:
description: 'ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`'
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
type: string
type: array
x-kubernetes-list-type: set
scrapeTimeout: scrapeTimeout:
description: Timeout for scraping metrics from the Prometheus exporter. description: Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used.
If not specified, the Prometheus global scrape timeout is used.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
targetLimit: targetLimit:
description: TargetLimit defines a limit on the number of scraped description: TargetLimit defines a limit on the number of scraped targets that will be accepted.
targets that will be accepted.
format: int64 format: int64
type: integer type: integer
targets: targets:
description: Targets defines a set of static or dynamically discovered description: Targets defines a set of static or dynamically discovered targets to probe.
targets to probe.
properties: properties:
ingress: ingress:
description: ingress defines the Ingress objects to probe and description: ingress defines the Ingress objects to probe and the relabeling configuration. If `staticConfig` is also defined, `staticConfig` takes precedence.
the relabeling configuration. If `staticConfig` is also defined,
`staticConfig` takes precedence.
properties: properties:
namespaceSelector: namespaceSelector:
description: From which namespaces to select Ingress objects. description: From which namespaces to select Ingress objects.
properties: properties:
any: any:
description: Boolean describing whether all namespaces description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
are selected in contrast to a list restricting them.
type: boolean type: boolean
matchNames: matchNames:
description: List of namespace names to select from. description: List of namespace names to select from.
@ -393,23 +338,13 @@ spec:
type: array type: array
type: object type: object
relabelingConfigs: relabelingConfigs:
description: 'RelabelConfigs to apply to the label set of description: 'RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job''s name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
the target before it gets scraped. The original ingress
address is available via the `__tmp_prometheus_ingress_address`
label. It can be used to customize the probed URL. The original
scrape job''s name is available via the `__tmp_prometheus_job_name`
label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items: items:
description: "RelabelConfig allows dynamic rewriting of description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
the label set for targets, alerts, scraped samples and
remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require
Prometheus >= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -435,41 +370,27 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
label values. \n Only applicable when the action is
`HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
action is performed if the regular expression matches.
\n Regex capture groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated description: Separator is the string between concatenated SourceLabels.
SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
labels. Their content is concatenated using the configured
Separator and matched against the configured regular
expression.
items: items:
description: LabelName is a valid Prometheus label description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
name which may only contain ASCII letters, numbers,
as well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
written in a replacement. \n It is mandatory for `Replace`,
`HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and
`DropEqual` actions. \n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
@ -477,29 +398,18 @@ spec:
description: Selector to select the Ingress objects. description: Selector to select the Ingress objects.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
requirements. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
that contains values, a key, and an operator that
relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector description: key is the label key that the selector applies to.
applies to.
type: string type: string
operator: operator:
description: operator represents a key's relationship description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items: items:
type: string type: string
type: array type: array
@ -511,40 +421,27 @@ spec:
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
staticConfig: staticConfig:
description: 'staticConfig defines the static list of targets description: 'staticConfig defines the static list of targets to probe and the relabeling configuration. If `ingress` is also defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
to probe and the relabeling configuration. If `ingress` is also
defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
properties: properties:
labels: labels:
additionalProperties: additionalProperties:
type: string type: string
description: Labels assigned to all metrics scraped from the description: Labels assigned to all metrics scraped from the targets.
targets.
type: object type: object
relabelingConfigs: relabelingConfigs:
description: 'RelabelConfigs to apply to the label set of description: 'RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items: items:
description: "RelabelConfig allows dynamic rewriting of description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
the label set for targets, alerts, scraped samples and
remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require
Prometheus >= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -570,41 +467,27 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
label values. \n Only applicable when the action is
`HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
action is performed if the regular expression matches.
\n Regex capture groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated description: Separator is the string between concatenated SourceLabels.
SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
labels. Their content is concatenated using the configured
Separator and matched against the configured regular
expression.
items: items:
description: LabelName is a valid Prometheus label description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
name which may only contain ASCII letters, numbers,
as well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
written in a replacement. \n It is mandatory for `Replace`,
`HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and
`DropEqual` actions. \n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
@ -619,8 +502,7 @@ spec:
description: TLS configuration to use when scraping the endpoint. description: TLS configuration to use when scraping the endpoint.
properties: properties:
ca: ca:
description: Certificate authority used when verifying server description: Certificate authority used when verifying server certificates.
certificates.
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the targets. description: ConfigMap containing data to use for the targets.
@ -629,12 +511,10 @@ spec:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its key description: Specify whether the ConfigMap or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -644,16 +524,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -670,12 +547,10 @@ spec:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its key description: Specify whether the ConfigMap or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -685,16 +560,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -708,16 +580,13 @@ spec:
description: Secret containing the client key file for the targets. description: Secret containing the client key file for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must be description: The key of the secret to select from. Must be a valid secret key.
a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must be description: Specify whether the Secret or its key must be defined
defined
type: boolean type: boolean
required: required:
- key - key

5748
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml
View File

File diff suppressed because it is too large Load Diff

6539
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml
View File

File diff suppressed because it is too large Load Diff

53
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml
View File

@ -1,13 +1,12 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.69.1 operator.prometheus.io/version: 0.72.0
argocd.argoproj.io/sync-options: ServerSideApply=true argocd.argoproj.io/sync-options: ServerSideApply=true
creationTimestamp: null
name: prometheusrules.monitoring.coreos.com name: prometheusrules.monitoring.coreos.com
spec: spec:
group: monitoring.coreos.com group: monitoring.coreos.com
@ -25,18 +24,13 @@ spec:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: PrometheusRule defines recording and alerting rules for a Prometheus description: PrometheusRule defines recording and alerting rules for a Prometheus instance
instance
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
@ -46,45 +40,35 @@ spec:
groups: groups:
description: Content of Prometheus rule file description: Content of Prometheus rule file
items: items:
description: RuleGroup is a list of sequentially evaluated recording description: RuleGroup is a list of sequentially evaluated recording and alerting rules.
and alerting rules.
properties: properties:
interval: interval:
description: Interval determines how often rules in the group description: Interval determines how often rules in the group are evaluated.
are evaluated.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
limit: limit:
description: Limit the number of alerts an alerting rule and description: Limit the number of alerts an alerting rule and series a recording rule can produce. Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.
series a recording rule can produce. Limit is supported starting
with Prometheus >= 2.31 and Thanos Ruler >= 0.24.
type: integer type: integer
name: name:
description: Name of the rule group. description: Name of the rule group.
minLength: 1 minLength: 1
type: string type: string
partial_response_strategy: partial_response_strategy:
description: 'PartialResponseStrategy is only used by ThanosRuler description: 'PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response'
and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response'
pattern: ^(?i)(abort|warn)?$ pattern: ^(?i)(abort|warn)?$
type: string type: string
rules: rules:
description: List of alerting and recording rules. description: List of alerting and recording rules.
items: items:
description: 'Rule describes an alerting or recording rule description: 'Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule'
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules)
rule'
properties: properties:
alert: alert:
description: Name of the alert. Must be a valid label description: Name of the alert. Must be a valid label value. Only one of `record` and `alert` must be set.
value. Only one of `record` and `alert` must be set.
type: string type: string
annotations: annotations:
additionalProperties: additionalProperties:
type: string type: string
description: Annotations to add to each alert. Only valid description: Annotations to add to each alert. Only valid for alerting rules.
for alerting rules.
type: object type: object
expr: expr:
anyOf: anyOf:
@ -93,14 +77,11 @@ spec:
description: PromQL expression to evaluate. description: PromQL expression to evaluate.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
for: for:
description: Alerts are considered firing once they have description: Alerts are considered firing once they have been returned for this long.
been returned for this long.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
keep_firing_for: keep_firing_for:
description: KeepFiringFor defines how long an alert will description: KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared.
continue firing after the condition that triggered it
has cleared.
minLength: 1 minLength: 1
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
@ -110,9 +91,7 @@ spec:
description: Labels to add or overwrite. description: Labels to add or overwrite.
type: object type: object
record: record:
description: Name of the time series to output to. Must description: Name of the time series to output to. Must be a valid metric name. Only one of `record` and `alert` must be set.
be a valid metric name. Only one of `record` and `alert`
must be set.
type: string type: string
required: required:
- expr - expr

