Prometheus-stack version bump

This commit is contained in:
Stefan Reimer 2021-02-26 22:25:43 +01:00
parent 491057ed65
commit 9531073c36
106 changed files with 1181 additions and 493 deletions

View File

@ -16,11 +16,11 @@ dependencies:
version: ">= 0.1.3" version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/ repository: https://zero-down-time.github.io/kubezero/
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 12.8.0 version: 13.13.0
# Switch back to upstream once all alerts are fixed eg. etcd gpcr # Switch back to upstream once all alerts are fixed eg. etcd gpcr
# repository: https://prometheus-community.github.io/helm-charts # repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-adapter - name: prometheus-adapter
version: 2.10.1 version: 2.12.1
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
condition: prometheus-adapter.enabled condition: prometheus-adapter.enabled
kubeVersion: ">= 1.16.0" kubeVersion: ">= 1.18.0"

View File

@ -6,24 +6,21 @@ annotations:
url: https://github.com/prometheus-operator/kube-prometheus url: https://github.com/prometheus-operator/kube-prometheus
artifacthub.io/operator: "true" artifacthub.io/operator: "true"
apiVersion: v2 apiVersion: v2
appVersion: 0.44.0 appVersion: 0.45.0
dependencies: dependencies:
- condition: kubeStateMetrics.enabled - condition: kubeStateMetrics.enabled
name: kube-state-metrics name: kube-state-metrics
repository: https://charts.helm.sh/stable repository: https://kubernetes.github.io/kube-state-metrics
version: 2.9.* version: 2.13.*
- condition: nodeExporter.enabled - condition: nodeExporter.enabled
name: prometheus-node-exporter name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 1.12.* version: 1.14.*
- condition: grafana.enabled - condition: grafana.enabled
name: grafana name: grafana
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 5.8.* version: 6.4.*
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
and Prometheus rules combined with documentation and scripts to provide easy to
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
Operator.
home: https://github.com/prometheus-operator/kube-prometheus home: https://github.com/prometheus-operator/kube-prometheus
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
keywords: keywords:
@ -47,4 +44,4 @@ sources:
- https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus - https://github.com/prometheus-operator/kube-prometheus
type: application type: application
version: 12.8.0 version: 13.13.0

