Latest metrics incl. support for cluster external node-exporter
This commit is contained in:
parent
ad99454f8f
commit
ed04b43192
@ -34,8 +34,10 @@ Kubernetes: `>= 1.24.0`
|
|||||||
|
|
||||||
# Gitea
|
# Gitea
|
||||||
|
|
||||||
## OpenSSH 8.8 RSA disabled
|
# Verdaccio
|
||||||
- https://github.com/go-gitea/gitea/issues/17798
|
|
||||||
|
## Authentication sealed-secret
|
||||||
|
```htpasswd -n -b -B -C 4 <username> <password> | kubeseal --raw --namespace verdaccio --name verdaccio-htpasswd```
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-metrics
|
name: kubezero-metrics
|
||||||
description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
||||||
type: application
|
type: application
|
||||||
version: 0.9.0
|
version: 0.9.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -19,7 +19,7 @@ dependencies:
|
|||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
||||||
- name: kube-prometheus-stack
|
- name: kube-prometheus-stack
|
||||||
version: 45.9.1
|
version: 45.27.2
|
||||||
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
||||||
# repository: https://prometheus-community.github.io/helm-charts
|
# repository: https://prometheus-community.github.io/helm-charts
|
||||||
- name: prometheus-adapter
|
- name: prometheus-adapter
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-metrics
|
# kubezero-metrics
|
||||||
|
|
||||||
![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
||||||
|
|
||||||
@ -18,7 +18,7 @@ Kubernetes: `>= 1.25.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | kube-prometheus-stack | 45.9.1 |
|
| | kube-prometheus-stack | 45.27.2 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 4.1.1 |
|
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 4.1.1 |
|
||||||
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.1.3 |
|
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.1.3 |
|
||||||
@ -155,7 +155,7 @@ Kubernetes: `>= 1.25.0`
|
|||||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].replacement | string | `"$1"` | |
|
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].replacement | string | `"$1"` | |
|
||||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].separator | string | `";"` | |
|
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].separator | string | `";"` | |
|
||||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_node_name"` | |
|
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_node_name"` | |
|
||||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].targetLabel | string | `"node"` | |
|
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].targetLabel | string | `"instance"` | |
|
||||||
| kube-prometheus-stack.prometheus-node-exporter.resources.requests.cpu | string | `"20m"` | |
|
| kube-prometheus-stack.prometheus-node-exporter.resources.requests.cpu | string | `"20m"` | |
|
||||||
| kube-prometheus-stack.prometheus-node-exporter.resources.requests.memory | string | `"16Mi"` | |
|
| kube-prometheus-stack.prometheus-node-exporter.resources.requests.memory | string | `"16Mi"` | |
|
||||||
| kube-prometheus-stack.prometheus.enabled | bool | `true` | |
|
| kube-prometheus-stack.prometheus.enabled | bool | `true` | |
|
||||||
|
@ -7,20 +7,20 @@ annotations:
|
|||||||
url: https://github.com/prometheus-operator/kube-prometheus
|
url: https://github.com/prometheus-operator/kube-prometheus
|
||||||
artifacthub.io/operator: "true"
|
artifacthub.io/operator: "true"
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: v0.63.0
|
appVersion: v0.65.1
|
||||||
dependencies:
|
dependencies:
|
||||||
- condition: kubeStateMetrics.enabled
|
- condition: kubeStateMetrics.enabled
|
||||||
name: kube-state-metrics
|
name: kube-state-metrics
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
version: 5.0.*
|
version: 5.5.*
|
||||||
- condition: nodeExporter.enabled
|
- condition: nodeExporter.enabled
|
||||||
name: prometheus-node-exporter
|
name: prometheus-node-exporter
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
version: 4.14.*
|
version: 4.16.*
|
||||||
- condition: grafana.enabled
|
- condition: grafana.enabled
|
||||||
name: grafana
|
name: grafana
|
||||||
repository: https://grafana.github.io/helm-charts
|
repository: https://grafana.github.io/helm-charts
|
||||||
version: 6.51.*
|
version: 6.56.*
|
||||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
||||||
and Prometheus rules combined with documentation and scripts to provide easy to
|
and Prometheus rules combined with documentation and scripts to provide easy to
|
||||||
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
||||||
@ -52,4 +52,4 @@ sources:
|
|||||||
- https://github.com/prometheus-community/helm-charts
|
- https://github.com/prometheus-community/helm-charts
|
||||||
- https://github.com/prometheus-operator/kube-prometheus
|
- https://github.com/prometheus-operator/kube-prometheus
|
||||||
type: application
|
type: application
|
||||||
version: 45.9.1
|
version: 45.27.2
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 9.3.8
|
appVersion: 9.5.1
|
||||||
description: The leading tool for querying and visualizing time series and metrics.