1886
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml
View File

File diff suppressed because it is too large Load Diff

411
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml
View File

@ -1,13 +1,12 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.69.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.72.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.69.1 operator.prometheus.io/version: 0.72.0
argocd.argoproj.io/sync-options: ServerSideApply=true argocd.argoproj.io/sync-options: ServerSideApply=true
creationTimestamp: null
name: servicemonitors.monitoring.coreos.com name: servicemonitors.monitoring.coreos.com
spec: spec:
group: monitoring.coreos.com group: monitoring.coreos.com
@ -28,104 +27,81 @@ spec:
description: ServiceMonitor defines monitoring for a set of services. description: ServiceMonitor defines monitoring for a set of services.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: Specification of desired Service selection for target discovery description: Specification of desired Service selection for target discovery by Prometheus.
by Prometheus.
properties: properties:
attachMetadata: attachMetadata:
description: Attaches node metadata to discovered targets. Requires description: "`attachMetadata` defines additional metadata which is added to the discovered targets. \n It requires Prometheus >= v2.37.0."
Prometheus v2.37.0 and above.
properties: properties:
node: node:
description: When set to true, Prometheus must have permissions description: When set to true, Prometheus must have the `get` permission on the `Nodes` objects.
to get Nodes.
type: boolean type: boolean
type: object type: object
endpoints: endpoints:
description: A list of endpoints allowed as part of this ServiceMonitor. description: List of endpoints part of this ServiceMonitor.
items: items:
description: Endpoint defines a scrapeable endpoint serving Prometheus description: Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
metrics.
properties: properties:
authorization: authorization:
description: Authorization section for this endpoint description: "`authorization` configures the Authorization header credentials to use when scraping the target. \n Cannot be set at the same time as `basicAuth`, or `oauth2`."
properties: properties:
credentials: credentials:
description: Selects a key of a Secret in the namespace description: Selects a key of a Secret in the namespace that contains the credentials for authentication.
that contains the credentials for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: type:
description: "Defines the authentication type. The value description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\""
is case-insensitive. \n \"Basic\" is not a supported value.
\n Default: \"Bearer\""
type: string type: string
type: object type: object
basicAuth: basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over description: "`basicAuth` configures the Basic Authentication credentials to use when scraping the target. \n Cannot be set at the same time as `authorization`, or `oauth2`."
basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
properties: properties:
password: password:
description: The secret in the service monitor namespace description: '`password` specifies a key of a Secret containing the password for authentication.'
that contains the password for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
username: username:
description: The secret in the service monitor namespace description: '`username` specifies a key of a Secret containing the username for authentication.'
that contains the username for authentication.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -133,67 +109,51 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
bearerTokenFile: bearerTokenFile:
description: File to read bearer token for scraping targets. description: "File to read bearer token for scraping the target. \n Deprecated: use `authorization` instead."
type: string type: string
bearerTokenSecret: bearerTokenSecret:
description: Secret to mount to read bearer token for scraping description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. \n Deprecated: use `authorization` instead."
targets. The secret needs to be in the same namespace as the
service monitor and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
enableHttp2: enableHttp2:
description: Whether to enable HTTP2. description: '`enableHttp2` can be used to disable HTTP2 when scraping the target.'
type: boolean type: boolean
filterRunning: filterRunning:
description: 'Drop pods that are not running. (Failed, Succeeded). description: "When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. \n If unset, the filtering is enabled. \n More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase"
Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
type: boolean type: boolean
followRedirects: followRedirects:
description: FollowRedirects configures whether scrape requests description: '`followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects.'
follow HTTP 3xx redirects.
type: boolean type: boolean
honorLabels: honorLabels:
description: HonorLabels chooses the metric's labels on collisions description: When true, `honorLabels` preserves the metric's labels when they collide with the target's labels.
with target labels.
type: boolean type: boolean
honorTimestamps: honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects description: '`honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by the target.'
the timestamps present in scraped data.
type: boolean type: boolean
interval: interval:
description: Interval at which metrics should be scraped If description: "Interval at which Prometheus scrapes the metrics from the target. \n If empty, Prometheus uses the global scrape interval."
not specified Prometheus' global scrape interval is used.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
metricRelabelings: metricRelabelings:
description: MetricRelabelConfigs to apply to samples before description: '`metricRelabelings` configures the relabeling rules to apply to the samples before ingestion.'
ingestion.
items: items:
description: "RelabelConfig allows dynamic rewriting of the description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
label set for targets, alerts, scraped samples and remote
write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require
Prometheus >= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -219,67 +179,47 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
label values. \n Only applicable when the action is
`HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
action is performed if the regular expression matches.
\n Regex capture groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated description: Separator is the string between concatenated SourceLabels.
SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
labels. Their content is concatenated using the configured
Separator and matched against the configured regular
expression.
items: items:
description: LabelName is a valid Prometheus label name description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
which may only contain ASCII letters, numbers, as
well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is written description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
in a replacement. \n It is mandatory for `Replace`,
`HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and
`DropEqual` actions. \n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
oauth2: oauth2:
description: OAuth2 for the URL. Only valid in Prometheus versions description: "`oauth2` configures the OAuth2 settings to use when scraping the target. \n It requires Prometheus >= 2.27.0. \n Cannot be set at the same time as `authorization`, or `basicAuth`."
2.27.0 and newer.
properties: properties:
clientId: clientId:
description: The secret or configmap containing the OAuth2 description: '`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client''s ID.'
client id
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the description: ConfigMap containing data to use for the targets.
targets.
properties: properties:
key: key:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its description: Specify whether the ConfigMap or its key must be defined
key must be defined
type: boolean type: boolean
required: required:
- key - key
@ -289,17 +229,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key description: Specify whether the Secret or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -307,19 +243,16 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
clientSecret: clientSecret:
description: The secret containing the OAuth2 client secret description: '`clientSecret` specifies a key of a Secret containing the OAuth2 client''s secret.'
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -328,15 +261,15 @@ spec:
endpointParams: endpointParams:
additionalProperties: additionalProperties:
type: string type: string
description: Parameters to append to the token URL description: '`endpointParams` configures the HTTP parameters to append to the token URL.'
type: object type: object
scopes: scopes:
description: OAuth2 scopes used for the token request description: '`scopes` defines the OAuth2 scopes used for the token request.'
items: items:
type: string type: string
type: array type: array
tokenUrl: tokenUrl:
description: The URL to fetch the token from description: '`tokenURL` configures the URL to fetch the token from.'
minLength: 1 minLength: 1
type: string type: string
required: required:
@ -349,37 +282,25 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Optional HTTP URL parameters description: params define optional HTTP URL parameters.
type: object type: object
path: path:
description: HTTP path to scrape for metrics. If empty, Prometheus description: "HTTP path from which to scrape for metrics. \n If empty, Prometheus uses the default value (e.g. `/metrics`)."
uses the default value (e.g. `/metrics`).
type: string type: string
port: port:
description: Name of the service port this endpoint refers to. description: "Name of the Service port which this endpoint refers to. \n It takes precedence over `targetPort`."
Mutually exclusive with targetPort.
type: string type: string
proxyUrl: proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes description: '`proxyURL` configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through when scraping the target.'
to proxy through this endpoint.
type: string type: string
relabelings: relabelings:
description: 'RelabelConfigs to apply to samples before scraping. description: "`relabelings` configures the relabeling rules to apply the target's metadata labels. \n The Operator automatically adds relabelings for a few standard Kubernetes fields. \n The original scrape job's name is available via the `__tmp_prometheus_job_name` label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
Prometheus Operator automatically adds relabelings for a few
standard Kubernetes fields. The original scrape job''s name
is available via the `__tmp_prometheus_job_name` label. More
info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items: items:
description: "RelabelConfig allows dynamic rewriting of the description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
label set for targets, alerts, scraped samples and remote
write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config"
properties: properties:
action: action:
default: replace default: replace
description: "Action to perform based on the regex matching. description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\""
\n `Uppercase` and `Lowercase` actions require Prometheus
>= v2.36.0. `DropEqual` and `KeepEqual` actions require
Prometheus >= v2.41.0. \n Default: \"Replace\""
enum: enum:
- replace - replace
- Replace - Replace
@ -405,89 +326,63 @@ spec:
- DropEqual - DropEqual
type: string type: string
modulus: modulus:
description: "Modulus to take of the hash of the source description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`."
label values. \n Only applicable when the action is
`HashMod`."
format: int64 format: int64
type: integer type: integer
regex: regex:
description: Regular expression against which the extracted description: Regular expression against which the extracted value is matched.
value is matched.
type: string type: string
replacement: replacement:
description: "Replacement value against which a Replace description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available."
action is performed if the regular expression matches.
\n Regex capture groups are available."
type: string type: string
separator: separator:
description: Separator is the string between concatenated description: Separator is the string between concatenated SourceLabels.
SourceLabels.
type: string type: string
sourceLabels: sourceLabels:
description: The source labels select values from existing description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
labels. Their content is concatenated using the configured
Separator and matched against the configured regular
expression.
items: items:
description: LabelName is a valid Prometheus label name description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.
which may only contain ASCII letters, numbers, as
well as underscores.
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string type: string
type: array type: array
targetLabel: targetLabel:
description: "Label to which the resulting string is written description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available."
in a replacement. \n It is mandatory for `Replace`,
`HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and
`DropEqual` actions. \n Regex capture groups are available."
type: string type: string
type: object type: object
type: array type: array
scheme: scheme:
description: HTTP scheme to use for scraping. `http` and `https` description: "HTTP scheme to use for scraping. \n `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. \n If empty, Prometheus uses the default value `http`."
are the expected values unless you rewrite the `__scheme__`
label via relabeling. If empty, Prometheus uses the default
value `http`.
enum: enum:
- http - http
- https - https
type: string type: string
scrapeTimeout: scrapeTimeout:
description: Timeout after which the scrape is ended If not description: "Timeout after which Prometheus considers the scrape to be failed. \n If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used."
specified, the Prometheus global scrape timeout is used unless
it is less than `Interval` in which the latter is used.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string type: string
targetPort: targetPort:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Name or number of the target port of the Pod behind description: Name or number of the target port of the `Pod` object behind the Service. The port must be specified with the container's port property.
the Service, the port must be specified with container port
property. Mutually exclusive with port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
tlsConfig: tlsConfig:
description: TLS configuration to use when scraping the endpoint description: TLS configuration to use when scraping the target.
properties: properties:
ca: ca:
description: Certificate authority used when verifying server description: Certificate authority used when verifying server certificates.
certificates.
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the description: ConfigMap containing data to use for the targets.
targets.
properties: properties:
key: key:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its description: Specify whether the ConfigMap or its key must be defined
key must be defined
type: boolean type: boolean
required: required:
- key - key
@ -497,17 +392,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key description: Specify whether the Secret or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -515,27 +406,22 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
caFile: caFile:
description: Path to the CA cert in the Prometheus container description: Path to the CA cert in the Prometheus container to use for the targets.
to use for the targets.
type: string type: string
cert: cert:
description: Client certificate to present when doing client-authentication. description: Client certificate to present when doing client-authentication.
properties: properties:
configMap: configMap:
description: ConfigMap containing data to use for the description: ConfigMap containing data to use for the targets.
targets.
properties: properties:
key: key:
description: The key to select. description: The key to select.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the ConfigMap or its description: Specify whether the ConfigMap or its key must be defined
key must be defined
type: boolean type: boolean
required: required:
- key - key
@ -545,17 +431,13 @@ spec:
description: Secret containing data to use for the targets. description: Secret containing data to use for the targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key description: Specify whether the Secret or its key must be defined
must be defined
type: boolean type: boolean
required: required:
- key - key
@ -563,31 +445,25 @@ spec:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
type: object type: object
certFile: certFile:
description: Path to the client cert file in the Prometheus description: Path to the client cert file in the Prometheus container for the targets.
container for the targets.
type: string type: string
insecureSkipVerify: insecureSkipVerify:
description: Disable target certificate validation. description: Disable target certificate validation.
type: boolean type: boolean
keyFile: keyFile:
description: Path to the client key file in the Prometheus description: Path to the client key file in the Prometheus container for the targets.
container for the targets.
type: string type: string
keySecret: keySecret:
description: Secret containing the client key file for the description: Secret containing the client key file for the targets.
targets.
properties: properties:
key: key:
description: The key of the secret to select from. Must description: The key of the secret to select from. Must be a valid secret key.
be a valid secret key.
type: string type: string
name: name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string type: string
optional: optional:
description: Specify whether the Secret or its key must description: Specify whether the Secret or its key must be defined
be defined
type: boolean type: boolean
required: required:
- key - key
@ -597,47 +473,35 @@ spec:
description: Used to verify the hostname for the targets. description: Used to verify the hostname for the targets.
type: string type: string
type: object type: object
trackTimestampsStaleness:
description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. \n It requires Prometheus >= v2.48.0."
type: boolean
type: object type: object
type: array type: array
jobLabel: jobLabel:
description: "JobLabel selects the label from the associated Kubernetes description: "`jobLabel` selects the label from the associated Kubernetes `Service` object which will be used as the `job` label for all metrics. \n For example if `jobLabel` is set to `foo` and the Kubernetes `Service` object is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"` label to all ingested metrics. \n If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the associated Kubernetes `Service`."
service which will be used as the `job` label for all metrics. \n
For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo:
bar`, then the `job=\"bar\"` label is added to all metrics. \n If
the value of this field is empty or if the label doesn't exist for
the given Service, the `job` label of the metrics defaults to the
name of the Kubernetes Service."
type: string type: string
keepDroppedTargets: keepDroppedTargets:
description: "Per-scrape limit on the number of targets dropped by description: "Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. \n It requires Prometheus >= v2.47.0."
relabeling that will be kept in memory. 0 means no limit. \n It
requires Prometheus >= v2.47.0."
format: int64 format: int64
type: integer type: integer
labelLimit: labelLimit:
description: Per-scrape limit on number of labels that will be accepted description: "Per-scrape limit on number of labels that will be accepted for a sample. \n It requires Prometheus >= v2.27.0."
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
format: int64 format: int64
type: integer type: integer
labelNameLengthLimit: labelNameLengthLimit:
description: Per-scrape limit on length of labels name that will be description: "Per-scrape limit on length of labels name that will be accepted for a sample. \n It requires Prometheus >= v2.27.0."
accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64 format: int64
type: integer type: integer
labelValueLengthLimit: labelValueLengthLimit:
description: Per-scrape limit on length of labels value that will description: "Per-scrape limit on length of labels value that will be accepted for a sample. \n It requires Prometheus >= v2.27.0."
be accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64 format: int64
type: integer type: integer
namespaceSelector: namespaceSelector:
description: Selector to select which namespaces the Kubernetes Endpoints description: Selector to select which namespaces the Kubernetes `Endpoints` objects are discovered from.
objects are discovered from.
properties: properties:
any: any:
description: Boolean describing whether all namespaces are selected description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
in contrast to a list restricting them.
type: boolean type: boolean
matchNames: matchNames:
description: List of namespace names to select from. description: List of namespace names to select from.
@ -646,42 +510,46 @@ spec:
type: array type: array
type: object type: object
podTargetLabels: podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes `Pod` description: '`podTargetLabels` defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics.'
onto the created metrics.
items: items:
type: string type: string
type: array type: array
sampleLimit: sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped description: '`sampleLimit` defines a per-scrape limit on the number of scraped samples that will be accepted.'
samples that will be accepted.
format: int64 format: int64
type: integer type: integer
scrapeClass:
description: The scrape class to apply.
minLength: 1
type: string
scrapeProtocols:
description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). \n If unset, Prometheus uses its default value. \n It requires Prometheus >= v2.49.0."
items:
description: 'ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`'
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
type: string
type: array
x-kubernetes-list-type: set
selector: selector:
description: Selector to select Endpoints objects. description: Label selector to select the Kubernetes `Endpoints` objects.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
contains values, a key, and an operator that relates the key
and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies to.
to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items: items:
type: string type: string
type: array type: array
@ -693,27 +561,20 @@ spec:
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
targetLabels: targetLabels:
description: TargetLabels transfers labels from the Kubernetes `Service` description: '`targetLabels` defines the labels which are transferred from the associated Kubernetes `Service` object onto the ingested metrics.'
onto the created metrics.
items: items:
type: string type: string
type: array type: array
targetLimit: targetLimit:
description: TargetLimit defines a limit on the number of scraped description: '`targetLimit` defines a limit on the number of scraped targets that will be accepted.'
targets that will be accepted.
format: int64 format: int64
type: integer type: integer
required: required:
- endpoints
- selector - selector
type: object type: object
required: required:

4599
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml
View File

File diff suppressed because it is too large Load Diff

10
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml
View File

@ -1,15 +1,15 @@
annotations: annotations:
artifacthub.io/license: AGPL-3.0-only artifacthub.io/license: Apache-2.0
artifacthub.io/links: | artifacthub.io/links: |
- name: Chart Source - name: Chart Source
url: https://github.com/grafana/helm-charts url: https://github.com/grafana/helm-charts
- name: Upstream Project - name: Upstream Project
url: https://github.com/grafana/grafana url: https://github.com/grafana/grafana
apiVersion: v2 apiVersion: v2
appVersion: 10.1.5 appVersion: 10.4.0
description: The leading tool for querying and visualizing time series and metrics. description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net home: https://grafana.com
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116
keywords: keywords:
- monitoring - monitoring
- metric - metric
@ -30,4 +30,4 @@ sources:
- https://github.com/grafana/grafana - https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts - https://github.com/grafana/helm-charts
type: application type: application
version: 7.0.8 version: 7.3.7