View File

@ -15,7 +15,6 @@ _Note: This chart was formerly named `prometheus-operator` chart, now renamed to
```console ```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add stable https://charts.helm.sh/stable
helm repo update helm repo update
``` ```
@ -36,7 +35,7 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
By default this chart installs additional, dependent charts: By default this chart installs additional, dependent charts:
- [stable/kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) - [kubernetes/kube-state-metrics](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics)
- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) - [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) - [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
@ -84,6 +83,15 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
### From 12.x to 13.x
Version 12 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
```
### From 11.x to 12.x ### From 11.x to 12.x
The chart was migrated to support only helm v3 and later. The chart was migrated to support only helm v3 and later.
@ -181,6 +189,8 @@ A validating and mutating webhook configuration requires the endpoint to which t
It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true.
### Limitations ### Limitations
Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default.
@ -311,7 +321,7 @@ You can check out the tickets for this change [here](https://github.com/promethe
The chart has added 3 [dependencies](#dependencies). The chart has added 3 [dependencies](#dependencies).
- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components - Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components
- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/helm/charts/tree/master/stable/grafana) - Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md)
#### Kubelet Service #### Kubelet Service

View File

@ -1,5 +1,5 @@
apiVersion: v1 apiVersion: v2
appVersion: 7.2.1 appVersion: 7.4.2
description: The leading tool for querying and visualizing time series and metrics. description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net home: https://grafana.net
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@ -13,7 +13,10 @@ maintainers:
name: maorfr name: maorfr
- email: miroslav.hadzhiev@gmail.com - email: miroslav.hadzhiev@gmail.com
name: Xtigyro name: Xtigyro
- email: mail@torstenwalter.de
name: torstenwalter
name: grafana name: grafana
sources: sources:
- https://github.com/grafana/grafana - https://github.com/grafana/grafana
version: 5.8.16 type: application
version: 6.4.4

View File

@ -16,7 +16,7 @@ _See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install --name my-release grafana/grafana helm install my-release grafana/grafana
``` ```
## Uninstalling the Chart ## Uninstalling the Chart
@ -42,6 +42,10 @@ This version requires Helm >= 2.12.0.
You have to add --force to your helm upgrade command as the labels of the chart have changed. You have to add --force to your helm upgrade command as the labels of the chart have changed.
### To 6.0.0
This version requires Helm >= 3.1.0.
## Configuration ## Configuration
| Parameter | Description | Default | | Parameter | Description | Default |
@ -55,7 +59,7 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | | `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
| `priorityClassName` | Name of Priority Class to assign pods | `nil` | | `priorityClassName` | Name of Priority Class to assign pods | `nil` |
| `image.repository` | Image repository | `grafana/grafana` | | `image.repository` | Image repository | `grafana/grafana` |
| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.0.3` | | `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.2` |
| `image.sha` | Image sha (optional) | `17cbd08b9515fda889ca959e9d72ee6f3327c8f1844a3336dfd952134f38e2fe` | | `image.sha` | Image sha (optional) | `17cbd08b9515fda889ca959e9d72ee6f3327c8f1844a3336dfd952134f38e2fe` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `{}` | | `image.pullSecrets` | Image pull secrets | `{}` |
@ -96,6 +100,8 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | | `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | | `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | | `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` |
| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
| `initChownData.enabled` | If false, don't reset data ownership at startup | true | | `initChownData.enabled` | If false, don't reset data ownership at startup | true |
| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | | `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | | `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
@ -126,8 +132,8 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `podAnnotations` | Pod annotations | `{}` | | `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Pod labels | `{}` | | `podLabels` | Pod labels | `{}` |
| `podPortName` | Name of the grafana port on the pod | `grafana` | | `podPortName` | Name of the grafana port on the pod | `grafana` |
| `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | | `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` |
| `sidecar.image.tag` | Sidecar image tag | `1.1.0` | | `sidecar.image.tag` | Sidecar image tag | `1.10.6` |
| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
| `sidecar.resources` | Sidecar resources | `{}` | | `sidecar.resources` | Sidecar resources | `{}` |
@ -144,14 +150,16 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | | `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | | `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | | `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` |
| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | | `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | | `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | | `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | | `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | | `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | | `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana |`false` | | `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | | `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | | `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | | `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
@ -173,9 +181,9 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | | `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
| `command` | Define command to be executed by grafana container at startup | `nil` | | `command` | Define command to be executed by grafana container at startup | `nil` |
| `testFramework.enabled` | Whether to create test-related resources | `true` | | `testFramework.enabled` | Whether to create test-related resources | `true` |
| `testFramework.image` | `test-framework` image repository. | `bats/bats` | | `testFramework.image` | `test-framework` image repository. | `bats/bats` |
| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | | `testFramework.tag` | `test-framework` image tag. | `v1.1.0` |
| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | | `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
| `testFramework.securityContext` | `test-framework` securityContext | `{}` | | `testFramework.securityContext` | `test-framework` securityContext | `{}` |
| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | | `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | | `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
@ -188,6 +196,8 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | | `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | | `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
| `serviceMonitor.path` | Path to scrape | `/metrics` | | `serviceMonitor.path` | Path to scrape | `/metrics` |
| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | | `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | | `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | | `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
@ -198,6 +208,7 @@ You have to add --force to your helm upgrade command as the labels of the chart
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | | `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | | `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | | `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | | `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | | `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | | `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
@ -311,35 +322,18 @@ If the parameter `sidecar.datasources.enabled` is set, an init container is depl
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
the data sources in grafana can be imported. The secrets must be created before `helm install` so the data sources in grafana can be imported.
that the datasources init container can list the secrets.
Secrets are recommended over configmaps for this usecase because datasources usually contain private Secrets are recommended over configmaps for this usecase because datasources usually contain private
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
```yaml ```yaml
apiVersion: v1 datasources:
kind: Secret datasources.yaml:
metadata: apiVersion: 1
name: sample-grafana-datasource datasources:
labels:
grafana_datasource: "1"
type: Opaque
stringData:
datasource.yaml: |-
# config file version
apiVersion: 1
# list of datasources that should be deleted from the database
deleteDatasources:
- name: Graphite
orgId: 1
# list of datasources to insert/update depending
# whats available in the database
datasources:
# <string, required> name of the datasource. Required # <string, required> name of the datasource. Required
- name: Graphite - name: Graphite
# <string, required> datasource type. Required # <string, required> datasource type. Required
@ -379,7 +373,6 @@ stringData:
version: 1 version: 1
# <bool> allow users to edit datasources from the UI. # <bool> allow users to edit datasources from the UI.
editable: false editable: false
``` ```
## Sidecar for notifiers ## Sidecar for notifiers
@ -485,6 +478,24 @@ Include in the `extraSecretMounts` configuration flag:
readOnly: true readOnly: true
``` ```
### extraSecretMounts using a Container Storage Interface (CSI) provider
This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
```yaml
- extraSecretMounts:
- name: secrets-store-inline
mountPath: /run/secrets
readOnly: true
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "my-provider"
nodePublishSecretRef:
name: akv-creds
```
## Image Renderer Plug-In ## Image Renderer Plug-In
This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md)

View File

@ -100,3 +100,14 @@ Selector labels ImageRenderer
app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}} {{- end -}}
{{/*
Return the appropriate apiVersion for rbac.
*/}}
{{- define "rbac.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}

View File

@ -84,6 +84,10 @@ initContainers:
value: LIST value: LIST
- name: LABEL - name: LABEL
value: "{{ .Values.sidecar.datasources.label }}" value: "{{ .Values.sidecar.datasources.label }}"
{{- if .Values.sidecar.datasources.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.datasources.labelValue }}
{{- end }}
- name: FOLDER - name: FOLDER
value: "/etc/grafana/provisioning/datasources" value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE - name: RESOURCE
@ -164,6 +168,10 @@ containers:
value: {{ .Values.sidecar.dashboards.watchMethod }} value: {{ .Values.sidecar.dashboards.watchMethod }}
- name: LABEL - name: LABEL
value: "{{ .Values.sidecar.dashboards.label }}" value: "{{ .Values.sidecar.dashboards.label }}"
{{- if .Values.sidecar.dashboards.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.dashboards.labelValue }}
{{- end }}
- name: FOLDER - name: FOLDER
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
- name: RESOURCE - name: RESOURCE
@ -203,6 +211,10 @@ containers:
- {{ . }} - {{ . }}
{{- end }} {{- end }}
{{- end}} {{- end}}
{{- if .Values.containerSecurityContext }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 6 }}
{{- end }}
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: "/etc/grafana/grafana.ini" mountPath: "/etc/grafana/grafana.ini"
@ -419,8 +431,16 @@ volumes:
# nothing # nothing
{{- else }} {{- else }}
- name: storage - name: storage
{{- if .Values.persistence.inMemory.enabled }}
emptyDir:
medium: Memory
{{- if .Values.persistence.inMemory.sizeLimit }}
sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }}
{{- end -}}
{{- else }}
emptyDir: {} emptyDir: {}
{{- end -}} {{- end -}}
{{- end -}}
{{- if .Values.sidecar.dashboards.enabled }} {{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-volume - name: sc-dashboard-volume
emptyDir: {} emptyDir: {}
@ -447,6 +467,9 @@ volumes:
{{- else if .projected }} {{- else if .projected }}
- name: {{ .name }} - name: {{ .name }}
projected: {{- toYaml .projected | nindent 6 }} projected: {{- toYaml .projected | nindent 6 }}
{{- else if .csi }}
- name: {{ .name }}
csi: {{- toYaml .csi | nindent 6 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- range .Values.extraVolumeMounts }} {{- range .Values.extraVolumeMounts }}

View File

@ -16,10 +16,13 @@ data:
providers: providers:
- name: '{{ .Values.sidecar.dashboards.provider.name }}' - name: '{{ .Values.sidecar.dashboards.provider.name }}'
orgId: {{ .Values.sidecar.dashboards.provider.orgid }} orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
{{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
folder: '{{ .Values.sidecar.dashboards.provider.folder }}' folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
{{- end}}
type: {{ .Values.sidecar.dashboards.provider.type }} type: {{ .Values.sidecar.dashboards.provider.type }}
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
options: options:
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}

View File

@ -59,6 +59,9 @@ data:
--max-time 60 \ --max-time 60 \
{{- if not $value.b64content }} {{- if not $value.b64content }}
-H "Accept: application/json" \ -H "Accept: application/json" \
{{- if $value.token }}
-H "Authorization: token {{ $value.token }}" \
{{- end }}
-H "Content-Type: application/json;charset=UTF-8" \ -H "Content-Type: application/json;charset=UTF-8" \
{{ end }} {{ end }}
{{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \

View File

@ -40,6 +40,9 @@ spec:
{{- if .Values.imageRenderer.schedulerName }} {{- if .Values.imageRenderer.schedulerName }}
schedulerName: "{{ .Values.imageRenderer.schedulerName }}" schedulerName: "{{ .Values.imageRenderer.schedulerName }}"
{{- end }} {{- end }}
{{- if .Values.imageRenderer.serviceAccountName }}
serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}"
{{- end }}
{{- if .Values.imageRenderer.securityContext }} {{- if .Values.imageRenderer.securityContext }}
securityContext: securityContext:
{{ toYaml .Values.imageRenderer.securityContext | indent 2 }} {{ toYaml .Values.imageRenderer.securityContext | indent 2 }}

View File

@ -24,14 +24,17 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
tls: tls:
{{ toYaml .Values.ingress.tls | indent 4 }} {{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
{{- end }} {{- end }}
rules: rules:
{{- if .Values.ingress.hosts }} {{- if .Values.ingress.hosts }}
{{- range .Values.ingress.hosts }} {{- range .Values.ingress.hosts }}
- host: {{ . }} - host: {{ tpl . $}}
http: http:
paths: paths:
{{ if $extraPaths }} {{ if $extraPaths }}

View File

@ -34,6 +34,7 @@ spec:
- 'configMap' - 'configMap'
- 'emptyDir' - 'emptyDir'
- 'projected' - 'projected'
- 'csi'
- 'secret' - 'secret'
- 'downwardAPI' - 'downwardAPI'
- 'persistentVolumeClaim' - 'persistentVolumeClaim'

View File

@ -25,4 +25,9 @@ spec:
{{- if .Values.persistence.storageClassName }} {{- if .Values.persistence.storageClassName }}
storageClassName: {{ .Values.persistence.storageClassName }} storageClassName: {{ .Values.persistence.storageClassName }}
{{- end -}} {{- end -}}
{{- with .Values.persistence.selectorLabels }}
selector:
matchLabels:
{{ toYaml . | indent 6 }}
{{- end }}
{{- end -}} {{- end -}}

View File

@ -1,5 +1,5 @@
{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} {{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: {{ template "rbac.apiVersion" . }}
kind: Role kind: Role
metadata: metadata:
name: {{ template "grafana.fullname" . }} name: {{ template "grafana.fullname" . }}

View File

@ -1,5 +1,5 @@
{{- if .Values.rbac.create -}} {{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: {{ template "rbac.apiVersion" . }}
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ template "grafana.fullname" . }} name: {{ template "grafana.fullname" . }}

View File

@ -17,6 +17,6 @@ data:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if not .Values.ldap.existingSecret }} {{- if not .Values.ldap.existingSecret }}
ldap-toml: {{ .Values.ldap.config | b64enc | quote }} ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -21,6 +21,11 @@ spec:
honorLabels: true honorLabels: true
port: {{ .Values.service.portName }} port: {{ .Values.service.portName }}
path: {{ .Values.serviceMonitor.path }} path: {{ .Values.serviceMonitor.path }}
scheme: {{ .Values.serviceMonitor.scheme }}
{{- if .Values.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
{{- if .Values.serviceMonitor.relabelings }} {{- if .Values.serviceMonitor.relabelings }}
relabelings: relabelings:
{{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
@ -28,8 +33,7 @@ spec:
jobLabel: "{{ .Release.Name }}" jobLabel: "{{ .Release.Name }}"
selector: selector:
matchLabels: matchLabels:
app: {{ template "grafana.name" . }} {{- include "grafana.selectorLabels" . | nindent 8 }}
release: "{{ .Release.Name }}"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace }} - {{ .Release.Namespace }}

View File

@ -43,5 +43,10 @@ spec:
storageClassName: {{ .Values.persistence.storageClassName }} storageClassName: {{ .Values.persistence.storageClassName }}
resources: resources:
requests: requests:
storage: {{ .Values.persistence.size }} storage: {{ .Values.persistence.size }}
{{- with .Values.persistence.selectorLabels }}
selector:
matchLabels:
{{ toYaml . | indent 10 }}
{{- end }}
{{- end }} {{- end }}

View File

@ -25,5 +25,6 @@ spec:
- downwardAPI - downwardAPI
- emptyDir - emptyDir
- projected - projected
- csi
- secret - secret
{{- end }} {{- end }}

View File

@ -53,7 +53,7 @@ livenessProbe:
image: image:
repository: grafana/grafana repository: grafana/grafana
tag: 7.2.1 tag: 7.4.2
sha: "" sha: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@ -76,6 +76,8 @@ securityContext:
runAsGroup: 472 runAsGroup: 472
fsGroup: 472 fsGroup: 472
containerSecurityContext:
{}
extraConfigmapMounts: [] extraConfigmapMounts: []
# - name: certs-configmap # - name: certs-configmap
@ -136,6 +138,8 @@ serviceMonitor:
# namespace: monitoring (defaults to use the namespace this chart is deployed to) # namespace: monitoring (defaults to use the namespace this chart is deployed to)
labels: {} labels: {}
interval: 1m interval: 1m
scheme: http
tlsConfig: {}
scrapeTimeout: 30s scrapeTimeout: 30s
relabelings: [] relabelings: []
@ -153,6 +157,9 @@ hostAliases: []
ingress: ingress:
enabled: false enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated # Values can be templated
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
@ -235,9 +242,21 @@ persistence:
# annotations: {} # annotations: {}
finalizers: finalizers:
- kubernetes.io/pvc-protection - kubernetes.io/pvc-protection
# selectorLabels: {}
# subPath: "" # subPath: ""
# existingClaim: # existingClaim:
## If persistence is not enabled, this allows to mount the
## local storage in-memory to improve performance
##
inMemory:
enabled: false
## The maximum usage on memory medium EmptyDir would be
## the minimum value between the SizeLimit specified
## here and the sum of memory limits of all containers in a pod
##
# sizeLimit: 300Mi
initChownData: initChownData:
## If false, data ownership will not be reset at startup ## If false, data ownership will not be reset at startup
## This allows the prometheus-server to be run with an arbitrary user ## This allows the prometheus-server to be run with an arbitrary user
@ -348,6 +367,18 @@ extraSecretMounts: []
# audience: sts.amazonaws.com # audience: sts.amazonaws.com
# expirationSeconds: 86400 # expirationSeconds: 86400
# path: token # path: token
#
# for CSI e.g. Azure Key Vault use the following
# - name: secrets-store-inline
# mountPath: /run/secrets
# readOnly: true
# csi:
# driver: secrets-store.csi.k8s.io
# readOnly: true
# volumeAttributes:
# secretProviderClass: "akv-grafana-spc"
# nodePublishSecretRef: # Only required when using service principal mode
# name: grafana-akv-creds # Only required when using service principal mode
## Additional grafana server volume mounts ## Additional grafana server volume mounts
# Defines additional volume mounts. # Defines additional volume mounts.
@ -439,8 +470,10 @@ dashboards: {}
# datasource: Prometheus # datasource: Prometheus
# local-dashboard: # local-dashboard:
# url: https://example.com/repository/test.json # url: https://example.com/repository/test.json
# token: ''
# local-dashboard-base64: # local-dashboard-base64:
# url: https://example.com/repository/test-b64.json # url: https://example.com/repository/test-b64.json
# token: ''
# b64content: true # b64content: true
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. ## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
@ -530,8 +563,8 @@ smtp:
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
sidecar: sidecar:
image: image:
repository: kiwigrid/k8s-sidecar repository: quay.io/kiwigrid/k8s-sidecar
tag: 1.1.0 tag: 1.10.6
sha: "" sha: ""
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: {} resources: {}
@ -549,6 +582,8 @@ sidecar:
SCProvider: true SCProvider: true
# label that the configmaps with dashboards are marked with # label that the configmaps with dashboards are marked with
label: grafana_dashboard label: grafana_dashboard
# value of label that the configmaps with dashboards are set to
labelValue: null
# folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set)
folder: /tmp/dashboards folder: /tmp/dashboards
# The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead
@ -580,6 +615,8 @@ sidecar:
enabled: false enabled: false
# label that the configmaps with datasources are marked with # label that the configmaps with datasources are marked with
label: grafana_datasource label: grafana_datasource
# value of label that the configmaps with datasources are set to
labelValue: null
# If specified, the sidecar will search for datasource config-maps inside this namespace. # If specified, the sidecar will search for datasource config-maps inside this namespace.
# Otherwise the namespace in which the sidecar is running will be used. # Otherwise the namespace in which the sidecar is running will be used.
# It's also possible to specify ALL to search in all namespaces # It's also possible to specify ALL to search in all namespaces
@ -616,9 +653,12 @@ imageRenderer:
# image-renderer ImagePullPolicy # image-renderer ImagePullPolicy
pullPolicy: Always pullPolicy: Always
# extra environment variables # extra environment variables
env: {} env:
HTTP_HOST: "0.0.0.0"
# RENDERING_ARGS: --disable-gpu,--window-size=1280x758 # RENDERING_ARGS: --disable-gpu,--window-size=1280x758
# RENDERING_MODE: clustered # RENDERING_MODE: clustered
# image-renderer deployment serviceAccount
serviceAccountName: ""
# image-renderer deployment securityContext # image-renderer deployment securityContext
securityContext: {} securityContext: {}
# image-renderer deployment Host Aliases # image-renderer deployment Host Aliases
@ -630,6 +670,7 @@ imageRenderer:
portName: 'http' portName: 'http'
# image-renderer service port used by both service and deployment # image-renderer service port used by both service and deployment
port: 8081 port: 8081
targetPort: 8081
# name of the image-renderer port on the pod # name of the image-renderer port on the pod
podPortName: http podPortName: http
# number of image-renderer replica sets to keep # number of image-renderer replica sets to keep

View File

@ -1,15 +1,18 @@
apiVersion: v1 apiVersion: v1
appVersion: 1.9.7 appVersion: 1.9.8
deprecated: true description: Install kube-state-metrics to generate and expose cluster-level metrics
description: DEPRECATED - Install kube-state-metrics to generate and expose cluster-level
metrics
home: https://github.com/kubernetes/kube-state-metrics/ home: https://github.com/kubernetes/kube-state-metrics/
keywords: keywords:
- metric - metric
- monitoring - monitoring
- prometheus - prometheus
- kubernetes - kubernetes
maintainers:
- email: tariq.ibrahim@mulesoft.com
name: tariq1890
- email: manuel@rueg.eu
name: mrueg
name: kube-state-metrics name: kube-state-metrics
sources: sources:
- https://github.com/kubernetes/kube-state-metrics/ - https://github.com/kubernetes/kube-state-metrics/
version: 2.9.4 version: 2.13.0

View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright The Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,6 @@
approvers:
- tariq1890
- mrueg
reviewers:
- tariq1890
- mrueg

View File

@ -1,91 +1,66 @@
# ⚠️ Repo Archive Notice
As of Nov 13, 2020, charts in this repo will no longer be updated.
For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/).
# kube-state-metrics Helm Chart # kube-state-metrics Helm Chart
* Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
## DEPRECATION NOTICE ## Get Repo Info
This chart is deprecated and no longer supported. ```console
helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
## Installing the Chart helm repo update
To install the chart with the release name `my-release`:
```bash
$ helm install stable/kube-state-metrics
``` ```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
```console
# Helm 3
$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
# Helm 2
$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
# Helm 3
$ helm uninstall [RELEASE_NAME]
# Helm 2
# helm delete --purge [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
# Helm 3 or 2
$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### From stable/kube-state-metrics
You can upgrade in-place:
1. [get repo info](#get-repo-info)
1. [upgrade](#upgrading-chart) your existing release name using the new chart repo
## Configuration ## Configuration
| Parameter | Description | Default | See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
|:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------|
| `image.repository` | The image repository to pull from | `quay.io/coreos/kube-state-metrics` | ```console
| `image.tag` | The image tag to pull from | `v1.9.7` | helm show values kube-state-metrics/kube-state-metrics
| `image.pullPolicy` | Image pull policy | `IfNotPresent` | ```
| `imagePullSecrets` | List of container registry secrets | `[]` |
| `replicas` | Number of replicas | `1` | You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` |
| `service.port` | The port of the container | `8080` |
| `service.annotations` | Annotations to be added to the service | `{}` |
| `customLabels` | Custom labels to apply to service, deployment and pods | `{}` |
| `hostNetwork` | Whether or not to use the host network | `false` |
| `prometheusScrape` | Whether or not enable prom scrape | `true` |
| `rbac.create` | If true, create & use RBAC resources | `true` |
| `serviceAccount.create` | If true, create & use serviceAccount | `true` |
| `serviceAccount.name` | If not set & create is true, use template fullname | |
| `serviceAccount.imagePullSecrets` | Specify image pull secrets field | `[]` |
| `serviceAccount.annotations` | Annotations to be added to the serviceAccount | `{}` |
| `podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources. Note that related RBACs are created only if `rbac.enabled` is `true`. | `false` |
| `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
| `podSecurityPolicy.additionalVolumes` | Specify allowed volumes in the pod security policy (`secret` is always allowed) | `[]` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the filesystem | `65534` |
| `securityContext.runAsGroup` | Group ID for the container | `65534` |
| `securityContext.runAsUser` | User ID for the container | `65534` |
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `podAnnotations` | Annotations to be added to the pod | `{}` |
| `podDisruptionBudget` | Optional PodDisruptionBudget | `{}` |
| `resources` | kube-state-metrics resource requests and limits | `{}` |
| `collectors.certificatesigningrequests` | Enable the certificatesigningrequests collector. | `true` |
| `collectors.configmaps` | Enable the configmaps collector. | `true` |
| `collectors.cronjobs` | Enable the cronjobs collector. | `true` |
| `collectors.daemonsets` | Enable the daemonsets collector. | `true` |
| `collectors.deployments` | Enable the deployments collector. | `true` |
| `collectors.endpoints` | Enable the endpoints collector. | `true` |
| `collectors.horizontalpodautoscalers` | Enable the horizontalpodautoscalers collector. | `true` |
| `collectors.ingresses` | Enable the ingresses collector. | `true` |
| `collectors.jobs` | Enable the jobs collector. | `true` |
| `collectors.limitranges` | Enable the limitranges collector. | `true` |
| `collectors.mutatingwebhookconfigurations` | Enable the mutatingwebhookconfigurations collector. | `true` |
| `collectors.namespaces` | Enable the namespaces collector. | `true` |
| `collectors.networkpolicies` | Enable the networkpolicies collector. | `true` |
| `collectors.nodes` | Enable the nodes collector. | `true` |
| `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | `true` |
| `collectors.persistentvolumes` | Enable the persistentvolumes collector. | `true` |
| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | `true` |
| `collectors.pods` | Enable the pods collector. | `true` |
| `collectors.replicasets` | Enable the replicasets collector. | `true` |
| `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | `true` |
| `collectors.resourcequotas` | Enable the resourcequotas collector. | `true` |
| `collectors.secrets` | Enable the secrets collector. | `true` |
| `collectors.services` | Enable the services collector. | `true` |
| `collectors.statefulsets` | Enable the statefulsets collector. | `true` |
| `collectors.storageclasses` | Enable the storageclasses collector. | `true` |
| `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `true` |
| `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `true` |
| `collectors.volumeattachments` | Enable the volumeattachments collector. | `true` |
| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` |
| `prometheus.monitor.honorLabels` | Honor metric labels | `false` |
| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
| `kubeTargetVersionOverride` | Override the k8s version of the target cluster | `""` |
| `kubeconfig.enabled` | Adds --kubeconfig arg to container at startup | `""` |
| `kubeconfig.secret` | Base64 encoded kubeconfig file | `""` |