|
description: The leading tool for querying and visualizing time series and metrics.
|
||||||
home: https://grafana.net
|
home: https://grafana.net
|
||||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||||
@ -19,4 +19,4 @@ name: grafana
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/grafana/grafana
|
- https://github.com/grafana/grafana
|
||||||
type: application
|
type: application
|
||||||
version: 6.51.5
|
version: 6.56.2
|
||||||
|
@ -87,6 +87,7 @@ This version requires Helm >= 3.1.0.
|
|||||||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
||||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
||||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
||||||
|
| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` |
|
||||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||||
@ -216,8 +217,8 @@ This version requires Helm >= 3.1.0.
|
|||||||
| `rbac.create` | Create and use RBAC resources | `true` |
|
| `rbac.create` | Create and use RBAC resources | `true` |
|
||||||
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
|
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
|
||||||
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
|
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
|
||||||
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
|
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` |
|
||||||
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
|
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` |
|
||||||
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
|
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
|
||||||
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
|
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
|
||||||
| `command` | Define command to be executed by grafana container at startup | `nil` |
|
| `command` | Define command to be executed by grafana container at startup | `nil` |
|
||||||
@ -251,6 +252,7 @@ This version requires Helm >= 3.1.0.
|
|||||||
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
|
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
|
||||||
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
|
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
|
||||||
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
|
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
|
||||||
|
| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
|
||||||
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
|
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
|
||||||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
||||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
||||||
@ -397,9 +399,41 @@ filters out the ones with a label as defined in `sidecar.datasources.label`. The
|
|||||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
||||||
the data sources in grafana can be imported.
|
the data sources in grafana can be imported.
|
||||||
|
|
||||||
|
Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://<svc-name>.<namespace>.svc.cluster.local/api/admin/provisioning/datasources/reload`.
|
||||||
|
|
||||||
Secrets are recommended over configmaps for this usecase because datasources usually contain private
|
Secrets are recommended over configmaps for this usecase because datasources usually contain private
|
||||||
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
||||||
|
|
||||||
|
Example values to add a postgres datasource as a kubernetes secret:
|
||||||
|
```yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: grafana-datasources
|
||||||
|
labels:
|
||||||
|
grafana_datasource: 'true' # default value for: sidecar.datasources.label
|
||||||
|
stringData:
|
||||||
|
pg-db.yaml: |-
|
||||||
|
apiVersion: 1
|
||||||
|
datasources:
|
||||||
|
- name: My pg db datasource
|
||||||
|
type: postgres
|
||||||
|
url: my-postgresql-db:5432
|
||||||
|
user: db-readonly-user
|
||||||
|
secureJsonData:
|
||||||
|
password: 'SUperSEcretPa$$word'
|
||||||
|
jsonData:
|
||||||
|
database: my_datase
|
||||||
|
sslmode: 'disable' # disable/require/verify-ca/verify-full
|
||||||
|
maxOpenConns: 0 # Grafana v5.4+
|
||||||
|
maxIdleConns: 2 # Grafana v5.4+
|
||||||
|
connMaxLifetime: 14400 # Grafana v5.4+
|
||||||
|
postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
|
||||||
|
timescaledb: false
|
||||||
|
# <bool> allow users to edit datasources from the UI.
|
||||||
|
editable: false
|
||||||
|
```
|
||||||
|
|
||||||
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
|
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -786,7 +786,7 @@ containers:
|
|||||||
{{- range .Values.extraConfigmapMounts }}
|
{{- range .Values.extraConfigmapMounts }}
|
||||||
- name: {{ tpl .name $root }}
|
- name: {{ tpl .name $root }}
|
||||||
mountPath: {{ tpl .mountPath $root }}
|
mountPath: {{ tpl .mountPath $root }}
|
||||||
subPath: {{ (tpl .subPath $root) | default "" }}
|
subPath: {{ tpl (.subPath | default "") $root }}
|
||||||
readOnly: {{ .readOnly }}
|
readOnly: {{ .readOnly }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: storage
|
- name: storage
|
||||||
|
@ -9,9 +9,9 @@ metadata:
|
|||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
name: {{ include "grafana.fullname" . }}-clusterrole
|
name: {{ include "grafana.fullname" . }}-clusterrole
|
||||||
{{- if or .Values.sidecar.dashboards.enabled (or .Values.rbac.extraClusterRoleRules (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }}
|
{{- if or .Values.sidecar.dashboards.enabled .Values.rbac.extraClusterRoleRules .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }}
|
||||||
rules:
|
rules:
|
||||||
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }}
|
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }}
|
||||||
- apiGroups: [""] # "" indicates the core API group
|
- apiGroups: [""] # "" indicates the core API group
|
||||||
resources: ["configmaps", "secrets"]
|
resources: ["configmaps", "secrets"]
|
||||||
verbs: ["get", "watch", "list"]
|
verbs: ["get", "watch", "list"]
|
||||||
|
@ -87,7 +87,11 @@ data:
|
|||||||
--connect-timeout 60 \
|
--connect-timeout 60 \
|
||||||
--max-time 60 \
|
--max-time 60 \
|
||||||
{{- if not $value.b64content }}
|
{{- if not $value.b64content }}
|
||||||
|
{{- if not $value.acceptHeader }}
|
||||||
-H "Accept: application/json" \
|
-H "Accept: application/json" \
|
||||||
|
{{- else }}
|
||||||
|
-H "Accept: {{ $value.acceptHeader }}" \
|
||||||
|
{{- end }}
|
||||||
{{- if $value.token }}
|
{{- if $value.token }}
|
||||||
-H "Authorization: token {{ $value.token }}" \
|
-H "Authorization: token {{ $value.token }}" \
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -95,7 +99,7 @@ data:
|
|||||||
-H "Authorization: Bearer {{ $value.bearerToken }}" \
|
-H "Authorization: Bearer {{ $value.bearerToken }}" \
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if $value.basic }}
|
{{- if $value.basic }}
|
||||||
-H "Basic: {{ $value.basic }}" \
|
-H "Authorization: Basic {{ $value.basic }}" \
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if $value.gitlabToken }}
|
{{- if $value.gitlabToken }}
|
||||||
-H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
|
-H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
|
||||||
|
@ -42,6 +42,7 @@ spec:
|
|||||||
{{- if .Values.envRenderSecret }}
|
{{- if .Values.envRenderSecret }}
|
||||||
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
|
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
|
||||||
{{- with .Values.podAnnotations }}
|
{{- with .Values.podAnnotations }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -92,6 +92,11 @@ spec:
|
|||||||
- name: ENABLE_METRICS
|
- name: ENABLE_METRICS
|
||||||
value: "true"
|
value: "true"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- range $key, $value := .Values.imageRenderer.envValueFrom }}
|
||||||
|
- name: {{ $key | quote }}
|
||||||
|
valueFrom:
|
||||||
|
{{- tpl (toYaml $value) $ | nindent 16 }}
|
||||||
|
{{- end }}
|
||||||
{{- range $key, $value := .Values.imageRenderer.env }}
|
{{- range $key, $value := .Values.imageRenderer.env }}
|
||||||
- name: {{ $key | quote }}
|
- name: {{ $key | quote }}
|
||||||
value: {{ $value | quote }}
|
value: {{ $value | quote }}
|
||||||
|
@ -31,6 +31,7 @@ spec:
|
|||||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
|
||||||
{{- with .Values.podAnnotations }}
|
{{- with .Values.podAnnotations }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -84,7 +84,7 @@ livenessProbe:
|
|||||||
# schedulerName: "default-scheduler"
|
# schedulerName: "default-scheduler"
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: grafana/grafana