92
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md
View File

@ -136,6 +136,8 @@ need to instead set `global.imageRegistry`.
| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | | `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` |
| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
| `extraVolumes` | Additional Grafana server volumes | `[]` |
| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` |
| `createConfigmap` | Enable creating the grafana configmap | `true` | | `createConfigmap` | Enable creating the grafana configmap | `true` |
| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` |
| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
@ -160,7 +162,7 @@ need to instead set `global.imageRegistry`.
| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` |
| `sidecar.image.registry` | Sidecar image registry | `quay.io` | | `sidecar.image.registry` | Sidecar image registry | `quay.io` |
| `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | | `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` |
| `sidecar.image.tag` | Sidecar image tag | `1.24.6` | | `sidecar.image.tag` | Sidecar image tag | `1.26.0` |
| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
| `sidecar.resources` | Sidecar resources | `{}` | | `sidecar.resources` | Sidecar resources | `{}` |
@ -174,7 +176,7 @@ need to instead set `global.imageRegistry`.
| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | | `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` |
| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | | `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
| `sidecar.alerts.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | | `sidecar.alerts.initAlerts` | Set to true to deploy the alerts sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` |
| `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` | | `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` |
| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | | `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
@ -222,7 +224,7 @@ need to instead set `global.imageRegistry`.
| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | | `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` |
| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | | `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | | `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | | `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` |
| `serviceAccount.annotations` | ServiceAccount annotations | | | `serviceAccount.annotations` | ServiceAccount annotations | |
| `serviceAccount.create` | Create service account | `true` | | `serviceAccount.create` | Create service account | `true` |
| `serviceAccount.labels` | ServiceAccount labels | `{}` | | `serviceAccount.labels` | ServiceAccount labels | `{}` |
@ -315,24 +317,35 @@ ingress:
path: "/grafana" path: "/grafana"
``` ```
### Example of extraVolumeMounts ### Example of extraVolumeMounts and extraVolumes
Volume can be type persistentVolumeClaim or hostPath but not both at same time. Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`.
If neither existingClaim or hostPath argument is given then type is emptyDir.
Example for `extraVolumeMounts` and corresponding `extraVolumes`:
```yaml ```yaml
- extraVolumeMounts: extraVolumeMounts:
- name: plugins - name: plugins
mountPath: /var/lib/grafana/plugins mountPath: /var/lib/grafana/plugins
subPath: configs/grafana/plugins subPath: configs/grafana/plugins
existingClaim: existing-grafana-claim
readOnly: false readOnly: false
- name: dashboards - name: dashboards
mountPath: /var/lib/grafana/dashboards mountPath: /var/lib/grafana/dashboards
hostPath: /usr/shared/grafana/dashboards hostPath: /usr/shared/grafana/dashboards
readOnly: false readOnly: false
extraVolumes:
- name: plugins
existingClaim: existing-grafana-claim
- name: dashboards
hostPath: /usr/shared/grafana/dashboards
``` ```
Volumes default to `emptyDir`. Set to `persistentVolumeClaim`,
`hostPath`, `csi`, or `configMap` for other types. For a
`persistentVolumeClaim`, specify an existing claim name with
`existingClaim`.
## Import dashboards ## Import dashboards
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
@ -544,9 +557,61 @@ delete_notifiers:
# default org_id: 1 # default org_id: 1
``` ```
## Provision alert rules, contact points, notification policies and notification templates ## Sidecar for alerting resources
There are two methods to provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: If the parameter `sidecar.alerts.enabled` is set, a sidecar container is deployed in the grafana
pod. This container watches all configmaps (or secrets) in the cluster (namespace defined by `sidecar.alerts.searchNamespace`) and filters out the ones with
a label as defined in `sidecar.alerts.label` (default is `grafana_alert`). The files defined in those configmaps are written
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported alerting resources are updated, however, deletions are a little more complicated (see below).
This sidecar can be used to provision alert rules, contact points, notification policies, notification templates and mute timings as shown in [Grafana Documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/).
To fetch the alert config which will be provisioned, use the alert provisioning API ([Grafana Documentation](https://grafana.com/docs/grafana/next/developers/http_api/alerting_provisioning/)).
You can use either JSON or YAML format.
Example config for an alert rule:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sample-grafana-alert
labels:
grafana_alert: "1"
data:
k8s-alert.yml: |-
apiVersion: 1
groups:
- orgId: 1
name: k8s-alert
[...]
```
To delete provisioned alert rules is a two step process, you need to delete the configmap which defined the alert rule
and then create a configuration which deletes the alert rule.
Example deletion configuration:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: delete-sample-grafana-alert
namespace: monitoring
labels:
grafana_alert: "1"
data:
delete-k8s-alert.yml: |-
apiVersion: 1
deleteRules:
- orgId: 1
uid: 16624780-6564-45dc-825c-8bded4ad92d3
```
## Statically provision alerting resources
If you don't need to change alerting resources (alert rules, contact points, notification policies and notification templates) regularly you could use the `alerting` config option instead of the sidecar option above.
This will grab the alerting config and apply it statically at build time for the helm file.
There are two methods to statically provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method:
```yaml ```yaml
alerting: alerting:
@ -576,13 +641,14 @@ alerting:
title: '{{ `{{ template "default.title" . }}` }}' title: '{{ `{{ template "default.title" . }}` }}'
``` ```
There are two possibilities: The two possibilities for static alerting resource provisioning are:
* Inlining the file contents as described in the example `values.yaml` and the official [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). * Inlining the file contents as shown for contact points in the above example.
* Importing a file using a relative path starting from the chart root directory. * Importing a file using a relative path starting from the chart root directory as shown for the alert rules in the above example.
### Important notes on file provisioning ### Important notes on file provisioning
* The format of the files is defined in the [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/) on file provisioning.
* The chart supports importing YAML and JSON files. * The chart supports importing YAML and JSON files.
* The filename must be unique, otherwise one volume mount will overwrite the other. * The filename must be unique, otherwise one volume mount will overwrite the other.
* In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped. * In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped.

171
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl Normal file
View File

@ -0,0 +1,171 @@
{{/*
Generate config map data
*/}}
{{- define "grafana.configData" -}}
{{ include "grafana.assertNoLeakedSecrets" . }}
{{- $files := .Files }}
{{- $root := . -}}
{{- with .Values.plugins }}
plugins: {{ join "," . }}
{{- end }}
grafana.ini: |
{{- range $elem, $elemVal := index .Values "grafana.ini" }}
{{- if not (kindIs "map" $elemVal) }}
{{- if kindIs "invalid" $elemVal }}
{{ $elem }} =
{{- else if kindIs "string" $elemVal }}
{{ $elem }} = {{ tpl $elemVal $ }}
{{- else }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := index .Values "grafana.ini" }}
{{- if kindIs "map" $value }}
[{{ $key }}]
{{- range $elem, $elemVal := $value }}
{{- if kindIs "invalid" $elemVal }}
{{ $elem }} =
{{- else if kindIs "string" $elemVal }}
{{ $elem }} = {{ tpl $elemVal $ }}
{{- else }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.datasources }}
{{- if not (hasKey $value "secret") }}
{{ $key }}: |
{{- tpl (toYaml $value | nindent 2) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if not (hasKey $value "secret") }}
{{ $key }}: |
{{- toYaml $value | nindent 2 }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "file") }}
{{ $key }}:
{{- toYaml ( $files.Get $value.file ) | nindent 2 }}
{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
{{/* will be stored inside secret generated by "configSecret.yaml"*/}}
{{- else }}
{{ $key }}: |
{{- tpl (toYaml $value | nindent 2) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.dashboardProviders }}
{{ $key }}: |
{{- toYaml $value | nindent 2 }}
{{- end }}
{{- if .Values.dashboards }}
download_dashboards.sh: |
#!/usr/bin/env sh
set -euf
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{- range $value.providers }}
mkdir -p {{ .options.path }}
{{- end }}
{{- end }}
{{- end }}
{{ $dashboardProviders := .Values.dashboardProviders }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
curl -skf \
--connect-timeout 60 \
--max-time 60 \
{{- if not $value.b64content }}
{{- if not $value.acceptHeader }}
-H "Accept: application/json" \
{{- else }}
-H "Accept: {{ $value.acceptHeader }}" \
{{- end }}
{{- if $value.token }}
-H "Authorization: token {{ $value.token }}" \
{{- end }}
{{- if $value.bearerToken }}
-H "Authorization: Bearer {{ $value.bearerToken }}" \
{{- end }}
{{- if $value.basic }}
-H "Authorization: Basic {{ $value.basic }}" \
{{- end }}
{{- if $value.gitlabToken }}
-H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
{{- end }}
-H "Content-Type: application/json;charset=UTF-8" \
{{- end }}
{{- $dpPath := "" -}}
{{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }}
{{- if eq $kd.name $provider }}
{{- $dpPath = $kd.options.path }}
{{- end }}
{{- end }}
{{- if $value.url }}
"{{ $value.url }}" \
{{- else }}
"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \
{{- end }}
{{- if $value.datasource }}
{{- if kindIs "string" $value.datasource }}
| sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \
{{- end }}
{{- if kindIs "slice" $value.datasource }}
{{- range $value.datasource }}
| sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \
{{- end }}
{{- end }}
{{- end }}
{{- if $value.b64content }}
| base64 -d \
{{- end }}
> "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
{{ end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Generate dashboard json config map data
*/}}
{{- define "grafana.configDashboardProviderData" -}}
provider.yaml: |-
apiVersion: 1
providers:
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
{{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
{{- end }}
type: {{ .Values.sidecar.dashboards.provider.type }}
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
options:
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
{{- end -}}
{{- define "grafana.secretsData" -}}
{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- if .Values.adminPassword }}
admin-password: {{ .Values.adminPassword | b64enc | quote }}
{{- else }}
admin-password: {{ include "grafana.password" . }}
{{- end }}
{{- end }}
{{- if not .Values.ldap.existingSecret }}
ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
{{- end }}
{{- end -}}

51
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl
View File

@ -225,3 +225,54 @@ Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific
{{- end }} {{- end }}
{{- $secretFound}} {{- $secretFound}}
{{- end -}} {{- end -}}
{{/*
Checks whether the user is attempting to store secrets in plaintext
in the grafana.ini configmap
*/}}
{{/* grafana.assertNoLeakedSecrets checks for sensitive keys in values */}}
{{- define "grafana.assertNoLeakedSecrets" -}}
{{- $sensitiveKeysYaml := `
sensitiveKeys:
- path: ["database", "password"]
- path: ["smtp", "password"]
- path: ["security", "secret_key"]
- path: ["security", "admin_password"]
- path: ["auth.basic", "password"]
- path: ["auth.ldap", "bind_password"]
- path: ["auth.google", "client_secret"]
- path: ["auth.github", "client_secret"]
- path: ["auth.gitlab", "client_secret"]
- path: ["auth.generic_oauth", "client_secret"]
- path: ["auth.okta", "client_secret"]
- path: ["auth.azuread", "client_secret"]
- path: ["auth.grafana_com", "client_secret"]
- path: ["auth.grafananet", "client_secret"]
- path: ["azure", "user_identity_client_secret"]
- path: ["unified_alerting", "ha_redis_password"]
- path: ["metrics", "basic_auth_password"]
- path: ["external_image_storage.s3", "secret_key"]
- path: ["external_image_storage.webdav", "password"]
- path: ["external_image_storage.azure_blob", "account_key"]
` | fromYaml -}}
{{- if $.Values.assertNoLeakedSecrets -}}
{{- $grafanaIni := index .Values "grafana.ini" -}}
{{- range $_, $secret := $sensitiveKeysYaml.sensitiveKeys -}}
{{- $currentMap := $grafanaIni -}}
{{- $shouldContinue := true -}}
{{- range $index, $elem := $secret.path -}}
{{- if and $shouldContinue (hasKey $currentMap $elem) -}}
{{- if eq (len $secret.path) (add1 $index) -}}
{{- if not (regexMatch "\\$(?:__(?:env|file|vault))?{[^}]+}" (index $currentMap $elem)) -}}
{{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead. You can disable this client-side validation by changing the value of assertNoLeakedSecrets." (join "." $secret.path)) -}}
{{- end -}}
{{- else -}}
{{- $currentMap = index $currentMap $elem -}}
{{- end -}}
{{- else -}}
{{- $shouldContinue = false -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