View File

@ -1,4 +1,4 @@
{{- if .Values.rbac.create -}} {{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -11,7 +11,11 @@ metadata:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
{{- if .Values.rbac.useExistingRole }}
name: {{ .Values.rbac.useExistingRole }}
{{- else }}
name: {{ template "kube-state-metrics.fullname" . }} name: {{ template "kube-state-metrics.fullname" . }}
{{- end }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "kube-state-metrics.fullname" . }} name: {{ template "kube-state-metrics.fullname" . }}

View File

@ -12,6 +12,7 @@ metadata:
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app.kubernetes.io/instance: "{{ .Release.Name }}" app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: "{{ .Release.Service }}" app.kubernetes.io/managed-by: "{{ .Release.Service }}"
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
{{- if .Values.customLabels }} {{- if .Values.customLabels }}
{{ toYaml .Values.customLabels | indent 4 }} {{ toYaml .Values.customLabels | indent 4 }}
{{- end }} {{- end }}
@ -62,6 +63,11 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
{{- end }} {{- end }}
args: args:
{{ if .Values.extraArgs }}
{{- range .Values.extraArgs }}
- {{ . }}
{{- end }}
{{ end }}
{{ if .Values.collectors.certificatesigningrequests }} {{ if .Values.collectors.certificatesigningrequests }}
- --collectors=certificatesigningrequests - --collectors=certificatesigningrequests
{{ end }} {{ end }}
@ -147,7 +153,7 @@ spec:
- --collectors=volumeattachments - --collectors=volumeattachments
{{ end }} {{ end }}
{{ if .Values.namespace }} {{ if .Values.namespace }}
- --namespace={{ .Values.namespace }} - --namespace={{ .Values.namespace | join "," }}
{{ end }} {{ end }}
{{ if .Values.autosharding.enabled }} {{ if .Values.autosharding.enabled }}
- --pod=$(POD_NAME) - --pod=$(POD_NAME)
@ -156,6 +162,10 @@ spec:
{{ if .Values.kubeconfig.enabled }} {{ if .Values.kubeconfig.enabled }}
- --kubeconfig=/opt/k8s/.kube/config - --kubeconfig=/opt/k8s/.kube/config
{{ end }} {{ end }}
{{ if .Values.selfMonitor.telemetryHost }}
- --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
{{ end }}
- --telemetry-port=8081
{{- if .Values.kubeconfig.enabled }} {{- if .Values.kubeconfig.enabled }}
volumeMounts: volumeMounts:
- name: kubeconfig - name: kubeconfig

View File

@ -9,9 +9,12 @@ metadata:
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app.kubernetes.io/instance: "{{ .Release.Name }}" app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: "{{ .Release.Service }}" app.kubernetes.io/managed-by: "{{ .Release.Service }}"
{{- if .Values.customLabels }}
{{ toYaml .Values.customLabels | indent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }} {{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end -}} {{- end -}}

View File

@ -1,177 +1,189 @@
{{- if .Values.rbac.create -}} {{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
{{- if eq .Values.rbac.useClusterRole false }}
{{- range (split "," $.Values.namespace) }}
{{- end }}
{{- end -}}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if eq .Values.rbac.useClusterRole false }}
kind: Role
{{- else }}
kind: ClusterRole kind: ClusterRole
{{- end }}
metadata: metadata:
labels: labels:
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ $.Release.Name }}
name: {{ template "kube-state-metrics.fullname" . }} name: {{ template "kube-state-metrics.fullname" $ }}
{{- if eq .Values.rbac.useClusterRole false }}
namespace: {{ . }}
{{- end }}
rules: rules:
{{ if .Values.collectors.certificatesigningrequests }} {{ if $.Values.collectors.certificatesigningrequests }}
- apiGroups: ["certificates.k8s.io"] - apiGroups: ["certificates.k8s.io"]
resources: resources:
- certificatesigningrequests - certificatesigningrequests
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.configmaps }} {{ if $.Values.collectors.configmaps }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- configmaps - configmaps
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.cronjobs }} {{ if $.Values.collectors.cronjobs }}
- apiGroups: ["batch"] - apiGroups: ["batch"]
resources: resources:
- cronjobs - cronjobs
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.daemonsets }} {{ if $.Values.collectors.daemonsets }}
- apiGroups: ["extensions", "apps"] - apiGroups: ["extensions", "apps"]
resources: resources:
- daemonsets - daemonsets
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.deployments }} {{ if $.Values.collectors.deployments }}
- apiGroups: ["extensions", "apps"] - apiGroups: ["extensions", "apps"]
resources: resources:
- deployments - deployments
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.endpoints }} {{ if $.Values.collectors.endpoints }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- endpoints - endpoints
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.horizontalpodautoscalers }} {{ if $.Values.collectors.horizontalpodautoscalers }}
- apiGroups: ["autoscaling"] - apiGroups: ["autoscaling"]
resources: resources:
- horizontalpodautoscalers - horizontalpodautoscalers
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.ingresses }} {{ if $.Values.collectors.ingresses }}
- apiGroups: ["extensions", "networking.k8s.io"] - apiGroups: ["extensions", "networking.k8s.io"]
resources: resources:
- ingresses - ingresses
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.jobs }} {{ if $.Values.collectors.jobs }}
- apiGroups: ["batch"] - apiGroups: ["batch"]
resources: resources:
- jobs - jobs
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.limitranges }} {{ if $.Values.collectors.limitranges }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- limitranges - limitranges
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.mutatingwebhookconfigurations }} {{ if $.Values.collectors.mutatingwebhookconfigurations }}
- apiGroups: ["admissionregistration.k8s.io"] - apiGroups: ["admissionregistration.k8s.io"]
resources: resources:
- mutatingwebhookconfigurations - mutatingwebhookconfigurations
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.namespaces }} {{ if $.Values.collectors.namespaces }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- namespaces - namespaces
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.networkpolicies }} {{ if $.Values.collectors.networkpolicies }}
- apiGroups: ["networking.k8s.io"] - apiGroups: ["networking.k8s.io"]
resources: resources:
- networkpolicies - networkpolicies
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.nodes }} {{ if $.Values.collectors.nodes }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- nodes - nodes
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.persistentvolumeclaims }} {{ if $.Values.collectors.persistentvolumeclaims }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- persistentvolumeclaims - persistentvolumeclaims
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.persistentvolumes }} {{ if $.Values.collectors.persistentvolumes }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- persistentvolumes - persistentvolumes
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.poddisruptionbudgets }} {{ if $.Values.collectors.poddisruptionbudgets }}
- apiGroups: ["policy"] - apiGroups: ["policy"]
resources: resources:
- poddisruptionbudgets - poddisruptionbudgets
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.pods }} {{ if $.Values.collectors.pods }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- pods - pods
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.replicasets }} {{ if $.Values.collectors.replicasets }}
- apiGroups: ["extensions", "apps"] - apiGroups: ["extensions", "apps"]
resources: resources:
- replicasets - replicasets
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.replicationcontrollers }} {{ if $.Values.collectors.replicationcontrollers }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- replicationcontrollers - replicationcontrollers
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.resourcequotas }} {{ if $.Values.collectors.resourcequotas }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- resourcequotas - resourcequotas
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.secrets }} {{ if $.Values.collectors.secrets }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- secrets - secrets
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.services }} {{ if $.Values.collectors.services }}
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- services - services
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.statefulsets }} {{ if $.Values.collectors.statefulsets }}
- apiGroups: ["apps"] - apiGroups: ["apps"]
resources: resources:
- statefulsets - statefulsets
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.storageclasses }} {{ if $.Values.collectors.storageclasses }}
- apiGroups: ["storage.k8s.io"] - apiGroups: ["storage.k8s.io"]
resources: resources:
- storageclasses - storageclasses
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.validatingwebhookconfigurations }} {{ if $.Values.collectors.validatingwebhookconfigurations }}
- apiGroups: ["admissionregistration.k8s.io"] - apiGroups: ["admissionregistration.k8s.io"]
resources: resources:
- validatingwebhookconfigurations - validatingwebhookconfigurations
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.volumeattachments }} {{ if $.Values.collectors.volumeattachments }}
- apiGroups: ["storage.k8s.io"] - apiGroups: ["storage.k8s.io"]
resources: resources:
- volumeattachments - volumeattachments
verbs: ["list", "watch"] verbs: ["list", "watch"]
{{ end -}} {{ end -}}
{{ if .Values.collectors.verticalpodautoscalers }} {{ if $.Values.collectors.verticalpodautoscalers }}
- apiGroups: ["autoscaling.k8s.io"] - apiGroups: ["autoscaling.k8s.io"]
resources: resources:
- verticalpodautoscalers - verticalpodautoscalers

View File

@ -0,0 +1,27 @@
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
{{- range (split "," $.Values.namespace) }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }}
helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/instance: {{ $.Release.Name }}
name: {{ template "kube-state-metrics.fullname" $ }}
namespace: {{ . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
{{- if (not $.Values.rbac.useExistingRole) }}
name: {{ template "kube-state-metrics.fullname" $ }}
{{- else }}
name: {{ $.Values.rbac.useExistingRole }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-state-metrics.fullname" $ }}
namespace: {{ template "kube-state-metrics.namespace" $ }}
{{- end -}}
{{- end -}}

View File

@ -28,6 +28,12 @@ spec:
nodePort: {{ .Values.service.nodePort }} nodePort: {{ .Values.service.nodePort }}
{{- end }} {{- end }}
targetPort: 8080 targetPort: 8080
{{ if .Values.selfMonitor.enabled }}
- name: "metrics"
protocol: TCP
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
targetPort: 8081
{{ end }}
{{- if .Values.service.loadBalancerIP }} {{- if .Values.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
{{- end }} {{- end }}

View File

@ -12,6 +12,9 @@ metadata:
{{- if .Values.prometheus.monitor.additionalLabels }} {{- if .Values.prometheus.monitor.additionalLabels }}
{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} {{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.customLabels }}
{{ toYaml .Values.customLabels | indent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -22,4 +25,10 @@ spec:
{{- if .Values.prometheus.monitor.honorLabels }} {{- if .Values.prometheus.monitor.honorLabels }}
honorLabels: true honorLabels: true
{{- end }} {{- end }}
{{ if .Values.selfMonitor.enabled }}
- port: metrics
{{- if .Values.prometheus.monitor.honorLabels }}
honorLabels: true
{{- end }}
{{ end }}
{{- end }} {{- end }}

View File

@ -1,8 +1,8 @@
# Default values for kube-state-metrics. # Default values for kube-state-metrics.
prometheusScrape: true prometheusScrape: true
image: image:
repository: quay.io/coreos/kube-state-metrics repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics
tag: v1.9.7 tag: v1.9.8
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
imagePullSecrets: [] imagePullSecrets: []
@ -17,6 +17,11 @@ autosharding:
replicas: 1 replicas: 1
# List of additional cli arguments to configure kube-state-metrics
# for example: --enable-gzip-encoding, --log-file, etc.
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
extraArgs: []
service: service:
port: 8080 port: 8080
# Default to clusterIP for backward compatibility # Default to clusterIP for backward compatibility
@ -33,6 +38,12 @@ rbac:
# If true, create & use RBAC resources # If true, create & use RBAC resources
create: true create: true
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
# useExistingRole: your-existing-role
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
useClusterRole: true
serviceAccount: serviceAccount:
# Specifies whether a ServiceAccount should be created, require rbac true # Specifies whether a ServiceAccount should be created, require rbac true
create: true create: true
@ -159,3 +170,10 @@ resources: {}
## For example: kubeTargetVersionOverride: 1.14.9 ## For example: kubeTargetVersionOverride: 1.14.9
## ##
kubeTargetVersionOverride: "" kubeTargetVersionOverride: ""
# Enable self metrics configuration for service and Service Monitor
# Default values for telemetry configuration can be overriden
selfMonitor:
enabled: false
# telemetryHost: 0.0.0.0
# telemetryPort: 8081

View File

@ -10,7 +10,8 @@ maintainers:
- email: gianrubio@gmail.com - email: gianrubio@gmail.com
name: gianrubio name: gianrubio
- name: vsliouniaev - name: vsliouniaev
- name: bismarck
name: prometheus-node-exporter name: prometheus-node-exporter
sources: sources:
- https://github.com/prometheus/node_exporter/ - https://github.com/prometheus/node_exporter/
version: 1.12.0 version: 1.14.2

View File

@ -43,6 +43,9 @@ spec:
{{- if .Values.extraArgs }} {{- if .Values.extraArgs }}
{{ toYaml .Values.extraArgs | indent 12 }} {{ toYaml .Values.extraArgs | indent 12 }}
{{- end }} {{- end }}
{{- with .Values.containerSecurityContext }}
securityContext: {{ toYaml . | nindent 12 }}
{{- end }}
env: env:
- name: HOST_IP - name: HOST_IP
{{- if .Values.service.listenOnAllInterfaces }} {{- if .Values.service.listenOnAllInterfaces }}
@ -55,7 +58,7 @@ spec:
{{- end }} {{- end }}
ports: ports:
- name: metrics - name: metrics
containerPort: {{ .Values.service.targetPort }} containerPort: {{ .Values.service.port }}
protocol: TCP protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:
@ -100,6 +103,12 @@ spec:
- name: {{ $mount.name }} - name: {{ $mount.name }}
mountPath: {{ $mount.mountPath }} mountPath: {{ $mount.mountPath }}
{{- end }} {{- end }}
{{- if .Values.secrets }}
{{- range $_, $mount := .Values.secrets }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.sidecars }} {{- if .Values.sidecars }}
{{ toYaml .Values.sidecars | indent 8 }} {{ toYaml .Values.sidecars | indent 8 }}
@ -157,3 +166,10 @@ spec:
name: {{ $mount.name }} name: {{ $mount.name }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.secrets }}
{{- range $_, $mount := .Values.secrets }}
- name: {{ $mount.name }}
secret:
secretName: {{ $mount.name }}
{{- end }}
{{- end }}

View File

@ -15,6 +15,13 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
endpoints: endpoints:
- port: metrics - port: metrics
scheme: {{ $.Values.prometheus.monitor.scheme }}
{{- if $.Values.prometheus.monitor.bearerTokenFile }}
bearerTokenFile: {{ $.Values.prometheus.monitor.bearerTokenFile }}
{{- end }}
{{- if $.Values.prometheus.monitor.tlsConfig }}
tlsConfig: {{ toYaml $.Values.prometheus.monitor.tlsConfig | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.monitor.scrapeTimeout }} {{- if .Values.prometheus.monitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
{{- end }} {{- end }}