53
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl
View File

@ -5,7 +5,7 @@
schedulerName: "{{ . }}" schedulerName: "{{ . }}"
{{- end }} {{- end }}
serviceAccountName: {{ include "grafana.serviceAccountName" . }} serviceAccountName: {{ include "grafana.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- with .Values.securityContext }} {{- with .Values.securityContext }}
securityContext: securityContext:
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}
@ -14,6 +14,13 @@ securityContext:
hostAliases: hostAliases:
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- end }}
{{- with .Values.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.priorityClassName }} {{- with .Values.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
@ -427,6 +434,11 @@ containers:
- name: "{{ $key }}" - name: "{{ $key }}"
value: "{{ $value }}" value: "{{ $value }}"
{{- end }} {{- end }}
{{- range $key, $value := .Values.sidecar.datasources.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{- tpl (toYaml $value) $ | nindent 10 }}
{{- end }}
{{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }}
- name: IGNORE_ALREADY_PROCESSED - name: IGNORE_ALREADY_PROCESSED
value: "true" value: "true"
@ -898,26 +910,47 @@ containers:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- with .Values.datasources }} {{- with .Values.datasources }}
{{- $datasources := . }}
{{- range (keys . | sortAlpha) }} {{- range (keys . | sortAlpha) }}
{{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}}
- name: config-secret
mountPath: "/etc/grafana/provisioning/datasources/{{ . }}"
subPath: {{ . | quote }}
{{- else }}
- name: config - name: config
mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" mountPath: "/etc/grafana/provisioning/datasources/{{ . }}"
subPath: {{ . | quote }} subPath: {{ . | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- with .Values.notifiers }} {{- with .Values.notifiers }}
{{- $notifiers := . }}
{{- range (keys . | sortAlpha) }} {{- range (keys . | sortAlpha) }}
{{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}}
- name: config-secret
mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}"
subPath: {{ . | quote }}
{{- else }}
- name: config - name: config
mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}"
subPath: {{ . | quote }} subPath: {{ . | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- with .Values.alerting }} {{- with .Values.alerting }}
{{- $alertingmap := .}}
{{- range (keys . | sortAlpha) }} {{- range (keys . | sortAlpha) }}
{{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}}
- name: config-secret
mountPath: "/etc/grafana/provisioning/alerting/{{ . }}"
subPath: {{ . | quote }}
{{- else }}
- name: config - name: config
mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" mountPath: "/etc/grafana/provisioning/alerting/{{ . }}"
subPath: {{ . | quote }} subPath: {{ . | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- with .Values.dashboardProviders }} {{- with .Values.dashboardProviders }}
{{- range (keys . | sortAlpha) }} {{- range (keys . | sortAlpha) }}
- name: config - name: config
@ -1051,11 +1084,17 @@ containers:
- secretRef: - secretRef:
name: {{ tpl .name $ }} name: {{ tpl .name $ }}
optional: {{ .optional | default false }} optional: {{ .optional | default false }}
{{- if .prefix }}
prefix: {{ tpl .prefix $ }}
{{- end }}
{{- end }} {{- end }}
{{- range .Values.envFromConfigMaps }} {{- range .Values.envFromConfigMaps }}
- configMapRef: - configMapRef:
name: {{ tpl .name $ }} name: {{ tpl .name $ }}
optional: {{ .optional | default false }} optional: {{ .optional | default false }}
{{- if .prefix }}
prefix: {{ tpl .prefix $ }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- with .Values.livenessProbe }} {{- with .Values.livenessProbe }}
@ -1097,6 +1136,12 @@ volumes:
- name: config - name: config
configMap: configMap:
name: {{ include "grafana.fullname" . }} name: {{ include "grafana.fullname" . }}
{{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}}
{{- if and .Values.createConfigmap $createConfigSecret }}
- name: config-secret
secret:
secretName: {{ include "grafana.fullname" . }}-config-secret
{{- end }}
{{- range .Values.extraConfigmapMounts }} {{- range .Values.extraConfigmapMounts }}
- name: {{ tpl .name $root }} - name: {{ tpl .name $root }}
configMap: configMap:
@ -1230,10 +1275,13 @@ volumes:
{{ toYaml .hostPath | nindent 6 }} {{ toYaml .hostPath | nindent 6 }}
{{- else if .csi }} {{- else if .csi }}
csi: csi:
{{- toYaml .data | nindent 6 }} {{- toYaml .csi | nindent 6 }}
{{- else if .configMap }} {{- else if .configMap }}
configMap: configMap:
{{- toYaml .configMap | nindent 6 }} {{- toYaml .configMap | nindent 6 }}
{{- else if .emptyDir }}
emptyDir:
{{- toYaml .emptyDir | nindent 6 }}
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
@ -1246,4 +1294,3 @@ volumes:
{{- tpl (toYaml .) $root | nindent 2 }} {{- tpl (toYaml .) $root | nindent 2 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configSecret.yaml
View File

@ -25,13 +25,13 @@ stringData:
{{- range $key, $value := .Values.datasources }} {{- range $key, $value := .Values.datasources }}
{{- if (hasKey $value "secret") }} {{- if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: | {{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }} {{- tpl (toYaml $value.secret | nindent 4) $root }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.notifiers }} {{- range $key, $value := .Values.notifiers }}
{{- if (hasKey $value "secret") }} {{- if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: | {{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }} {{- tpl (toYaml $value.secret | nindent 4) $root }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- range $key, $value := .Values.alerting }} {{- range $key, $value := .Values.alerting }}

16
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configmap-dashboard-provider.yaml
View File

@ -11,19 +11,5 @@ metadata:
name: {{ include "grafana.fullname" . }}-config-dashboards name: {{ include "grafana.fullname" . }}-config-dashboards
namespace: {{ include "grafana.namespace" . }} namespace: {{ include "grafana.namespace" . }}
data: data:
provider.yaml: |- {{- include "grafana.configDashboardProviderData" . | nindent 2 }}
apiVersion: 1
providers:
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
{{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
{{- end }}
type: {{ .Values.sidecar.dashboards.provider.type }}
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
options:
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
{{- end }} {{- end }}

131
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml
View File

@ -1,6 +1,4 @@
{{- if .Values.createConfigmap }} {{- if .Values.createConfigmap }}
{{- $files := .Files }}
{{- $root := . -}}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -13,132 +11,5 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
data: data:
{{- with .Values.plugins }} {{- include "grafana.configData" . | nindent 2 }}
plugins: {{ join "," . }}
{{- end }}
grafana.ini: |
{{- range $elem, $elemVal := index .Values "grafana.ini" }}
{{- if not (kindIs "map" $elemVal) }}
{{- if kindIs "invalid" $elemVal }}
{{ $elem }} =
{{- else if kindIs "string" $elemVal }}
{{ $elem }} = {{ tpl $elemVal $ }}
{{- else }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := index .Values "grafana.ini" }}
{{- if kindIs "map" $value }}
[{{ $key }}]
{{- range $elem, $elemVal := $value }}
{{- if kindIs "invalid" $elemVal }}
{{ $elem }} =
{{- else if kindIs "string" $elemVal }}
{{ $elem }} = {{ tpl $elemVal $ }}
{{- else }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.datasources }}
{{- if not (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if not (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- toYaml $value | nindent 4 }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "file") }}
{{- $key | nindent 2 }}:
{{- toYaml ( $files.Get $value.file ) | nindent 4}}
{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
{{/* will be stored inside secret generated by "configSecret.yaml"*/}}
{{- else }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.dashboardProviders }}
{{- $key | nindent 2 }}: |
{{- toYaml $value | nindent 4 }}
{{- end }}
{{- if .Values.dashboards }}
download_dashboards.sh: |
#!/usr/bin/env sh
set -euf
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{- range $value.providers }}
mkdir -p {{ .options.path }}
{{- end }}
{{- end }}
{{- end }}
{{ $dashboardProviders := .Values.dashboardProviders }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
curl -skf \
--connect-timeout 60 \
--max-time 60 \
{{- if not $value.b64content }}
{{- if not $value.acceptHeader }}
-H "Accept: application/json" \
{{- else }}
-H "Accept: {{ $value.acceptHeader }}" \
{{- end }}
{{- if $value.token }}
-H "Authorization: token {{ $value.token }}" \
{{- end }}
{{- if $value.bearerToken }}
-H "Authorization: Bearer {{ $value.bearerToken }}" \
{{- end }}
{{- if $value.basic }}
-H "Authorization: Basic {{ $value.basic }}" \
{{- end }}
{{- if $value.gitlabToken }}
-H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
{{- end }}
-H "Content-Type: application/json;charset=UTF-8" \
{{- end }}
{{- $dpPath := "" -}}
{{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }}
{{- if eq $kd.name $provider }}
{{- $dpPath = $kd.options.path }}
{{- end }}
{{- end }}
{{- if $value.url }}
"{{ $value.url }}" \
{{- else }}
"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \
{{- end }}
{{- if $value.datasource }}
{{- if kindIs "string" $value.datasource }}
| sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \
{{- end }}
{{- if kindIs "slice" $value.datasource }}
{{- range $value.datasource }}
| sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \
{{- end }}
{{- end }}
{{- end }}
{{- if $value.b64content }}
| base64 -d \
{{- end }}
> "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
{{ end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }} {{- end }}

10
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml
View File

@ -33,14 +33,16 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/config: {{ include "grafana.configData" . | sha256sum }}
{{- if .Values.dashboards }}
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} {{- end }}
checksum/sc-dashboard-provider-config: {{ include "grafana.configDashboardProviderData" . | sha256sum }}
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/secret: {{ include "grafana.secretsData" . | sha256sum }}
{{- end }} {{- end }}
{{- if .Values.envRenderSecret }} {{- if .Values.envRenderSecret }}
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} checksum/secret-env: {{ tpl (toYaml .Values.envRenderSecret) . | sha256sum }}
{{- end }} {{- end }}
kubectl.kubernetes.io/default-container: {{ .Chart.Name }} kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
{{- with .Values.podAnnotations }} {{- with .Values.podAnnotations }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/ingress.yaml
View File

@ -34,7 +34,7 @@ spec:
rules: rules:
{{- if .Values.ingress.hosts }} {{- if .Values.ingress.hosts }}
{{- range .Values.ingress.hosts }} {{- range .Values.ingress.hosts }}
- host: {{ tpl . $ }} - host: {{ tpl . $ | quote }}
http: http:
paths: paths:
{{- with $extraPaths }} {{- with $extraPaths }}

12
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml
View File

@ -12,15 +12,5 @@ metadata:
{{- end }} {{- end }}
type: Opaque type: Opaque
data: data:
{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} {{- include "grafana.secretsData" . | nindent 2 }}
admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- if .Values.adminPassword }}
admin-password: {{ .Values.adminPassword | b64enc | quote }}
{{- else }}
admin-password: {{ include "grafana.password" . }}
{{- end }}
{{- end }}
{{- if not .Values.ldap.existingSecret }}
ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
{{- end }}
{{- end }} {{- end }}

5
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/service.yaml
View File

@ -21,10 +21,13 @@ spec:
clusterIP: {{ . }} clusterIP: {{ . }}
{{- end }} {{- end }}
{{- else if eq .Values.service.type "LoadBalancer" }} {{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }} type: LoadBalancer
{{- with .Values.service.loadBalancerIP }} {{- with .Values.service.loadBalancerIP }}
loadBalancerIP: {{ . }} loadBalancerIP: {{ . }}
{{- end }} {{- end }}
{{- with .Values.service.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }} {{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: loadBalancerSourceRanges:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml
View File

@ -1,7 +1,7 @@
{{- if .Values.serviceAccount.create }} {{- if .Values.serviceAccount.create }}
{{- $root := . -}}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.autoMount | default .Values.serviceAccount.automountServiceAccountToken }}
metadata: metadata:
labels: labels:
{{- include "grafana.labels" . | nindent 4 }} {{- include "grafana.labels" . | nindent 4 }}
@ -10,7 +10,7 @@ metadata:
{{- end }} {{- end }}
{{- with .Values.serviceAccount.annotations }} {{- with .Values.serviceAccount.annotations }}
annotations: annotations:
{{- tpl (toYaml . | nindent 4) $root }} {{- tpl (toYaml . | nindent 4) $ }}
{{- end }} {{- end }}
name: {{ include "grafana.serviceAccountName" . }} name: {{ include "grafana.serviceAccountName" . }}
namespace: {{ include "grafana.namespace" . }} namespace: {{ include "grafana.namespace" . }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml
View File

@ -12,7 +12,7 @@ metadata:
labels: labels:
{{- include "grafana.labels" . | nindent 4 }} {{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.serviceMonitor.labels }} {{- with .Values.serviceMonitor.labels }}
{{- toYaml . | nindent 4 }} {{- tpl (toYaml . | nindent 4) $ }}
{{- end }} {{- end }}
spec: spec:
endpoints: endpoints:

59
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml
View File

@ -38,16 +38,22 @@ serviceAccount:
nameTest: nameTest:
## ServiceAccount labels. ## ServiceAccount labels.
labels: {} labels: {}
## Service account annotations. Can be templated. ## Service account annotations. Can be templated.
# annotations: # annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
autoMount: true
## autoMount is deprecated in favor of automountServiceAccountToken
# autoMount: false
automountServiceAccountToken: false
replicas: 1 replicas: 1
## Create a headless service for the deployment ## Create a headless service for the deployment
headlessService: false headlessService: false
## Should the service account be auto mounted on the pod
automountServiceAccountToken: true
## Create HorizontalPodAutoscaler object for deployment type ## Create HorizontalPodAutoscaler object for deployment type
# #
autoscaling: autoscaling:
@ -116,6 +122,16 @@ testFramework:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: {} securityContext: {}
# dns configuration for pod
dnsPolicy: ~
dnsConfig: {}
# nameservers:
# - 8.8.8.8
# options:
# - name: ndots
# value: "2"
# - name: edns0
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 472 runAsUser: 472
@ -197,6 +213,9 @@ gossipPortName: gossip
service: service:
enabled: true enabled: true
type: ClusterIP type: ClusterIP
loadBalancerIP: ""
loadBalancerClass: ""
loadBalancerSourceRanges: []
port: 80 port: 80
targetPort: 3000 targetPort: 3000
# targetPort: 4181 To be used with a proxy extraContainer # targetPort: 4181 To be used with a proxy extraContainer
@ -477,6 +496,7 @@ envRenderSecret: {}
## Name is templated. ## Name is templated.
envFromSecrets: [] envFromSecrets: []
## - name: secret-name ## - name: secret-name
## prefix: prefix
## optional: true ## optional: true
## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment ## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment
@ -485,6 +505,7 @@ envFromSecrets: []
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core
envFromConfigMaps: [] envFromConfigMaps: []
## - name: configmap-name ## - name: configmap-name
## prefix: prefix
## optional: true ## optional: true
# Inject Kubernetes services as environment variables. # Inject Kubernetes services as environment variables.
@ -530,15 +551,22 @@ extraVolumeMounts: []
# - name: extra-volume-0 # - name: extra-volume-0
# mountPath: /mnt/volume0 # mountPath: /mnt/volume0
# readOnly: true # readOnly: true
# existingClaim: volume-claim
# - name: extra-volume-1 # - name: extra-volume-1
# mountPath: /mnt/volume1 # mountPath: /mnt/volume1
# readOnly: true # readOnly: true
# hostPath: /usr/shared/
# - name: grafana-secrets # - name: grafana-secrets
# mountPath: /mnt/volume2 # mountPath: /mnt/volume2
# csi: true
# data: ## Additional Grafana server volumes
extraVolumes: []
# - name: extra-volume-0
# existingClaim: volume-claim
# - name: extra-volume-1
# hostPath:
# path: /usr/shared/
# type: ""
# - name: grafana-secrets
# csi:
# driver: secrets-store.csi.k8s.io # driver: secrets-store.csi.k8s.io
# readOnly: true # readOnly: true
# volumeAttributes: # volumeAttributes:
@ -811,7 +839,7 @@ sidecar:
# -- The Docker registry # -- The Docker registry
registry: quay.io registry: quay.io
repository: kiwigrid/k8s-sidecar repository: kiwigrid/k8s-sidecar
tag: 1.25.2 tag: 1.26.1
sha: "" sha: ""
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: {} resources: {}
@ -944,6 +972,7 @@ sidecar:
enabled: false enabled: false
# Additional environment variables for the datasourcessidecar # Additional environment variables for the datasourcessidecar
env: {} env: {}
envValueFrom: {}
# Do not reprocess already processed unchanged resources on k8s API reconnect. # Do not reprocess already processed unchanged resources on k8s API reconnect.
# ignoreAlreadyProcessed: true # ignoreAlreadyProcessed: true
# label that the configmaps with datasources are marked with # label that the configmaps with datasources are marked with
@ -975,8 +1004,8 @@ sidecar:
# Absolute path to shell script to execute after a datasource got reloaded # Absolute path to shell script to execute after a datasource got reloaded
script: null script: null
skipReload: false skipReload: false
# Deploy the datasource sidecar as an initContainer in addition to a container.
# This is needed if skipReload is true, to load any datasources defined at startup time. # This is needed if skipReload is true, to load any datasources defined at startup time.
# Deploy the datasources sidecar as an initContainer.
initDatasources: false initDatasources: false
# Sets the size limit of the datasource sidecar emptyDir volume # Sets the size limit of the datasource sidecar emptyDir volume
sizeLimit: {} sizeLimit: {}
@ -1280,3 +1309,13 @@ extraObjects: []
# data: # data:
# - key: grafana-admin-password # - key: grafana-admin-password
# name: adminPassword # name: adminPassword
# assertNoLeakedSecrets is a helper function defined in _helpers.tpl that checks if secret
# values are not exposed in the rendered grafana.ini configmap. It is enabled by default.
#
# To pass values into grafana.ini without exposing them in a configmap, use variable expansion:
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion
#
# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap,
# you can disable this check by setting assertNoLeakedSecrets to false.
assertNoLeakedSecrets: true

4
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
- name: Chart Source - name: Chart Source
url: https://github.com/prometheus-community/helm-charts url: https://github.com/prometheus-community/helm-charts
apiVersion: v2 apiVersion: v2
appVersion: 2.10.1 appVersion: 2.11.0
description: Install kube-state-metrics to generate and expose cluster-level metrics description: Install kube-state-metrics to generate and expose cluster-level metrics
home: https://github.com/kubernetes/kube-state-metrics/ home: https://github.com/kubernetes/kube-state-metrics/
keywords: keywords:
@ -23,4 +23,4 @@ name: kube-state-metrics
sources: sources:
- https://github.com/kubernetes/kube-state-metrics/ - https://github.com/kubernetes/kube-state-metrics/
type: application type: application
version: 5.15.2 version: 5.18.0

44
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml
View File

@ -49,7 +49,7 @@ spec:
{{- toYaml . | nindent 6 }} {{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
containers: containers:
{{- $httpPort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}} {{- $servicePort := ternary 9090 (.Values.service.port | default 8080) .Values.kubeRBACProxy.enabled}}
{{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}} {{- $telemetryPort := ternary 9091 (.Values.selfMonitor.telemetryPort | default 8081) .Values.kubeRBACProxy.enabled}}
- name: {{ template "kube-state-metrics.name" . }} - name: {{ template "kube-state-metrics.name" . }}
{{- if .Values.autosharding.enabled }} {{- if .Values.autosharding.enabled }}
@ -67,7 +67,7 @@ spec:
{{- if .Values.extraArgs }} {{- if .Values.extraArgs }}
{{- .Values.extraArgs | toYaml | nindent 8 }} {{- .Values.extraArgs | toYaml | nindent 8 }}
{{- end }} {{- end }}
- --port={{ $httpPort }} - --port={{ $servicePort }}
{{- if .Values.collectors }} {{- if .Values.collectors }}
- --resources={{ .Values.collectors | join "," }} - --resources={{ .Values.collectors | join "," }}
{{- end }} {{- end }}
@ -115,10 +115,10 @@ spec:
{{- if .Values.selfMonitor.telemetryPort }} {{- if .Values.selfMonitor.telemetryPort }}
- --telemetry-port={{ $telemetryPort }} - --telemetry-port={{ $telemetryPort }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.customResourceState.enabled }} {{- if .Values.customResourceState.enabled }}
- --custom-resource-state-config-file=/etc/customresourcestate/config.yaml - --custom-resource-state-config-file=/etc/customresourcestate/config.yaml
{{- end }} {{- end }}
{{- end }}
{{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }} {{- if or (.Values.kubeconfig.enabled) (.Values.customResourceState.enabled) (.Values.volumeMounts) }}
volumeMounts: volumeMounts:
{{- if .Values.kubeconfig.enabled }} {{- if .Values.kubeconfig.enabled }}
@ -147,17 +147,41 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
livenessProbe: livenessProbe:
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
httpGet: httpGet:
{{- if .Values.hostNetwork }}
host: 127.0.0.1
{{- end }}
httpHeaders:
{{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }}
- name: {{ $header.name }}
value: {{ $header.value }}
{{- end }}
path: /healthz path: /healthz
port: {{ $httpPort }} port: {{ $servicePort }}
initialDelaySeconds: 5 scheme: {{ upper .Values.livenessProbe.httpGet.scheme }}
timeoutSeconds: 5 initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe: readinessProbe:
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet: httpGet:
{{- if .Values.hostNetwork }}
host: 127.0.0.1
{{- end }}
httpHeaders:
{{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }}
- name: {{ $header.name }}
value: {{ $header.value }}
{{- end }}
path: / path: /
port: {{ $httpPort }} port: {{ $servicePort }}
initialDelaySeconds: 5 scheme: {{ upper .Values.readinessProbe.httpGet.scheme }}
timeoutSeconds: 5 initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
{{- if .Values.resources }} {{- if .Values.resources }}
resources: resources:
{{ toYaml .Values.resources | indent 10 }} {{ toYaml .Values.resources | indent 10 }}
@ -173,7 +197,7 @@ spec:
{{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }} {{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 8 }}
{{- end }} {{- end }}
- --secure-listen-address=:{{ .Values.service.port | default 8080}} - --secure-listen-address=:{{ .Values.service.port | default 8080}}
- --upstream=http://127.0.0.1:{{ $httpPort }}/ - --upstream=http://127.0.0.1:{{ $servicePort }}/
- --proxy-endpoints-port=8888 - --proxy-endpoints-port=8888
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
volumeMounts: volumeMounts:

2
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/serviceaccount.yaml
View File

@ -10,6 +10,8 @@ metadata:
annotations: annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }} {{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }} {{- end }}
{{- if or .Values.serviceAccount.imagePullSecrets .Values.global.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.serviceAccount.imagePullSecrets) | indent 2 }} {{- include "kube-state-metrics.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.serviceAccount.imagePullSecrets) | indent 2 }}
{{- end }}
{{- end -}} {{- end -}}

39
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml
View File

@ -37,7 +37,10 @@ autosharding:
replicas: 1 replicas: 1
# Change the deployment strategy when autosharding is disabled # Change the deployment strategy when autosharding is disabled.
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
# The default is "RollingUpdate" as per Kubernetes defaults.
# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
# updateStrategy: Recreate # updateStrategy: Recreate
# Number of old history to retain to allow rollback # Number of old history to retain to allow rollback
@ -96,7 +99,7 @@ kubeRBACProxy:
image: image:
registry: quay.io registry: quay.io
repository: brancz/kube-rbac-proxy repository: brancz/kube-rbac-proxy
tag: v0.14.0 tag: v0.16.0
sha: "" sha: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@ -108,7 +111,12 @@ kubeRBACProxy:
## Specify security settings for a Container ## Specify security settings for a Container
## Allows overrides and additional options compared to (Pod) securityContext ## Allows overrides and additional options compared to (Pod) securityContext
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {} containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
@ -245,6 +253,7 @@ securityContext:
## Allows overrides and additional options compared to (Pod) securityContext ## Allows overrides and additional options compared to (Pod) securityContext
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
@ -454,3 +463,27 @@ containers: []
initContainers: [] initContainers: []
# - name: crd-sidecar # - name: crd-sidecar
# image: kiwigrid/k8s-sidecar:latest # image: kiwigrid/k8s-sidecar:latest
## Liveness probe
##
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders: []
scheme: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
## Readiness probe
##
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders: []
scheme: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5

2
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml
View File

@ -22,4 +22,4 @@ name: prometheus-node-exporter
sources: sources:
- https://github.com/prometheus/node_exporter/ - https://github.com/prometheus/node_exporter/
type: application type: application
version: 4.24.0 version: 4.32.0

17
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/_helpers.tpl
View File

@ -183,3 +183,20 @@ labelNameLengthLimit: {{ . }}
labelValueLengthLimit: {{ . }} labelValueLengthLimit: {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* Sets sidecar volumeMounts */}}
{{- define "prometheus-node-exporter.sidecarVolumeMounts" -}}
{{- range $_, $mount := $.Values.sidecarVolumeMount }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- end }}
{{- range $_, $mount := $.Values.sidecarHostVolumeMounts }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- if $mount.mountPropagation }}
mountPropagation: {{ $mount.mountPropagation }}
{{- end }}
{{- end }}
{{- end }}

76
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml
View File

@ -40,8 +40,11 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }} serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }}
{{- with .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
containers: containers:
{{- $servicePort := ternary 8100 .Values.service.port .Values.kubeRBACProxy.enabled }} {{- $servicePort := ternary .Values.kubeRBACProxy.port .Values.service.port .Values.kubeRBACProxy.enabled }}
- name: node-exporter - name: node-exporter
image: {{ include "prometheus-node-exporter.image" . }} image: {{ include "prometheus-node-exporter.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
@ -50,7 +53,7 @@ spec:
- --path.sysfs=/host/sys - --path.sysfs=/host/sys
{{- if .Values.hostRootFsMount.enabled }} {{- if .Values.hostRootFsMount.enabled }}
- --path.rootfs=/host/root - --path.rootfs=/host/root
{{- if semverCompare ">=1.4.0" (default .Chart.AppVersion .Values.image.tag) }} {{- if semverCompare ">=1.4.0-0" (coalesce .Values.version .Values.image.tag .Chart.AppVersion) }}
- --path.udev.data=/host/root/run/udev/data - --path.udev.data=/host/root/run/udev/data
{{- end }} {{- end }}
{{- end }} {{- end }}
@ -124,12 +127,24 @@ spec:
resources: resources:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.terminationMessageParams.enabled }}
{{- with .Values.terminationMessageParams }}
terminationMessagePath: {{ .terminationMessagePath }}
terminationMessagePolicy: {{ .terminationMessagePolicy }}
{{- end }}
{{- end }}
volumeMounts: volumeMounts:
- name: proc - name: proc
mountPath: /host/proc mountPath: /host/proc
{{- with .Values.hostProcFsMount.mountPropagation }}
mountPropagation: {{ . }}
{{- end }}
readOnly: true readOnly: true
- name: sys - name: sys
mountPath: /host/sys mountPath: /host/sys
{{- with .Values.hostSysFsMount.mountPropagation }}
mountPropagation: {{ . }}
{{- end }}
readOnly: true readOnly: true
{{- if .Values.hostRootFsMount.enabled }} {{- if .Values.hostRootFsMount.enabled }}
- name: root - name: root
@ -160,24 +175,10 @@ spec:
- name: {{ .name }} - name: {{ .name }}
mountPath: {{ .mountPath }} mountPath: {{ .mountPath }}
{{- end }} {{- end }}
{{- with .Values.sidecars }} {{- range .Values.sidecars }}
{{- toYaml . | nindent 8 }} {{- $overwrites := dict "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) }}
{{- if or $.Values.sidecarVolumeMount $.Values.sidecarHostVolumeMounts }} {{- $defaults := dict "image" (include "prometheus-node-exporter.image" $) "securityContext" $.Values.containerSecurityContext "imagePullPolicy" $.Values.image.pullPolicy }}
volumeMounts: - {{- toYaml (merge $overwrites . $defaults) | nindent 10 }}
{{- range $_, $mount := $.Values.sidecarVolumeMount }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- end }}
{{- range $_, $mount := $.Values.sidecarHostVolumeMounts }}
- name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }}
readOnly: {{ $mount.readOnly }}
{{- if $mount.mountPropagation }}
mountPropagation: {{ $mount.mountPropagation }}
{{- end }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.kubeRBACProxy.enabled }} {{- if .Values.kubeRBACProxy.enabled }}
- name: kube-rbac-proxy - name: kube-rbac-proxy
@ -187,7 +188,7 @@ spec:
{{- end }} {{- end }}
- --secure-listen-address=:{{ .Values.service.port}} - --secure-listen-address=:{{ .Values.service.port}}
- --upstream=http://127.0.0.1:{{ $servicePort }}/ - --upstream=http://127.0.0.1:{{ $servicePort }}/
- --proxy-endpoints-port=8888 - --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort }}
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml - --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
volumeMounts: volumeMounts:
- name: kube-rbac-proxy-config - name: kube-rbac-proxy-config
@ -200,19 +201,38 @@ spec:
{{- end }} {{- end }}
ports: ports:
- containerPort: {{ .Values.service.port}} - containerPort: {{ .Values.service.port}}
name: "http" name: {{ .Values.kubeRBACProxy.portName }}
- containerPort: 8888 {{- if .Values.kubeRBACProxy.enableHostPort }}
hostPort: {{ .Values.service.port }}
{{- end }}
- containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
{{- if .Values.kubeRBACProxy.enableProxyEndpointsHostPort }}
hostPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
{{- end }}
name: "http-healthz" name: "http-healthz"
readinessProbe: readinessProbe:
httpGet: httpGet:
scheme: HTTPS scheme: HTTPS
port: 8888 port: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
path: healthz path: healthz
initialDelaySeconds: 5 initialDelaySeconds: 5
timeoutSeconds: 5 timeoutSeconds: 5
{{- if .Values.kubeRBACProxy.resources }} {{- if .Values.kubeRBACProxy.resources }}
resources: resources:
{{ toYaml .Values.kubeRBACProxy.resources | nindent 12 }} {{- toYaml .Values.kubeRBACProxy.resources | nindent 12 }}
{{- end }}
{{- if .Values.terminationMessageParams.enabled }}
{{- with .Values.terminationMessageParams }}
terminationMessagePath: {{ .terminationMessagePath }}
terminationMessagePolicy: {{ .terminationMessagePolicy }}
{{- end }}
{{- end }}
{{- with .Values.kubeRBACProxy.env }}
env:
{{- range $key, $value := $.Values.kubeRBACProxy.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.kubeRBACProxy.containerSecurityContext }} {{- if .Values.kubeRBACProxy.containerSecurityContext }}
securityContext: securityContext:
@ -237,6 +257,9 @@ spec:
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.restartPolicy }}
restartPolicy: {{ . }}
{{- end }}
{{- with .Values.tolerations }} {{- with .Values.tolerations }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -257,6 +280,9 @@ spec:
- name: {{ $mount.name }} - name: {{ $mount.name }}
hostPath: hostPath:
path: {{ $mount.hostPath }} path: {{ $mount.hostPath }}
{{- with $mount.type }}
type: {{ . }}
{{- end }}
{{- end }} {{- end }}
{{- range $_, $mount := .Values.sidecarVolumeMount }} {{- range $_, $mount := .Values.sidecarVolumeMount }}
- name: {{ $mount.name }} - name: {{ $mount.name }}