View File

@ -10,6 +10,8 @@ metadata:
chart: {{ template "prometheus-node-exporter.chart" . }} chart: {{ template "prometheus-node-exporter.chart" . }}
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}" heritage: "{{ .Release.Service }}"
annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
imagePullSecrets: imagePullSecrets:
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} {{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
{{- end -}} {{- end -}}

View File

@ -20,6 +20,9 @@ prometheus:
enabled: false enabled: false
additionalLabels: {} additionalLabels: {}
namespace: "" namespace: ""
scheme: http
bearerTokenFile:
tlsConfig: {}
relabelings: [] relabelings: []
scrapeTimeout: 10s scrapeTimeout: 10s
@ -48,6 +51,7 @@ serviceAccount:
# The name of the ServiceAccount to use. # The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: name:
annotations: {}
imagePullSecrets: [] imagePullSecrets: []
securityContext: securityContext:
@ -56,6 +60,11 @@ securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65534 runAsUser: 65534
containerSecurityContext: {}
# capabilities:
# add:
# - SYS_TIME
rbac: rbac:
## If true, create & use RBAC resources ## If true, create & use RBAC resources
## ##
@ -84,7 +93,9 @@ affinity: {}
# - target-host-name # - target-host-name
# Annotations to be added to node exporter pods # Annotations to be added to node exporter pods
podAnnotations: {} podAnnotations:
# Fix for very slow GKE cluster upgrades
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
# Extra labels to be added to node exporter pods # Extra labels to be added to node exporter pods
podLabels: {} podLabels: {}
@ -122,7 +133,9 @@ extraHostVolumeMounts: []
configmaps: [] configmaps: []
# - name: <configMapName> # - name: <configMapName>
# mountPath: <mountPath> # mountPath: <mountPath>
secrets: []
# - name: <secretName>
# mountPath: <mountPatch>
## Override the deployment namespace ## Override the deployment namespace
## ##
namespaceOverride: "" namespaceOverride: ""

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
@ -50,6 +50,7 @@ spec:
properties: properties:
name: name:
description: Label to match. description: Label to match.
minLength: 1
type: string type: string
regex: regex:
description: Whether to match on equality (false) or regular-expression (true). description: Whether to match on equality (false) or regular-expression (true).
@ -59,7 +60,6 @@ spec:
type: string type: string
required: required:
- name - name
- value
type: object type: object
type: array type: array
targetMatch: targetMatch:
@ -69,6 +69,7 @@ spec:
properties: properties:
name: name:
description: Label to match. description: Label to match.
minLength: 1
type: string type: string
regex: regex:
description: Whether to match on equality (false) or regular-expression (true). description: Whether to match on equality (false) or regular-expression (true).
@ -78,7 +79,6 @@ spec:
type: string type: string
required: required:
- name - name
- value
type: object type: object
type: array type: array
type: object type: object
@ -94,9 +94,10 @@ spec:
description: EmailConfig configures notifications via Email. description: EmailConfig configures notifications via Email.
properties: properties:
authIdentity: authIdentity:
description: The identity to use for authentication.
type: string type: string
authPassword: authPassword:
description: SecretKeySelector selects a key of a Secret. description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must be a valid secret key. description: The key of the secret to select from. Must be a valid secret key.
@ -111,7 +112,7 @@ spec:
- key - key
type: object type: object
authSecret: authSecret:
description: SecretKeySelector selects a key of a Secret. description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must be a valid secret key. description: The key of the secret to select from. Must be a valid secret key.
@ -126,7 +127,7 @@ spec:
- key - key
type: object type: object
authUsername: authUsername:
description: SMTP authentication information. description: The username to use for authentication.
type: string type: string
from: from:
description: The sender address. description: The sender address.
@ -138,6 +139,7 @@ spec:
properties: properties:
key: key:
description: Key of the tuple. description: Key of the tuple.
minLength: 1
type: string type: string
value: value:
description: Value of the tuple. description: Value of the tuple.
@ -265,6 +267,7 @@ spec:
type: array type: array
name: name:
description: Name of the receiver. Must be unique across all items from the list. description: Name of the receiver. Must be unique across all items from the list.
minLength: 1
type: string type: string
opsgenieConfigs: opsgenieConfigs:
description: List of OpsGenie configurations. description: List of OpsGenie configurations.
@ -299,6 +302,7 @@ spec:
properties: properties:
key: key:
description: Key of the tuple. description: Key of the tuple.
minLength: 1
type: string type: string
value: value:
description: Value of the tuple. description: Value of the tuple.
@ -469,7 +473,7 @@ spec:
responders: responders:
description: List of responders responsible for notifications. description: List of responders responsible for notifications.
items: items:
description: OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined. description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
properties: properties:
id: id:
description: ID of the responder. description: ID of the responder.
@ -479,10 +483,13 @@ spec:
type: string type: string
type: type:
description: Type of responder. description: Type of responder.
minLength: 1
type: string type: string
username: username:
description: Username of the responder. description: Username of the responder.
type: string type: string
required:
- type
type: object type: object
type: array type: array
sendResolved: sendResolved:
@ -523,6 +530,7 @@ spec:
properties: properties:
key: key:
description: Key of the tuple. description: Key of the tuple.
minLength: 1
type: string type: string
value: value:
description: Value of the tuple. description: Value of the tuple.
@ -904,7 +912,7 @@ spec:
description: Notification title. description: Notification title.
type: string type: string
token: token:
description: Your registered applications API token, see https://pushover.net/apps description: The secret's key that contains the registered applications API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must be a valid secret key. description: The key of the secret to select from. Must be a valid secret key.
@ -925,7 +933,7 @@ spec:
description: A title for supplementary URL, otherwise just the URL is shown description: A title for supplementary URL, otherwise just the URL is shown
type: string type: string
userKey: userKey:
description: The recipient users user key. description: The secret's key that contains the recipient users user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must be a valid secret key. description: The key of the secret to select from. Must be a valid secret key.
@ -959,6 +967,7 @@ spec:
okText: okText:
type: string type: string
text: text:
minLength: 1
type: string type: string
title: title:
type: string type: string
@ -970,8 +979,10 @@ spec:
style: style:
type: string type: string
text: text:
minLength: 1
type: string type: string
type: type:
minLength: 1
type: string type: string
url: url:
type: string type: string
@ -1014,8 +1025,10 @@ spec:
short: short:
type: boolean type: boolean
title: title:
minLength: 1
type: string type: string
value: value:
minLength: 1
type: string type: string
required: required:
- title - title
@ -1210,7 +1223,7 @@ spec:
description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
properties: properties:
apiKey: apiKey:
description: The API key to use when talking to the VictorOps API. description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties: properties:
key: key:
description: The key of the secret to select from. Must be a valid secret key. description: The key of the secret to select from. Must be a valid secret key.
@ -1234,6 +1247,7 @@ spec:
properties: properties:
key: key:
description: Key of the tuple. description: Key of the tuple.
minLength: 1
type: string type: string
value: value:
description: Value of the tuple. description: Value of the tuple.
@ -1410,8 +1424,6 @@ spec:
stateMessage: stateMessage:
description: Contains long explanation of the alerted problem. description: Contains long explanation of the alerted problem.
type: string type: string
required:
- routingKey
type: object type: object
type: array type: array
webhookConfigs: webhookConfigs:
@ -1569,8 +1581,9 @@ spec:
type: object type: object
type: object type: object
maxAlerts: maxAlerts:
description: Maximum number of alerts to be sent per webhook message. description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.
format: int32 format: int32
minimum: 0
type: integer type: integer
sendResolved: sendResolved:
description: Whether or not to notify about resolved alerts. description: Whether or not to notify about resolved alerts.
@ -1793,7 +1806,7 @@ spec:
type: object type: object
type: array type: array
route: route:
description: The Alertmanager route definition for alerts matching the resources namespace. It will be added to the generated Alertmanager configuration as a first-level route. description: The Alertmanager route definition for alerts matching the resources namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.
properties: properties:
continue: continue:
description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.
@ -1816,6 +1829,7 @@ spec:
properties: properties:
name: name:
description: Label to match. description: Label to match.
minLength: 1
type: string type: string
regex: regex:
description: Whether to match on equality (false) or regular-expression (true). description: Whether to match on equality (false) or regular-expression (true).
@ -1825,11 +1839,10 @@ spec:
type: string type: string
required: required:
- name - name
- value
type: object type: object
type: array type: array
receiver: receiver:
description: Name of the receiver for this route. If present, it should be listed in the `receivers` field. The field can be omitted only for nested routes otherwise it is mandatory. description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.
type: string type: string
repeatInterval: repeatInterval:
description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
@ -2258,7 +2258,7 @@ spec:
type: string type: string
type: object type: object
podMonitorNamespaceSelector: podMonitorNamespaceSelector:
description: Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace. description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed. description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -2849,7 +2849,7 @@ spec:
description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).
type: string type: string
retentionSize: retentionSize:
description: Maximum amount of disk space used by blocks. description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.'
type: string type: string
routePrefix: routePrefix:
description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.
@ -3019,7 +3019,7 @@ spec:
description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.
type: string type: string
serviceMonitorNamespaceSelector: serviceMonitorNamespaceSelector:
description: Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed. description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -3456,6 +3456,9 @@ spec:
required: required:
- key - key
type: object type: object
tracingConfigFile:
description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.
type: string
version: version:
description: Version describes the version of Thanos to use. description: Version describes the version of Thanos to use.
type: string type: string

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1

View File

@ -1,4 +1,4 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.44.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1

View File

@ -19,7 +19,7 @@ spec:
listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} {{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
externalUrl: "{{ .Values.alertmanager.alertmanagerSpec.externalUrl }}" externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}"
{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} {{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}
externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
{{- else }} {{- else }}
@ -47,10 +47,14 @@ spec:
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }} {{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }}
alertmanagerConfigSelector: alertmanagerConfigSelector:
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}} {{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}}
{{ else }}
alertmanagerConfigSelector: {}
{{- end }} {{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }} {{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }}
alertmanagerConfigNamespaceSelector: alertmanagerConfigNamespaceSelector:
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}} {{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}}
{{ else }}
alertmanagerConfigNamespaceSelector: {}
{{- end }} {{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.resources }} {{- if .Values.alertmanager.alertmanagerSpec.resources }}
resources: resources:
@ -81,9 +85,9 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
labelSelector: labelSelector:
matchLabels: matchExpressions:
app: alertmanager - {key: app, operator: In, values: [alertmanager]}
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]}
{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }} {{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }}
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
@ -91,15 +95,19 @@ spec:
podAffinityTerm: podAffinityTerm:
topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
labelSelector: labelSelector:
matchLabels: matchExpressions:
app: alertmanager - {key: app, operator: In, values: [alertmanager]}
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.tolerations }} {{- if .Values.alertmanager.alertmanagerSpec.tolerations }}
tolerations: tolerations:
{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }} {{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }} {{- if .Values.global.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 4 }} {{ toYaml .Values.global.imagePullSecrets | indent 4 }}