67
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml
View File

@ -39,14 +39,17 @@ global:
# The requests are served through the same service but requests are HTTPS. # The requests are served through the same service but requests are HTTPS.
kubeRBACProxy: kubeRBACProxy:
enabled: false enabled: false
## Set environment variables as name/value pairs
env: {}
# VARIABLE: value
image: image:
registry: quay.io registry: quay.io
repository: brancz/kube-rbac-proxy repository: brancz/kube-rbac-proxy
tag: v0.15.0 tag: v0.16.0
sha: "" sha: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# List of additional cli arguments to configure kube-rbac-prxy # List of additional cli arguments to configure kube-rbac-proxy
# for example: --tls-cipher-suites, --log-file, etc. # for example: --tls-cipher-suites, --log-file, etc.
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
extraArgs: [] extraArgs: []
@ -56,6 +59,19 @@ kubeRBACProxy:
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {} containerSecurityContext: {}
# Specify the port used for the Node exporter container (upstream port)
port: 8100
# Specify the name of the container port
portName: http
# Configure a hostPort. If true, hostPort will be enabled in the container and set to service.port.
enableHostPort: false
# Configure Proxy Endpoints Port
# This is the port being probed for readiness
proxyEndpointsPort: 8888
# Configure a hostPort. If true, hostPort will be enabled in the container and set to proxyEndpointsPort.
enableProxyEndpointsHostPort: false
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little
@ -259,6 +275,10 @@ resources: {}
# cpu: 100m # cpu: 100m
# memory: 30Mi # memory: 30Mi
# Specify the container restart policy passed to the Node Export container
# Possible Values: Always (default)|OnFailure|Never
restartPolicy: null
serviceAccount: serviceAccount:
# Specifies whether a ServiceAccount should be created # Specifies whether a ServiceAccount should be created
create: true create: true
@ -310,6 +330,16 @@ hostRootFsMount:
# https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
mountPropagation: HostToContainer mountPropagation: HostToContainer
# Mount the node's proc file system (/proc) at /host/proc in the container
hostProcFsMount:
# Possible values are None, HostToContainer, and Bidirectional
mountPropagation: ""
# Mount the node's sys file system (/sys) at /host/sys in the container
hostSysFsMount:
# Possible values are None, HostToContainer, and Bidirectional
mountPropagation: ""
## Assign a group of affinity scheduling rules ## Assign a group of affinity scheduling rules
## ##
affinity: {} affinity: {}
@ -354,10 +384,23 @@ nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
# kubernetes.io/arch: amd64 # kubernetes.io/arch: amd64
# Specify grace period for graceful termination of pods. Defaults to 30 if null or not specified
terminationGracePeriodSeconds: null
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
# Enable or disable container termination message settings
# https://kubernetes.io/docs/tasks/debug/debug-application/determine-reason-pod-failure/
terminationMessageParams:
enabled: false
# If enabled, specify the path for termination messages
terminationMessagePath: /dev/termination-log
# If enabled, specify the policy for termination messages
terminationMessagePolicy: File
## Assign a PriorityClassName to pods if set ## Assign a PriorityClassName to pods if set
# priorityClassName: "" # priorityClassName: ""
@ -372,6 +415,8 @@ extraArgs: []
extraHostVolumeMounts: [] extraHostVolumeMounts: []
# - name: <mountName> # - name: <mountName>
# hostPath: <hostPath> # hostPath: <hostPath>
# https://kubernetes.io/docs/concepts/storage/volumes/#hostpath-volume-types
# type: "" (Default)|DirectoryOrCreate|Directory|FileOrCreate|File|Socket|CharDevice|BlockDevice
# mountPath: <mountPath> # mountPath: <mountPath>
# readOnly: true|false # readOnly: true|false
# mountPropagation: None|HostToContainer|Bidirectional # mountPropagation: None|HostToContainer|Bidirectional
@ -388,18 +433,21 @@ secrets: []
## ##
namespaceOverride: "" namespaceOverride: ""
## Additional containers for export metrics to text file ## Additional containers for export metrics to text file; fields image,imagePullPolicy,securityContext take default value from main container
## ##
sidecars: [] sidecars: []
## - name: nvidia-dcgm-exporter # - name: nvidia-dcgm-exporter
## image: nvidia/dcgm-exporter:1.4.3 # image: nvidia/dcgm-exporter:1.4.3
# volumeMounts:
# - name: tmp
# mountPath: /tmp
## Volume for sidecar containers ## Volume for sidecar containers
## ##
sidecarVolumeMount: [] sidecarVolumeMount: []
## - name: collector-textfiles # - name: collector-textfiles
## mountPath: /run/prometheus # mountPath: /run/prometheus
## readOnly: false # readOnly: false
## Additional mounts from the host to sidecar containers ## Additional mounts from the host to sidecar containers
## ##
@ -478,3 +526,6 @@ extraManifests: []
# name: prometheus-extra # name: prometheus-extra
# data: # data:
# extra-data: "value" # extra-data: "value"
# Override version of app, required if image.tag is defined and does not follow semver
version: ""

4
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 0.22.0 appVersion: 0.25.1
description: A Helm chart for prometheus windows-exporter description: A Helm chart for prometheus windows-exporter
home: https://github.com/prometheus-community/windows_exporter/ home: https://github.com/prometheus-community/windows_exporter/
keywords: keywords:
@ -14,4 +14,4 @@ name: prometheus-windows-exporter
sources: sources:
- https://github.com/prometheus-community/windows_exporter/ - https://github.com/prometheus-community/windows_exporter/
type: application type: application
version: 0.1.2 version: 0.3.1

2
charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/templates/daemonset.yaml
View File

@ -49,7 +49,7 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
args: args:
- --config.file=%CONTAINER_SANDBOX_MOUNT_POINT%/config.yml - --config.file=%CONTAINER_SANDBOX_MOUNT_POINT%/config.yml
- --collector.textfile.directory=%CONTAINER_SANDBOX_MOUNT_POINT% - --collector.textfile.directories=%CONTAINER_SANDBOX_MOUNT_POINT%
- --web.listen-address=:{{ .Values.service.port }} - --web.listen-address=:{{ .Values.service.port }}
{{- with .Values.extraArgs }} {{- with .Values.extraArgs }}
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}

38
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/_helpers.tpl
View File

@ -24,10 +24,15 @@ The longest name that gets created adds and extra 37 characters, so truncation s
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* Fullname suffixed with operator */}} {{/* Fullname suffixed with -operator */}}
{{/* Adding 9 to 26 truncation of kube-prometheus-stack.fullname */}}
{{- define "kube-prometheus-stack.operator.fullname" -}} {{- define "kube-prometheus-stack.operator.fullname" -}}
{{- if .Values.prometheusOperator.fullnameOverride -}}
{{- .Values.prometheusOperator.fullnameOverride | trunc 35 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}} {{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}}
{{- end }} {{- end }}
{{- end }}
{{/* Prometheus custom resource instance name */}} {{/* Prometheus custom resource instance name */}}
{{- define "kube-prometheus-stack.prometheus.crname" -}} {{- define "kube-prometheus-stack.prometheus.crname" -}}
@ -91,6 +96,15 @@ heritage: {{ $.Release.Service | quote }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/* Create the name of kube-prometheus-stack service account to use */}}
{{- define "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" -}}
{{- if .Values.prometheusOperator.serviceAccount.create -}}
{{ default (printf "%s-webhook" (include "kube-prometheus-stack.operator.fullname" .)) .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/* Create the name of prometheus service account to use */}} {{/* Create the name of prometheus service account to use */}}
{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}} {{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
{{- if .Values.prometheus.serviceAccount.create -}} {{- if .Values.prometheus.serviceAccount.create -}}
@ -140,6 +154,17 @@ Use the grafana namespace override for multi-namespace deployments in combined c
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Allow kube-state-metrics job name to be overridden
*/}}
{{- define "kube-prometheus-stack-kube-state-metrics.name" -}}
{{- if index .Values "kube-state-metrics" "nameOverride" -}}
{{- index .Values "kube-state-metrics" "nameOverride" -}}
{{- else -}}
{{- print "kube-state-metrics" -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Use the kube-state-metrics namespace override for multi-namespace deployments in combined charts Use the kube-state-metrics namespace override for multi-namespace deployments in combined charts
*/}} */}}
@ -277,3 +302,14 @@ global:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{- define "kube-prometheus-stack.operator.admission-webhook.dnsNames" }}
{{- $fullname := include "kube-prometheus-stack.operator.fullname" . }}
{{- $namespace := include "kube-prometheus-stack.namespace" . }}
{{- $fullname }}
{{ $fullname }}.{{ $namespace }}.svc
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
{{ $fullname }}-webhook
{{ $fullname }}-webhook.{{ $namespace }}.svc
{{- end }}
{{- end }}

1
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml
View File

@ -31,6 +31,7 @@ spec:
replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }}
listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.alertmanager.alertmanagerSpec.automountServiceAccountToken }}
{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} {{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}"
{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} {{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml
View File

@ -14,7 +14,7 @@ metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.alertmanager.ingress.annotations }} {{- if .Values.alertmanager.ingress.annotations }}
annotations: annotations:
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} {{- tpl (toYaml .Values.alertmanager.ingress.annotations) . | nindent 4 }}
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
@ -31,7 +31,7 @@ spec:
rules: rules:
{{- if .Values.alertmanager.ingress.hosts }} {{- if .Values.alertmanager.ingress.hosts }}
{{- range $host := .Values.alertmanager.ingress.hosts }} {{- range $host := .Values.alertmanager.ingress.hosts }}
- host: {{ tpl $host $ }} - host: {{ tpl $host $ | quote }}
http: http:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml
View File

@ -25,7 +25,7 @@ items:
{{- end }} {{- end }}
{{- if $ingressValues.annotations }} {{- if $ingressValues.annotations }}
annotations: annotations:
{{ toYaml $ingressValues.annotations | indent 8 }} {{- tpl (toYaml $ingressValues.annotations) $ | nindent 8 }}
{{- end }} {{- end }}
spec: spec:
{{- if $apiIsStable }} {{- if $apiIsStable }}

5
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/service.yaml
View File

@ -58,6 +58,11 @@ spec:
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }} alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
{{- if .Values.alertmanager.service.sessionAffinity }} {{- if .Values.alertmanager.service.sessionAffinity }}
sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }} sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }}
{{- end }}
{{- if eq .Values.alertmanager.service.sessionAffinity "ClientIP" }}
sessionAffinityConfig:
clientIP:
timeoutSeconds: {{ .Values.alertmanager.service.sessionAffinityConfig.clientIP.timeoutSeconds }}
{{- end }} {{- end }}
type: "{{ .Values.alertmanager.service.type }}" type: "{{ .Values.alertmanager.service.type }}"
{{- end }} {{- end }}

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml
View File

@ -52,7 +52,12 @@ spec:
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }} {{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}} proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
{{- end }} {{- end }}
scheme: http {{- if .Values.alertmanager.serviceMonitor.scheme }}
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
path: "/metrics" path: "/metrics"
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }} metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml
View File

@ -1,4 +1,4 @@
{{- if and .Values.coreDns.enabled .Values.kubernetesServiceMonitors.enabled }} {{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled .Values.kubernetesServiceMonitors.enabled }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -11,7 +11,7 @@ metadata:
spec: spec:
clusterIP: None clusterIP: None
ports: ports:
- name: http-metrics - name: {{ .Values.coreDns.serviceMonitor.port }}
port: {{ .Values.coreDns.service.port }} port: {{ .Values.coreDns.service.port }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.coreDns.service.targetPort }} targetPort: {{ .Values.coreDns.service.targetPort }}

14
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml
View File

@ -1,9 +1,13 @@
{{- if and .Values.coreDns.enabled .Values.kubernetesServiceMonitors.enabled }} {{- if and .Values.coreDns.enabled .Values.coreDns.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: kube-system
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-coredns app: {{ template "kube-prometheus-stack.name" . }}-coredns
{{- with .Values.coreDns.serviceMonitor.additionalLabels }} {{- with .Values.coreDns.serviceMonitor.additionalLabels }}
@ -11,17 +15,21 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
jobLabel: jobLabel jobLabel: {{ .Values.coreDns.serviceMonitor.jobLabel }}
{{- include "servicemonitor.scrapeLimits" .Values.coreDns.serviceMonitor | nindent 2 }} {{- include "servicemonitor.scrapeLimits" .Values.coreDns.serviceMonitor | nindent 2 }}
selector: selector:
{{- if .Values.coreDns.serviceMonitor.selector }}
{{ tpl (toYaml .Values.coreDns.serviceMonitor.selector | nindent 4) . }}
{{- else }}
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-coredns app: {{ template "kube-prometheus-stack.name" . }}-coredns
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "kube-system" - "kube-system"
endpoints: endpoints:
- port: http-metrics - port: {{ .Values.coreDns.serviceMonitor.port }}
{{- if .Values.coreDns.serviceMonitor.interval}} {{- if .Values.coreDns.serviceMonitor.interval}}
interval: {{ .Values.coreDns.serviceMonitor.interval }} interval: {{ .Values.coreDns.serviceMonitor.interval }}
{{- end }} {{- end }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: default
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-apiserver app: {{ template "kube-prometheus-stack.name" . }}-apiserver
{{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }} {{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml
View File

@ -14,7 +14,7 @@ subsets:
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: http-metrics - name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }} {{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
{{- $kubeControllerManagerDefaultSecurePort := 10257 }} {{- $kubeControllerManagerDefaultSecurePort := 10257 }}
port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
clusterIP: None clusterIP: None
ports: ports:
- name: http-metrics - name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }} {{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
{{- $kubeControllerManagerDefaultSecurePort := 10257 }} {{- $kubeControllerManagerDefaultSecurePort := 10257 }}
port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}

12
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: kube-system
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
{{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }} {{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }}
@ -11,17 +15,21 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
jobLabel: jobLabel jobLabel: {{ .Values.kubeControllerManager.serviceMonitor.jobLabel }}
{{- include "servicemonitor.scrapeLimits" .Values.kubeControllerManager.serviceMonitor | nindent 2 }} {{- include "servicemonitor.scrapeLimits" .Values.kubeControllerManager.serviceMonitor | nindent 2 }}
selector: selector:
{{- if .Values.kubeControllerManager.serviceMonitor.selector }}
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.selector | nindent 4) . }}
{{- else }}
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "kube-system" - "kube-system"
endpoints: endpoints:
- port: http-metrics - port: {{ .Values.kubeControllerManager.serviceMonitor.port }}
{{- if .Values.kubeControllerManager.serviceMonitor.interval }} {{- if .Values.kubeControllerManager.serviceMonitor.interval }}
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
{{- end }} {{- end }}

10
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: kube-system
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
{{- with .Values.kubeDns.serviceMonitor.additionalLabels }} {{- with .Values.kubeDns.serviceMonitor.additionalLabels }}
@ -11,12 +15,16 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
jobLabel: jobLabel jobLabel: {{ .Values.kubeDns.serviceMonitor.jobLabel }}
{{- include "servicemonitor.scrapeLimits" .Values.kubeDns.serviceMonitor | nindent 2 }} {{- include "servicemonitor.scrapeLimits" .Values.kubeDns.serviceMonitor | nindent 2 }}
selector: selector:
{{- if .Values.kubeDns.serviceMonitor.selector }}
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.selector | nindent 4) . }}
{{- else }}
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "kube-system" - "kube-system"

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml
View File

@ -14,7 +14,7 @@ subsets:
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: http-metrics - name: {{ .Values.kubeEtcd.serviceMonitor.port }}
port: {{ .Values.kubeEtcd.service.port }} port: {{ .Values.kubeEtcd.service.port }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
clusterIP: None clusterIP: None
ports: ports:
- name: http-metrics - name: {{ .Values.kubeEtcd.serviceMonitor.port }}
port: {{ .Values.kubeEtcd.service.port }} port: {{ .Values.kubeEtcd.service.port }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.kubeEtcd.service.targetPort }} targetPort: {{ .Values.kubeEtcd.service.targetPort }}

12
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: kube-system
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
{{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }} {{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }}
@ -11,17 +15,21 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
jobLabel: jobLabel jobLabel: {{ .Values.kubeEtcd.serviceMonitor.jobLabel }}
{{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 4 }} {{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 4 }}
selector: selector:
{{- if .Values.kubeEtcd.serviceMonitor.selector }}
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.selector | nindent 4) . }}
{{- else }}
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "kube-system" - "kube-system"
endpoints: endpoints:
- port: http-metrics - port: {{ .Values.kubeEtcd.serviceMonitor.port }}
{{- if .Values.kubeEtcd.serviceMonitor.interval }} {{- if .Values.kubeEtcd.serviceMonitor.interval }}
interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
{{- end }} {{- end }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml
View File

@ -14,7 +14,7 @@ subsets:
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: http-metrics - name: {{ .Values.kubeProxy.serviceMonitor.port }}
port: {{ .Values.kubeProxy.service.port }} port: {{ .Values.kubeProxy.service.port }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
clusterIP: None clusterIP: None
ports: ports:
- name: http-metrics - name: {{ .Values.kubeProxy.serviceMonitor.port }}
port: {{ .Values.kubeProxy.service.port }} port: {{ .Values.kubeProxy.service.port }}
protocol: TCP protocol: TCP
targetPort: {{ .Values.kubeProxy.service.targetPort }} targetPort: {{ .Values.kubeProxy.service.targetPort }}

12
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: kube-system
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
{{- with .Values.kubeProxy.serviceMonitor.additionalLabels }} {{- with .Values.kubeProxy.serviceMonitor.additionalLabels }}
@ -11,17 +15,21 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
jobLabel: jobLabel jobLabel: {{ .Values.kubeProxy.serviceMonitor.jobLabel }}
{{- include "servicemonitor.scrapeLimits" .Values.kubeProxy.serviceMonitor | nindent 2 }} {{- include "servicemonitor.scrapeLimits" .Values.kubeProxy.serviceMonitor | nindent 2 }}
selector: selector:
{{- if .Values.kubeProxy.serviceMonitor.selector }}
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.selector | nindent 4) . }}
{{- else }}
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "kube-system" - "kube-system"
endpoints: endpoints:
- port: http-metrics - port: {{ .Values.kubeProxy.serviceMonitor.port }}
{{- if .Values.kubeProxy.serviceMonitor.interval }} {{- if .Values.kubeProxy.serviceMonitor.interval }}
interval: {{ .Values.kubeProxy.serviceMonitor.interval }} interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
{{- end }} {{- end }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml
View File

@ -14,7 +14,7 @@ subsets:
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: http-metrics - name: {{ .Values.kubeScheduler.serviceMonitor.port }}
{{- $kubeSchedulerDefaultInsecurePort := 10251 }} {{- $kubeSchedulerDefaultInsecurePort := 10251 }}
{{- $kubeSchedulerDefaultSecurePort := 10259 }} {{- $kubeSchedulerDefaultSecurePort := 10259 }}
port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
clusterIP: None clusterIP: None
ports: ports:
- name: http-metrics - name: {{ .Values.kubeScheduler.serviceMonitor.port }}
{{- $kubeSchedulerDefaultInsecurePort := 10251 }} {{- $kubeSchedulerDefaultInsecurePort := 10251 }}
{{- $kubeSchedulerDefaultSecurePort := 10259 }} {{- $kubeSchedulerDefaultSecurePort := 10259 }}
port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}

12
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: kube-system
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
{{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }} {{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }}
@ -11,17 +15,21 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
jobLabel: jobLabel jobLabel: {{ .Values.kubeScheduler.serviceMonitor.jobLabel }}
{{- include "servicemonitor.scrapeLimits" .Values.kubeScheduler.serviceMonitor | nindent 2 }} {{- include "servicemonitor.scrapeLimits" .Values.kubeScheduler.serviceMonitor | nindent 2 }}
selector: selector:
{{- if .Values.kubeScheduler.serviceMonitor.selector }}
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.selector | nindent 4) . }}
{{- else }}
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- end }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "kube-system" - "kube-system"
endpoints: endpoints:
- port: http-metrics - port: {{ .Values.kubeScheduler.serviceMonitor.port }}
{{- if .Values.kubeScheduler.serviceMonitor.interval }} {{- if .Values.kubeScheduler.serviceMonitor.interval }}
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
{{- end }} {{- end }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml
View File

@ -3,7 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
namespace: {{ .Values.kubelet.namespace }}
{{- else }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-kubelet app: {{ template "kube-prometheus-stack.name" . }}-kubelet
{{- with .Values.kubelet.serviceMonitor.additionalLabels }} {{- with .Values.kubelet.serviceMonitor.additionalLabels }}

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/_prometheus-operator.tpl Normal file
View File

@ -0,0 +1,7 @@
{{/* Generate basic labels for prometheus-operator */}}
{{- define "kube-prometheus-stack.prometheus-operator.labels" }}
{{- include "kube-prometheus-stack.labels" . }}
app: {{ template "kube-prometheus-stack.name" . }}-operator
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
app.kubernetes.io/component: prometheus-operator
{{- end }}

6
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/_prometheus-operator-webhook.tpl Normal file
View File

@ -0,0 +1,6 @@
{{/* Generate basic labels for prometheus-operator-webhook */}}
{{- define "kube-prometheus-stack.prometheus-operator-webhook.labels" }}
{{- include "kube-prometheus-stack.labels" . }}
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
app.kubernetes.io/component: prometheus-operator-webhook
{{- end }}

143
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/deployment.yaml Normal file
View File

@ -0,0 +1,143 @@
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.labels }}
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.labels | indent 4 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.annotations }}
annotations:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.annotations | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.prometheusOperator.admissionWebhooks.deployment.replicas }}
revisionHistoryLimit: {{ .Values.prometheusOperator.admissionWebhooks.deployment.revisionHistoryLimit }}
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
release: {{ $.Release.Name | quote }}
template:
metadata:
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 8 }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podLabels }}
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podLabels | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations }}
annotations:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
{{- end }}
containers:
- name: prometheus-operator-admission-webhook
{{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.deployment.image.registry -}}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}"
{{- else }}
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}"
{{- end }}
imagePullPolicy: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.pullPolicy }}"
args:
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
- --log-format={{ .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
- --log-level={{ .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
- "--web.enable-tls=true"
- "--web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}"
- "--web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}"
- "--web.listen-address=:{{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}"
- "--web.tls-min-version={{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.tlsMinVersion }}"
ports:
- containerPort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}
name: https
{{- else }}
ports:
- containerPort: 8080
name: http
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.failureThreshold }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.failureThreshold }}
{{- end }}
resources:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.resources | indent 12 }}
securityContext:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.containerSecurityContext | indent 12 }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
volumeMounts:
- name: tls-secret
mountPath: /cert
readOnly: true
volumes:
- name: tls-secret
secret:
defaultMode: 420
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.dnsConfig }}
dnsConfig:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.securityContext }}
securityContext:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.securityContext | indent 8 }}
{{- end }}
serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}-webhook
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.automountServiceAccountToken }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}

15
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/pdb.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget -}}
apiVersion: policy/v1{{ ternary "" "beta1" ($.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") }}
kind: PodDisruptionBudget
metadata:
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
release: {{ $.Release.Name | quote }}
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget | indent 2 }}
{{- end }}

58
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/service.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.labels }}
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.labels | indent 4 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations }}
annotations:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
clusterIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs }}
externalIPs:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- if ne .Values.prometheusOperator.admissionWebhooks.deployment.service.type "ClusterIP" }}
externalTrafficPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.externalTrafficPolicy }}
{{- end }}
ports:
{{- if not .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
- name: http
{{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort" }}
nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePort }}
{{- end }}
port: 8080
targetPort: http
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
- name: https
{{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort"}}
nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePortTls }}
{{- end }}
port: 443
targetPort: https
{{- end }}
selector:
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
release: {{ $.Release.Name | quote }}
type: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.service.type }}"
{{- end }}