View File

@ -1,4 +1,5 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} {{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }}
{{- $pathType := .Values.alertmanager.ingress.pathType | default "" }}
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
{{- $servicePort := .Values.alertmanager.service.port -}} {{- $servicePort := .Values.alertmanager.service.port -}}
{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} {{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }}
@ -23,7 +24,7 @@ metadata:
{{- end }} {{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }} {{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec: spec:
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }} {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }}
{{- if .Values.alertmanager.ingress.ingressClassName }} {{- if .Values.alertmanager.ingress.ingressClassName }}
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
{{- end }} {{- end }}
@ -36,6 +37,9 @@ spec:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}
@ -46,6 +50,9 @@ spec:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}
@ -53,6 +60,6 @@ spec:
{{- end -}} {{- end -}}
{{- if .Values.alertmanager.ingress.tls }} {{- if .Values.alertmanager.ingress.tls }}
tls: tls:
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }} {{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

View File

@ -1,4 +1,5 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }} {{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }}
{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }}
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} {{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
{{- $servicePort := .Values.alertmanager.service.port -}} {{- $servicePort := .Values.alertmanager.service.port -}}
{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}} {{- $ingressValues := .Values.alertmanager.ingressPerReplica -}}
@ -29,7 +30,7 @@ items:
{{ toYaml $ingressValues.annotations | indent 8 }} {{ toYaml $ingressValues.annotations | indent 8 }}
{{- end }} {{- end }}
spec: spec:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }} {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }}
{{- if $ingressValues.ingressClassName }} {{- if $ingressValues.ingressClassName }}
ingressClassName: {{ $ingressValues.ingressClassName }} ingressClassName: {{ $ingressValues.ingressClassName }}
{{- end }} {{- end }}
@ -40,6 +41,9 @@ items:
paths: paths:
{{- range $p := $ingressValues.paths }} {{- range $p := $ingressValues.paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}

View File

@ -25,6 +25,10 @@ spec:
{{- end }} {{- end }}
selector: selector:
matchLabels: matchLabels:
{{- if .Values.kubeStateMetrics.serviceMonitor.selectorOverride }}
{{ toYaml .Values.kubeStateMetrics.serviceMonitor.selectorOverride | indent 6 }}
{{ else }}
app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/instance: "{{ $.Release.Name }}" app.kubernetes.io/instance: "{{ $.Release.Name }}"
{{- end }} {{- end }}
{{- end }}

View File

@ -16,6 +16,7 @@ data:
datasource.yaml: |- datasource.yaml: |-
apiVersion: 1 apiVersion: 1
datasources: datasources:
{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }}
{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} {{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }}
- name: Prometheus - name: Prometheus
type: prometheus type: prometheus
@ -23,7 +24,7 @@ data:
access: proxy access: proxy
isDefault: true isDefault: true
jsonData: jsonData:
timeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }} timeInterval: {{ $scrapeInterval }}
{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }} {{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }}
{{- range until (int .Values.prometheus.prometheusSpec.replicas) }} {{- range until (int .Values.prometheus.prometheusSpec.replicas) }}
- name: Prometheus-{{ . }} - name: Prometheus-{{ . }}
@ -32,7 +33,7 @@ data:
access: proxy access: proxy
isDefault: false isDefault: false
jsonData: jsonData:
timeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }} timeInterval: {{ $scrapeInterval }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -1823,7 +1823,7 @@ data:
}, },
"datasource": "$datasource", "datasource": "$datasource",
"hide": 2, "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false, "includeAll": false,
"label": null, "label": null,
"multi": false, "multi": false,

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/etcd/master/Documentation/op-guide/grafana.json Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/current/op-guide/grafana.json
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -191,7 +191,7 @@ data:
"tableColumn": "", "tableColumn": "",
"targets": [ "targets": [
{ {
"expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}", "legendFormat": "{{`{{`}}instance{{`}}`}}",
@ -275,7 +275,7 @@ data:
"tableColumn": "", "tableColumn": "",
"targets": [ "targets": [
{ {
"expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}", "legendFormat": "{{`{{`}}instance{{`}}`}}",

View File

@ -1293,7 +1293,7 @@ data:
}, },
"datasource": "$datasource", "datasource": "$datasource",
"hide": 2, "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false, "includeAll": false,
"label": null, "label": null,
"multi": false, "multi": false,

View File

@ -1533,7 +1533,7 @@ data:
}, },
"datasource": "$datasource", "datasource": "$datasource",
"hide": 2, "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false, "includeAll": false,
"label": null, "label": null,
"multi": false, "multi": false,

View File

@ -92,7 +92,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "CPU Utilisation", "title": "CPU Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -178,7 +178,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "CPU Saturation (load1 per CPU)", "title": "CPU Saturation (load1 per CPU)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -276,7 +276,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Memory Utilisation", "title": "Memory Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -362,7 +362,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Memory Saturation (Major Page Faults)", "title": "Memory Saturation (Major Page Faults)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -476,7 +476,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Net Utilisation (Bytes Receive/Transmit)", "title": "Net Utilisation (Bytes Receive/Transmit)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -578,7 +578,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Net Saturation (Drops Receive/Transmit)", "title": "Net Saturation (Drops Receive/Transmit)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -676,7 +676,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk IO Utilisation", "title": "Disk IO Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -762,7 +762,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk IO Saturation", "title": "Disk IO Saturation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -860,7 +860,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk Space Utilisation", "title": "Disk Space Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -956,9 +956,9 @@ data:
"30d" "30d"
] ]
}, },
"timezone": "UTC", "timezone": "utc",
"title": "USE Method / Cluster", "title": "USE Method / Cluster",
"uid": "3e97d1d02672cdd0861f4c97c64f89b2", "uid": "",
"version": 0 "version": 0
} }
{{- end }} {{- end }}

View File

@ -92,7 +92,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "CPU Utilisation", "title": "CPU Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -178,7 +178,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "CPU Saturation (Load1 per CPU)", "title": "CPU Saturation (Load1 per CPU)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -276,7 +276,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Memory Utilisation", "title": "Memory Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -362,7 +362,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Memory Saturation (Major Page Faults)", "title": "Memory Saturation (Major Page Faults)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -476,7 +476,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Net Utilisation (Bytes Receive/Transmit)", "title": "Net Utilisation (Bytes Receive/Transmit)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -578,7 +578,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Net Saturation (Drops Receive/Transmit)", "title": "Net Saturation (Drops Receive/Transmit)",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -676,7 +676,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk IO Utilisation", "title": "Disk IO Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -762,7 +762,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk IO Saturation", "title": "Disk IO Saturation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -860,7 +860,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk Space Utilisation", "title": "Disk Space Utilisation",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -983,9 +983,9 @@ data:
"30d" "30d"
] ]
}, },
"timezone": "UTC", "timezone": "utc",
"title": "USE Method / Node", "title": "USE Method / Node",
"uid": "fac67cfbe174d3ef53eb473d73d9212f", "uid": "",
"version": 0 "version": 0
} }
{{- end }} {{- end }}

View File

@ -107,7 +107,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "CPU Usage", "title": "CPU Usage",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -221,7 +221,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Load Average", "title": "Load Average",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -348,7 +348,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Memory Usage", "title": "Memory Usage",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -451,9 +451,6 @@ data:
], ],
"thresholds": "80, 90", "thresholds": "80, 90",
"title": "Memory Usage", "title": "Memory Usage",
"tooltip": {
"shared": false
},
"type": "singlestat", "type": "singlestat",
"valueFontSize": "80%", "valueFontSize": "80%",
"valueMaps": [ "valueMaps": [
@ -562,7 +559,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk I/O", "title": "Disk I/O",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -669,7 +666,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Disk Space Usage", "title": "Disk Space Usage",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -776,7 +773,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Network Received", "title": "Network Received",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -870,7 +867,7 @@ data:
"timeShift": null, "timeShift": null,
"title": "Network Transmitted", "title": "Network Transmitted",
"tooltip": { "tooltip": {
"shared": false, "shared": true,
"sort": 0, "sort": 0,
"value_type": "individual" "value_type": "individual"
}, },
@ -993,9 +990,8 @@ data:
"30d" "30d"
] ]
}, },
"timezone": "UTC", "timezone": "browser",
"title": "Nodes", "title": "Nodes",
"uid": "fa49a4706d07a042595b664c87fb33ea",
"version": 0 "version": 0
} }
{{- end }} {{- end }}

View File

@ -207,7 +207,7 @@ data:
"tableColumn": "", "tableColumn": "",
"targets": [ "targets": [
{ {
"expr": "(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", "expr": "max without(instance,node) (\n(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "", "legendFormat": "",
@ -404,7 +404,7 @@ data:
"tableColumn": "", "tableColumn": "",
"targets": [ "targets": [
{ {
"expr": "kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", "expr": "max without(instance,node) (\nkubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "", "legendFormat": "",

View File

@ -1025,7 +1025,7 @@ data:
}, },
"datasource": "$datasource", "datasource": "$datasource",
"hide": 2, "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false, "includeAll": false,
"label": null, "label": null,
"multi": false, "multi": false,

View File

@ -40,7 +40,7 @@ data:
"links": [ "links": [
], ],
"refresh": "", "refresh": "60s",
"rows": [ "rows": [
{ {
"collapse": false, "collapse": false,
@ -92,7 +92,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}\n)\n", "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -185,7 +185,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n)\n", "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -291,7 +291,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n", "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -876,7 +876,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"}", "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -1181,7 +1181,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -1274,7 +1274,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -1367,7 +1367,7 @@ data:
"steppedLine": false, "steppedLine": false,
"targets": [ "targets": [
{ {
"expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
@ -1520,7 +1520,7 @@ data:
"schemaVersion": 14, "schemaVersion": 14,
"style": "dark", "style": "dark",
"tags": [ "tags": [
"prometheus-mixin"
], ],
"templating": { "templating": {
"list": [ "list": [
@ -1664,7 +1664,7 @@ data:
] ]
}, },
"timezone": "browser", "timezone": "browser",
"title": "Prometheus Remote Write", "title": "Prometheus / Remote Write",
"version": 0 "version": 0
} }
{{- end }} {{- end }}

View File

@ -33,7 +33,7 @@ data:
"links": [ "links": [
], ],
"refresh": "10s", "refresh": "60s",
"rows": [ "rows": [
{ {
"collapse": false, "collapse": false,
@ -1112,7 +1112,7 @@ data:
"schemaVersion": 14, "schemaVersion": 14,
"style": "dark", "style": "dark",
"tags": [ "tags": [
"prometheus-mixin"
], ],
"templating": { "templating": {
"list": [ "list": [
@ -1220,7 +1220,7 @@ data:
] ]
}, },
"timezone": "utc", "timezone": "utc",
"title": "Prometheus Overview", "title": "Prometheus / Overview",
"uid": "", "uid": "",
"version": 0 "version": 0
} }