15
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/deployment/serviceaccount.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | indent 4 }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
{{- end }}
{{- end }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml
View File

@ -15,7 +15,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec: spec:
endpointSelector: endpointSelector:
matchLabels: matchLabels:
@ -23,7 +23,7 @@ spec:
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
{{- else }} {{- else }}
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
{{- end }} {{- end }}
egress: egress:
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }} {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}

5
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml
View File

@ -15,7 +15,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec: spec:
endpointSelector: endpointSelector:
matchLabels: matchLabels:
@ -23,7 +23,7 @@ spec:
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
{{- else }} {{- else }}
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
{{- end }} {{- end }}
egress: egress:
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }} {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
@ -34,4 +34,3 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml
View File

@ -8,7 +8,7 @@ metadata:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- admissionregistration.k8s.io - admissionregistration.k8s.io

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml
View File

@ -8,7 +8,7 @@ metadata:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole

6
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
View File

@ -12,7 +12,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec: spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12 # Alpha feature since k8s 1.12
@ -27,7 +27,7 @@ spec:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | indent 8 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }}
spec: spec:
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
@ -43,7 +43,7 @@ spec:
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
args: args:
- create - create
- --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc - --host={{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | replace "\n" "," }}
- --namespace={{ template "kube-prometheus-stack.namespace" . }} - --namespace={{ template "kube-prometheus-stack.namespace" . }}
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
{{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }} {{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml
View File

@ -12,7 +12,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec: spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12 # Alpha feature since k8s 1.12
@ -27,7 +27,7 @@ spec:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | indent 8 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }}
spec: spec:
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml
View File

@ -15,7 +15,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
@ -23,7 +23,7 @@ spec:
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
{{- else }} {{- else }}
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
{{- end }} {{- end }}
egress: egress:
- {} - {}

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml
View File

@ -15,7 +15,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
@ -23,7 +23,7 @@ spec:
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
{{- else }} {{- else }}
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
{{- end }} {{- end }}
egress: egress:
- {} - {}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml
View File

@ -11,7 +11,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-admission app: {{ template "kube-prometheus-stack.name" . }}-admission
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
spec: spec:
privileged: false privileged: false
# Allow core volume types. # Allow core volume types.

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml
View File

@ -9,7 +9,7 @@ metadata:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml
View File

@ -9,7 +9,7 @@ metadata:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml
View File

@ -9,7 +9,7 @@ metadata:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
{{- if .Values.global.imagePullSecrets }} {{- if .Values.global.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}

14
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml
View File

@ -10,7 +10,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
webhooks: webhooks:
- name: prometheusrulemutate.monitoring.coreos.com - name: prometheusrulemutate.monitoring.coreos.com
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
@ -35,7 +35,7 @@ webhooks:
clientConfig: clientConfig:
service: service:
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.operator.fullname" $ }} name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
path: /admission-prometheusrules/mutate path: /admission-prometheusrules/mutate
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
@ -43,9 +43,16 @@ webhooks:
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
admissionReviewVersions: ["v1", "v1beta1"] admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None sideEffects: None
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }} {{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
namespaceSelector: namespaceSelector:
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
matchExpressions: matchExpressions:
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.prometheusOperator.denyNamespaces }} {{- if .Values.prometheusOperator.denyNamespaces }}
- key: kubernetes.io/metadata.name - key: kubernetes.io/metadata.name
operator: NotIn operator: NotIn
@ -66,4 +73,5 @@ webhooks:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}

14
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml
View File

@ -10,7 +10,7 @@ metadata:
{{- end }} {{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
webhooks: webhooks:
- name: prometheusrulemutate.monitoring.coreos.com - name: prometheusrulemutate.monitoring.coreos.com
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }} {{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
@ -35,7 +35,7 @@ webhooks:
clientConfig: clientConfig:
service: service:
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.operator.fullname" $ }} name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
path: /admission-prometheusrules/validate path: /admission-prometheusrules/validate
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
@ -43,9 +43,16 @@ webhooks:
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
admissionReviewVersions: ["v1", "v1beta1"] admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None sideEffects: None
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }} {{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
namespaceSelector: namespaceSelector:
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
matchExpressions: matchExpressions:
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.denyNamespaces }} {{- if .Values.prometheusOperator.denyNamespaces }}
- key: kubernetes.io/metadata.name - key: kubernetes.io/metadata.name
operator: NotIn operator: NotIn
@ -66,4 +73,5 @@ webhooks:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}

6
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml
View File

@ -8,8 +8,7 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
rules: rules:
- apiGroups: ["monitoring.coreos.com"] - apiGroups: ["monitoring.coreos.com"]
resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"] resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"]
@ -22,8 +21,7 @@ metadata:
labels: labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
rules: rules:
- apiGroups: ["monitoring.coreos.com"] - apiGroups: ["monitoring.coreos.com"]
resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"] resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"]

4
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
View File

@ -51,7 +51,5 @@ spec:
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
{{- end }} {{- end }}
dnsNames: dnsNames:
- {{ template "kube-prometheus-stack.operator.fullname" . }} {{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | splitList "\n" | toYaml | nindent 4 }}
- {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
- {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
{{- end -}} {{- end -}}

9
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/ciliumnetworkpolicy.yaml
View File

@ -2,19 +2,18 @@
apiVersion: cilium.io/v2 apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy kind: CiliumNetworkPolicy
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
spec: spec:
endpointSelector: endpointSelector:
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }} {{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }} {{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
{{- else }} {{- else }}
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }} {{- include "kube-prometheus-stack.prometheus-operator.labels" $ | nindent 6 }}
{{- end }} {{- end }}
egress: egress:
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }} {{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}

12
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml
View File

@ -2,10 +2,9 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- monitoring.coreos.com - monitoring.coreos.com
@ -76,6 +75,13 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- ""
resources:
- events
verbs:
- patch
- create
- apiGroups: - apiGroups:
- networking.k8s.io - networking.k8s.io
resources: resources:

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml
View File

@ -2,14 +2,13 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}

30
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml
View File

@ -4,11 +4,10 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheusOperator.labels }} {{- if .Values.prometheusOperator.labels }}
{{ toYaml .Values.prometheusOperator.labels | indent 4 }} {{ toYaml .Values.prometheusOperator.labels | indent 4 }}
{{- end }} {{- end }}
@ -23,11 +22,14 @@ spec:
matchLabels: matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-operator app: {{ template "kube-prometheus-stack.name" . }}-operator
release: {{ $.Release.Name | quote }} release: {{ $.Release.Name | quote }}
{{- with .Values.prometheusOperator.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template: template:
metadata: metadata:
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 8 }}
{{ include "kube-prometheus-stack.labels" . | indent 8 }}
{{- if .Values.prometheusOperator.podLabels }} {{- if .Values.prometheusOperator.podLabels }}
{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} {{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
{{- end }} {{- end }}
@ -144,21 +146,34 @@ spec:
- containerPort: 8080 - containerPort: 8080
name: http name: http
{{- end }} {{- end }}
env:
{{- range $key, $value := .Values.prometheusOperator.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
resources: resources:
{{ toYaml .Values.prometheusOperator.resources | indent 12 }} {{ toYaml .Values.prometheusOperator.resources | indent 12 }}
securityContext: securityContext:
{{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }} {{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }}
{{- if .Values.prometheusOperator.tls.enabled }}
volumeMounts: volumeMounts:
{{- if .Values.prometheusOperator.tls.enabled }}
- name: tls-secret - name: tls-secret
mountPath: /cert mountPath: /cert
readOnly: true readOnly: true
{{- end }}
{{- with .Values.prometheusOperator.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumes: volumes:
{{- if .Values.prometheusOperator.tls.enabled }}
- name: tls-secret - name: tls-secret
secret: secret:
defaultMode: 420 defaultMode: 420
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }} {{- end }}
{{- with .Values.prometheusOperator.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.dnsConfig }} {{- with .Values.prometheusOperator.dnsConfig }}
dnsConfig: dnsConfig:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}
@ -168,6 +183,7 @@ spec:
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} {{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.prometheusOperator.automountServiceAccountToken }}
{{- if .Values.prometheusOperator.hostNetwork }} {{- if .Values.prometheusOperator.hostNetwork }}
hostNetwork: true hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet

5
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml
View File

@ -2,11 +2,10 @@
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }} apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
spec: spec:
egress: egress:
- {} - {}

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml
View File

@ -3,10 +3,9 @@
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp name: {{ template "kube-prometheus-stack.operator.fullname" . }}-psp
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules: rules:
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} {{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
@ -17,6 +16,6 @@ rules:
resources: ['podsecuritypolicies'] resources: ['podsecuritypolicies']
verbs: ['use'] verbs: ['use']
resourceNames: resourceNames:
- {{ template "kube-prometheus-stack.fullname" . }}-operator - {{ template "kube-prometheus-stack.operator.fullname" . }}
{{- end }} {{- end }}
{{- end }} {{- end }}

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml
View File

@ -3,14 +3,13 @@
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp name: {{ template "kube-prometheus-stack.operator.fullname" . }}-psp
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp name: {{ template "kube-prometheus-stack.operator.fullname" . }}-psp
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}

5
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml
View File

@ -3,14 +3,13 @@
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{- if .Values.global.rbac.pspAnnotations }} {{- if .Values.global.rbac.pspAnnotations }}
annotations: annotations:
{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} {{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
privileged: false privileged: false
# Allow core volume types. # Allow core volume types.

5
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml
View File

@ -2,11 +2,10 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheusOperator.service.labels }} {{- if .Values.prometheusOperator.service.labels }}
{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }} {{ toYaml .Values.prometheusOperator.service.labels | indent 4 }}
{{- end }} {{- end }}

6
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml
View File

@ -5,10 +5,8 @@ metadata:
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator automountServiceAccountToken: {{ .Values.prometheusOperator.serviceAccount.automountServiceAccountToken }}
app.kubernetes.io/component: prometheus-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.global.imagePullSecrets }} {{- if .Values.global.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} {{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}

5
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml
View File

@ -2,11 +2,10 @@
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- with .Values.prometheusOperator.serviceMonitor.additionalLabels }} {{- with .Values.prometheusOperator.serviceMonitor.additionalLabels }}
{{ toYaml . | indent 4 }} {{ toYaml . | indent 4 }}
{{- end }} {{- end }}

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml
View File

@ -2,11 +2,10 @@
apiVersion: autoscaling.k8s.io/v1 apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler kind: VerticalPodAutoscaler
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
{{- with .Values.prometheusOperator.verticalPodAutoscaler.recommenders }} {{- with .Values.prometheusOperator.verticalPodAutoscaler.recommenders }}
recommenders: recommenders:
@ -33,7 +32,7 @@ spec:
targetRef: targetRef:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
name: {{ template "kube-prometheus-stack.fullname" . }}-operator name: {{ template "kube-prometheus-stack.operator.fullname" . }}
{{- with .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }} {{- with .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }}
updatePolicy: updatePolicy:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}

14
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl
View File

@ -8,13 +8,13 @@ rules:
- "config-reloaders" - "config-reloaders"
- "etcd" - "etcd"
- "general.rules" - "general.rules"
- "k8s.rules.container_cpu_usage_seconds_total" - "k8s.rules.container-cpu-usage-seconds-total"
- "k8s.rules.container_memory_cache" - "k8s.rules.container-memory-cache"
- "k8s.rules.container_memory_rss" - "k8s.rules.container-memory-rss"
- "k8s.rules.container_memory_swap" - "k8s.rules.container-memory-swap"
- "k8s.rules.container_memory_working_set_bytes" - "k8s.rules.container-memory-working-set-bytes"
- "k8s.rules.container_resource" - "k8s.rules.container-resource"
- "k8s.rules.pod_owner" - "k8s.rules.pod-owner"
- "kube-apiserver-availability.rules" - "kube-apiserver-availability.rules"
- "kube-apiserver-burnrate.rules" - "kube-apiserver-burnrate.rules"
- "kube-apiserver-histogram.rules" - "kube-apiserver-histogram.rules"

7
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
View File

@ -24,6 +24,13 @@ rules:
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics", "/metrics/cadvisor"] - nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
verbs: ["get"] verbs: ["get"]
{{/* fix(#3338): add required rules to use node-exporter with the RBAC proxy */}}
{{- if and .Values.nodeExporter.enabled (index .Values "prometheus-node-exporter").kubeRBACProxy.enabled }}
- apiGroups: [ "" ]
resources:
- services/{{ include "prometheus-node-exporter.fullname" (index .Subcharts "prometheus-node-exporter") }}
verbs: [ "get", "list", "watch" ]
{{- end }}
{{- if .Values.prometheus.additionalRulesForClusterRole }} {{- if .Values.prometheus.additionalRulesForClusterRole }}
{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }} {{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
{{- end }} {{- end }}

2
charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml
View File

@ -11,7 +11,7 @@ kind: Ingress
metadata: metadata:
{{- if .Values.prometheus.ingress.annotations }} {{- if .Values.prometheus.ingress.annotations }}
annotations: annotations:
{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }} {{- tpl (toYaml .Values.prometheus.ingress.annotations) . | nindent 4 }}
{{- end }} {{- end }}
name: {{ $serviceName }} name: {{ $serviceName }}
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}

Some files were not shown because too many files have changed in this diff Show More