View File

@ -1203,7 +1203,7 @@ data:
}, },
"datasource": "$datasource", "datasource": "$datasource",
"hide": 2, "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false, "includeAll": false,
"label": null, "label": null,
"multi": false, "multi": false,

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/etcd/master/Documentation/op-guide/grafana.json Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/current/op-guide/grafana.json
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} {{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

View File

@ -3,6 +3,11 @@ apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission name: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
annotations:
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.labels" $ | indent 4 }}
@ -28,6 +33,9 @@ webhooks:
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.operator.fullname" $ }} name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
path: /admission-prometheusrules/mutate path: /admission-prometheusrules/mutate
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
{{- end }}
admissionReviewVersions: ["v1", "v1beta1"] admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None sideEffects: None
{{- end }} {{- end }}

View File

@ -3,6 +3,11 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission name: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
annotations:
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
{{- end }}
labels: labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- include "kube-prometheus-stack.labels" $ | indent 4 }}
@ -28,6 +33,9 @@ webhooks:
namespace: {{ template "kube-prometheus-stack.namespace" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.operator.fullname" $ }} name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
path: /admission-prometheusrules/validate path: /admission-prometheusrules/validate
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
{{- end }}
admissionReviewVersions: ["v1", "v1beta1"] admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None sideEffects: None
{{- end }} {{- end }}

View File

@ -0,0 +1,57 @@
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
# Create a selfsigned Issuer, in order to create a root CA certificate for
# signing webhook serving certificates
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
selfSigned: {}
---
# Generate a CA Certificate used to sign certificates for the webhook
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
duration: 43800h # 5y
issuerRef:
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
commonName: "ca.webhook.kube-prometheus-stack"
isCA: true
---
# Create an Issuer that uses the above generated CA certificate to issue certs
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
ca:
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
{{- end }}
---
# generate a serving certificate for the apiservices to use
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
duration: 8760h # 1y
issuerRef:
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
{{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
{{- else }}
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
{{- end }}
dnsNames:
- {{ template "kube-prometheus-stack.operator.fullname" . }}
- {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
- {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
{{- end -}}

View File

@ -58,24 +58,18 @@ spec:
{{- end }} {{- end }}
- --namespaces={{ $ns | join "," }} - --namespaces={{ $ns | join "," }}
{{- end }} {{- end }}
{{- if (semverCompare "< v0.44.0" .Values.prometheusOperator.image.tag) -}}
- --logtostderr=true
{{- end }}
- --localhost=127.0.0.1 - --localhost=127.0.0.1
{{- if .Values.prometheusOperator.prometheusDefaultBaseImage }}
- --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
{{- end }}
{{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
- --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
{{- end }}
{{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
- --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} - --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
{{- else }} {{- else }}
- --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }} - --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}
{{- end }} {{- end }}
# Empty if statement to catch non-semver master tags that do not need the --config-reloader-image flag
{{- if regexMatch "master.*" .Values.prometheusOperator.image.tag -}}
{{- else if (semverCompare "< v0.43.0" .Values.prometheusOperator.image.tag) -}}
{{- if .Values.prometheusOperator.configmapReloadImage.sha }}
- --config-reloader-image={{ .Values.prometheusOperator.configmapReloadImage.repository }}:{{ .Values.prometheusOperator.configmapReloadImage.tag }}@sha256:{{ .Values.prometheusOperator.configmapReloadImage.sha }}
{{- else }}
- --config-reloader-image={{ .Values.prometheusOperator.configmapReloadImage.repository }}:{{ .Values.prometheusOperator.configmapReloadImage.tag }}
{{- end }}
{{- end }}
- --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }} - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }}
- --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }} - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }}
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }} {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
@ -90,14 +84,17 @@ spec:
{{- if .Values.prometheusOperator.secretFieldSelector }} {{- if .Values.prometheusOperator.secretFieldSelector }}
- --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }} - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
{{- end }} {{- end }}
{{- if .Values.prometheusOperator.clusterDomain }}
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
{{- end }}
{{- if .Values.prometheusOperator.tls.enabled }} {{- if .Values.prometheusOperator.tls.enabled }}
- --web.enable-tls=true - --web.enable-tls=true
- --web.cert-file=cert/cert - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}
- --web.key-file=cert/key - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}
- --web.listen-address=:8443 - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }}
- --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }} - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }}
ports: ports:
- containerPort: 8443 - containerPort: {{ .Values.prometheusOperator.tls.internalPort }}
name: https name: https
{{- else }} {{- else }}
ports: ports:
@ -109,19 +106,21 @@ spec:
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
{{- if .Values.prometheusOperator.tls.enabled }} {{- if .Values.prometheusOperator.tls.enabled }}
volumeMounts: volumeMounts:
- name: tls-secret - name: tls-secret
mountPath: /cert mountPath: /cert
readOnly: true readOnly: true
{{- end }}
{{- if .Values.prometheusOperator.tls.enabled }}
volumes: volumes:
- name: tls-secret - name: tls-secret
secret: secret:
defaultMode: 420 defaultMode: 420
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }} {{- end }}
{{- with .Values.prometheusOperator.dnsConfig }}
dnsConfig:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.securityContext }} {{- if .Values.prometheusOperator.securityContext }}
securityContext: securityContext:
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} {{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}

View File

@ -17,7 +17,7 @@ spec:
ca: ca:
secret: secret:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission name: {{ template "kube-prometheus-stack.fullname" . }}-admission
key: ca key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }}
optional: false optional: false
{{- else }} {{- else }}
- port: http - port: http

View File

@ -1,4 +1,5 @@
{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }} {{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }}
{{- $pathType := .Values.prometheus.ingress.pathType | default "" }}
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}
{{- $servicePort := .Values.prometheus.service.port -}} {{- $servicePort := .Values.prometheus.service.port -}}
{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }}
@ -23,7 +24,7 @@ metadata:
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }} {{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }} {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }}
{{- if .Values.prometheus.ingress.ingressClassName }} {{- if .Values.prometheus.ingress.ingressClassName }}
ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }} ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }}
{{- end }} {{- end }}
@ -36,6 +37,9 @@ spec:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}
@ -46,6 +50,9 @@ spec:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}

View File

@ -1,9 +1,14 @@
{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }} {{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }}
{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }}
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}
{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}} {{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}}
{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }}
{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}} {{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
{{ end -}}
kind: Ingress kind: Ingress
metadata: metadata:
{{- if .Values.prometheus.thanosIngress.annotations }} {{- if .Values.prometheus.thanosIngress.annotations }}
@ -18,7 +23,7 @@ metadata:
{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }} {{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }} {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }}
{{- if .Values.prometheus.thanosIngress.ingressClassName }} {{- if .Values.prometheus.thanosIngress.ingressClassName }}
ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }} ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }}
{{- end }} {{- end }}
@ -31,6 +36,9 @@ spec:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $thanosPort }} servicePort: {{ $thanosPort }}
@ -41,6 +49,9 @@ spec:
paths: paths:
{{- range $p := $paths }} {{- range $p := $paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $thanosPort }} servicePort: {{ $thanosPort }}

View File

@ -1,4 +1,5 @@
{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }} {{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }}
{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }}
{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} {{- $count := .Values.prometheus.prometheusSpec.replicas | int -}}
{{- $servicePort := .Values.prometheus.servicePerReplica.port -}} {{- $servicePort := .Values.prometheus.servicePerReplica.port -}}
{{- $ingressValues := .Values.prometheus.ingressPerReplica -}} {{- $ingressValues := .Values.prometheus.ingressPerReplica -}}
@ -29,7 +30,7 @@ items:
{{ toYaml $ingressValues.annotations | indent 8 }} {{ toYaml $ingressValues.annotations | indent 8 }}
{{- end }} {{- end }}
spec: spec:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }} {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }}
{{- if $ingressValues.ingressClassName }} {{- if $ingressValues.ingressClassName }}
ingressClassName: {{ $ingressValues.ingressClassName }} ingressClassName: {{ $ingressValues.ingressClassName }}
{{- end }} {{- end }}
@ -40,6 +41,9 @@ items:
paths: paths:
{{- range $p := $ingressValues.paths }} {{- range $p := $ingressValues.paths }}
- path: {{ tpl $p $ }} - path: {{ tpl $p $ }}
{{- if $pathType }}
pathType: {{ $pathType }}
{{- end }}
backend: backend:
serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}

View File

@ -40,7 +40,7 @@ spec:
{{- end }} {{- end }}
{{- if .Values.prometheus.prometheusSpec.externalLabels }} {{- if .Values.prometheus.prometheusSpec.externalLabels }}
externalLabels: externalLabels:
{{ toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4}} {{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }}
{{- end }} {{- end }}
{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }} {{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }}
prometheusExternalLabelName: "" prometheusExternalLabelName: ""
@ -65,6 +65,7 @@ spec:
{{- end }} {{- end }}
paused: {{ .Values.prometheus.prometheusSpec.paused }} paused: {{ .Values.prometheus.prometheusSpec.paused }}
replicas: {{ .Values.prometheus.prometheusSpec.replicas }} replicas: {{ .Values.prometheus.prometheusSpec.replicas }}
shards: {{ .Values.prometheus.prometheusSpec.shards }}
logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }}
logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }} logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }}
listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }}
@ -200,9 +201,9 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }}
labelSelector: labelSelector:
matchLabels: matchExpressions:
app: prometheus - {key: app, operator: In, values: [prometheus]}
prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]}
{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} {{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }}
podAntiAffinity: podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
@ -210,15 +211,19 @@ spec:
podAffinityTerm: podAffinityTerm:
topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }}
labelSelector: labelSelector:
matchLabels: matchExpressions:
app: prometheus - {key: app, operator: In, values: [prometheus]}
prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.prometheus.prometheusSpec.tolerations }} {{- if .Values.prometheus.prometheusSpec.tolerations }}
tolerations: tolerations:
{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} {{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }} {{- if .Values.global.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 4 }} {{ toYaml .Values.global.imagePullSecrets | indent 4 }}

View File

@ -26,6 +26,9 @@ spec:
- 'secret' - 'secret'
- 'downwardAPI' - 'downwardAPI'
- 'persistentVolumeClaim' - 'persistentVolumeClaim'
{{- if .Values.prometheus.podSecurityPolicy.volumes }}
{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }}
{{- end }}
hostNetwork: false hostNetwork: false
hostIPC: false hostIPC: false
hostPID: false hostPID: false
@ -52,4 +55,8 @@ spec:
allowedCapabilities: allowedCapabilities:
{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }} {{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }}
allowedHostPaths:
{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }}
{{- end }}
{{- end }} {{- end }}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/etcd/master/Documentation/op-guide/etcd3_alert.rules.yml Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/v3.4.0/op-guide/etcd3_alert.rules.yml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -24,24 +24,6 @@ spec:
groups: groups:
- name: etcd - name: etcd
rules: rules:
- alert: etcdMembersDown
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": members are down ({{`{{`}} $value {{`}}`}}).'
expr: |-
max by (job) (
sum by (job) (up{job=~".*etcd.*"} == bool 0)
or
count by (job,endpoint) (
sum by (job,endpoint,To) (rate(etcd_network_peer_sent_failures_total{job=~".*etcd.*"}[3m])) > 0.01
)
)
> 0
for: 3m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdInsufficientMembers - alert: etcdInsufficientMembers
annotations: annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).'
@ -64,9 +46,9 @@ spec:
{{- end }} {{- end }}
- alert: etcdHighNumberOfLeaderChanges - alert: etcdHighNumberOfLeaderChanges
annotations: annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} leader changes within the last 15 minutes. Frequent elections may be a sign of insufficient resources, high network latency, or disruptions by other components and should be investigated.' message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.'
expr: increase((max by (job) (etcd_server_leader_changes_seen_total{job=~".*etcd.*"}) or 0*absent(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}))[15m:1m]) >= 3 expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3
for: 5m for: 15m
labels: labels:
severity: warning severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }} {{- if .Values.defaultRules.additionalRuleLabels }}
@ -98,7 +80,7 @@ spec:
{{- end }} {{- end }}
- alert: etcdHighNumberOfFailedProposals - alert: etcdHighNumberOfFailedProposals
annotations: annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last 30 minutes on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5
for: 15m for: 15m
labels: labels:
@ -166,4 +148,4 @@ spec:
{{- if .Values.defaultRules.additionalRuleLabels }} {{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -24,8 +24,6 @@ spec:
groups: groups:
- name: k8s.rules - name: k8s.rules
rules: rules:
- expr: sum(rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m])) by (namespace)
record: namespace:container_cpu_usage_seconds_total:sum_rate
- expr: |- - expr: |-
sum by (cluster, namespace, pod, container) ( sum by (cluster, namespace, pod, container) (
rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]) rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m])
@ -57,8 +55,6 @@ spec:
max by(namespace, pod, node) (kube_pod_info{node!=""}) max by(namespace, pod, node) (kube_pod_info{node!=""})
) )
record: node_namespace_pod_container:container_memory_swap record: node_namespace_pod_container:container_memory_swap
- expr: sum(container_memory_usage_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}) by (namespace)
record: namespace:container_memory_usage_bytes:sum
- expr: |- - expr: |-
sum by (namespace) ( sum by (namespace) (
sum by (namespace, pod) ( sum by (namespace, pod) (

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -99,54 +99,56 @@ spec:
labels: labels:
verb: write verb: write
record: apiserver_request:availability30d record: apiserver_request:availability30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[30d])) - expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[30d]))
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[30d]))
record: code_verb:apiserver_request_total:increase30d record: code_verb:apiserver_request_total:increase30d
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"})
labels: labels:
verb: read verb: read

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -343,11 +343,6 @@ spec:
quantile: '0.99' quantile: '0.99'
verb: write verb: write
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: |-
sum(rate(apiserver_request_duration_seconds_sum{subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)
/
sum(rate(apiserver_request_duration_seconds_count{subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)
record: cluster:apiserver_request_duration_seconds:mean5m
- expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) - expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels: labels:
quantile: '0.99' quantile: '0.99'

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -27,10 +27,10 @@ spec:
rules: rules:
- alert: KubePodCrashLooping - alert: KubePodCrashLooping
annotations: annotations:
description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 5 minutes. description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 10 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping
summary: Pod is crash looping. summary: Pod is crash looping.
expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) * 60 * 5 > 0 expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) * 60 * 5 > 0
for: 15m for: 15m
labels: labels:
severity: warning severity: warning

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -48,16 +48,15 @@ spec:
{{- end }} {{- end }}
- alert: AggregatedAPIErrors - alert: AggregatedAPIErrors
annotations: annotations:
description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapierrors runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapierrors
summary: An aggregated API has reported errors. summary: An aggregated API has reported errors.
expr: sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 expr: sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[10m])) > 4
labels: labels:
severity: warning severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }} {{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }} {{- end }}
{{- if semverCompare ">=1.18.0-0" $kubeTargetVersion }}
- alert: AggregatedAPIDown - alert: AggregatedAPIDown
annotations: annotations:
description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m. description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m.
@ -67,7 +66,6 @@ spec:
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
{{- end }}
{{- if .Values.defaultRules.additionalRuleLabels }} {{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }} {{- end }}
@ -85,4 +83,16 @@ spec:
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} {{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
- alert: KubeAPITerminatedRequests
annotations:
description: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapiterminatedrequests
summary: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests.
expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }} {{- end }}
{{- end }}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -27,7 +27,6 @@ spec:
- alert: NodeFilesystemSpaceFillingUp - alert: NodeFilesystemSpaceFillingUp
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemspacefillingup
summary: Filesystem is predicted to run out of space within the next 24 hours. summary: Filesystem is predicted to run out of space within the next 24 hours.
expr: |- expr: |-
( (
@ -46,7 +45,6 @@ spec:
- alert: NodeFilesystemSpaceFillingUp - alert: NodeFilesystemSpaceFillingUp
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemspacefillingup
summary: Filesystem is predicted to run out of space within the next 4 hours. summary: Filesystem is predicted to run out of space within the next 4 hours.
expr: |- expr: |-
( (
@ -65,7 +63,6 @@ spec:
- alert: NodeFilesystemAlmostOutOfSpace - alert: NodeFilesystemAlmostOutOfSpace
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutofspace
summary: Filesystem has less than 5% space left. summary: Filesystem has less than 5% space left.
expr: |- expr: |-
( (
@ -82,7 +79,6 @@ spec:
- alert: NodeFilesystemAlmostOutOfSpace - alert: NodeFilesystemAlmostOutOfSpace
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutofspace
summary: Filesystem has less than 3% space left. summary: Filesystem has less than 3% space left.
expr: |- expr: |-
( (
@ -99,7 +95,6 @@ spec:
- alert: NodeFilesystemFilesFillingUp - alert: NodeFilesystemFilesFillingUp
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemfilesfillingup
summary: Filesystem is predicted to run out of inodes within the next 24 hours. summary: Filesystem is predicted to run out of inodes within the next 24 hours.
expr: |- expr: |-
( (
@ -118,7 +113,6 @@ spec:
- alert: NodeFilesystemFilesFillingUp - alert: NodeFilesystemFilesFillingUp
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemfilesfillingup
summary: Filesystem is predicted to run out of inodes within the next 4 hours. summary: Filesystem is predicted to run out of inodes within the next 4 hours.
expr: |- expr: |-
( (
@ -137,7 +131,6 @@ spec:
- alert: NodeFilesystemAlmostOutOfFiles - alert: NodeFilesystemAlmostOutOfFiles
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutoffiles
summary: Filesystem has less than 5% inodes left. summary: Filesystem has less than 5% inodes left.
expr: |- expr: |-
( (
@ -154,7 +147,6 @@ spec:
- alert: NodeFilesystemAlmostOutOfFiles - alert: NodeFilesystemAlmostOutOfFiles
annotations: annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutoffiles
summary: Filesystem has less than 3% inodes left. summary: Filesystem has less than 3% inodes left.
expr: |- expr: |-
( (
@ -171,7 +163,6 @@ spec:
- alert: NodeNetworkReceiveErrs - alert: NodeNetworkReceiveErrs
annotations: annotations:
description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.' description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodenetworkreceiveerrs
summary: Network interface is reporting many receive errors. summary: Network interface is reporting many receive errors.
expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01
for: 1h for: 1h
@ -183,7 +174,6 @@ spec:
- alert: NodeNetworkTransmitErrs - alert: NodeNetworkTransmitErrs
annotations: annotations:
description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.' description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodenetworktransmiterrs
summary: Network interface is reporting many transmit errors. summary: Network interface is reporting many transmit errors.
expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01
for: 1h for: 1h
@ -195,7 +185,6 @@ spec:
- alert: NodeHighNumberConntrackEntriesUsed - alert: NodeHighNumberConntrackEntriesUsed
annotations: annotations:
description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.' description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodehighnumberconntrackentriesused
summary: Number of conntrack are getting close to the limit. summary: Number of conntrack are getting close to the limit.
expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75
labels: labels:
@ -206,7 +195,6 @@ spec:
- alert: NodeTextFileCollectorScrapeError - alert: NodeTextFileCollectorScrapeError
annotations: annotations:
description: Node Exporter text file collector failed to scrape. description: Node Exporter text file collector failed to scrape.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodetextfilecollectorscrapeerror
summary: Node Exporter text file collector failed to scrape. summary: Node Exporter text file collector failed to scrape.
expr: node_textfile_scrape_error{job="node-exporter"} == 1 expr: node_textfile_scrape_error{job="node-exporter"} == 1
labels: labels:
@ -217,7 +205,6 @@ spec:
- alert: NodeClockSkewDetected - alert: NodeClockSkewDetected
annotations: annotations:
message: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. message: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodeclockskewdetected
summary: Clock skew detected. summary: Clock skew detected.
expr: |- expr: |-
( (
@ -240,7 +227,6 @@ spec:
- alert: NodeClockNotSynchronising - alert: NodeClockNotSynchronising
annotations: annotations:
message: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host. message: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodeclocknotsynchronising
summary: Clock not synchronising. summary: Clock not synchronising.
expr: |- expr: |-
min_over_time(node_timex_sync_status[5m]) == 0 min_over_time(node_timex_sync_status[5m]) == 0
@ -255,7 +241,6 @@ spec:
- alert: NodeRAIDDegraded - alert: NodeRAIDDegraded
annotations: annotations:
description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-noderaiddegraded
summary: RAID Array is degraded summary: RAID Array is degraded
expr: node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 expr: node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0
for: 15m for: 15m
@ -267,7 +252,6 @@ spec:
- alert: NodeRAIDDiskFailure - alert: NodeRAIDDiskFailure
annotations: annotations:
description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap. description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-noderaiddiskfailure
summary: Failed device in RAID array summary: Failed device in RAID array
expr: node_md_disks{state="fail"} > 0 expr: node_md_disks{state="fail"} > 0
labels: labels:

View File

@ -1,5 +1,5 @@
{{- /* {{- /*
Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link: Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}} */ -}}
@ -24,8 +24,6 @@ spec:
groups: groups:
- name: node.rules - name: node.rules
rules: rules:
- expr: sum(min(kube_pod_info{node!=""}) by (cluster, node))
record: ':kube_pod_info_node_count:'
- expr: |- - expr: |-
topk by(namespace, pod) (1, topk by(namespace, pod) (1,
max by (node, namespace, pod) ( max by (node, namespace, pod) (

Some files were not shown because too many files have changed in this diff Show More