|
repository: docker.io/grafana/grafana
|
||||||
# Overrides the Grafana image tag whose default is the chart appVersion
|
# Overrides the Grafana image tag whose default is the chart appVersion
|
||||||
tag: ""
|
tag: ""
|
||||||
sha: ""
|
sha: ""
|
||||||
@ -100,17 +100,23 @@ image:
|
|||||||
|
|
||||||
testFramework:
|
testFramework:
|
||||||
enabled: true
|
enabled: true
|
||||||
image: "bats/bats"
|
image: docker.io/bats/bats
|
||||||
tag: "v1.4.1"
|
tag: "v1.4.1"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
securityContext: {}
|
securityContext: {}
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
runAsUser: 472
|
runAsUser: 472
|
||||||
runAsGroup: 472
|
runAsGroup: 472
|
||||||
fsGroup: 472
|
fsGroup: 472
|
||||||
|
|
||||||
containerSecurityContext: {}
|
containerSecurityContext:
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
|
||||||
# Enable creating the grafana configmap
|
# Enable creating the grafana configmap
|
||||||
createConfigmap: true
|
createConfigmap: true
|
||||||
@ -137,7 +143,7 @@ extraLabels: {}
|
|||||||
# priorityClassName:
|
# priorityClassName:
|
||||||
|
|
||||||
downloadDashboardsImage:
|
downloadDashboardsImage:
|
||||||
repository: curlimages/curl
|
repository: docker.io/curlimages/curl
|
||||||
tag: 7.85.0
|
tag: 7.85.0
|
||||||
sha: ""
|
sha: ""
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
@ -146,7 +152,13 @@ downloadDashboards:
|
|||||||
env: {}
|
env: {}
|
||||||
envFromSecret: ""
|
envFromSecret: ""
|
||||||
resources: {}
|
resources: {}
|
||||||
securityContext: {}
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
envValueFrom: {}
|
envValueFrom: {}
|
||||||
# ENV_NAME:
|
# ENV_NAME:
|
||||||
# configMapKeyRef:
|
# configMapKeyRef:
|
||||||
@ -346,7 +358,7 @@ initChownData:
|
|||||||
## initChownData container image
|
## initChownData container image
|
||||||
##
|
##
|
||||||
image:
|
image:
|
||||||
repository: busybox
|
repository: docker.io/library/busybox
|
||||||
tag: "1.31.1"
|
tag: "1.31.1"
|
||||||
sha: ""
|
sha: ""
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
@ -364,7 +376,11 @@ initChownData:
|
|||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: false
|
runAsNonRoot: false
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- CHOWN
|
||||||
|
|
||||||
# Administrator credentials when not using an existing secret (see below)
|
# Administrator credentials when not using an existing secret (see below)
|
||||||
adminUser: admin
|
adminUser: admin
|
||||||
@ -520,6 +536,9 @@ lifecycleHooks: {}
|
|||||||
plugins: []
|
plugins: []
|
||||||
# - digrich-bubblechart-panel
|
# - digrich-bubblechart-panel
|
||||||
# - grafana-clock-panel
|
# - grafana-clock-panel
|
||||||
|
## You can also use other plugin download URL, as long as they are valid zip files,
|
||||||
|
## and specify the name of the plugin after the semicolon. Like this:
|
||||||
|
# - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource
|
||||||
|
|
||||||
## Configure grafana datasources
|
## Configure grafana datasources
|
||||||
## ref: http://docs.grafana.org/administration/provisioning/#datasources
|
## ref: http://docs.grafana.org/administration/provisioning/#datasources
|
||||||
@ -676,6 +695,7 @@ dashboards: {}
|
|||||||
# local-dashboard-azure:
|
# local-dashboard-azure:
|
||||||
# url: https://example.com/repository/test-azure.json
|
# url: https://example.com/repository/test-azure.json
|
||||||
# basic: ''
|
# basic: ''
|
||||||
|
# acceptHeader: '*/*'
|
||||||
|
|
||||||
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
|
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
|
||||||
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
|
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
|
||||||
@ -777,7 +797,13 @@ sidecar:
|
|||||||
# requests:
|
# requests:
|
||||||
# cpu: 50m
|
# cpu: 50m
|
||||||
# memory: 50Mi
|
# memory: 50Mi
|
||||||
securityContext: {}
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
# skipTlsVerify Set to true to skip tls verification for kube api calls
|
# skipTlsVerify Set to true to skip tls verification for kube api calls
|
||||||
# skipTlsVerify: true
|
# skipTlsVerify: true
|
||||||
enableUniqueFilenames: false
|
enableUniqueFilenames: false
|
||||||
@ -1030,7 +1056,7 @@ imageRenderer:
|
|||||||
behavior: {}
|
behavior: {}
|
||||||
image:
|
image:
|
||||||
# image-renderer Image repository
|
# image-renderer Image repository
|
||||||
repository: grafana/grafana-image-renderer
|
repository: docker.io/grafana/grafana-image-renderer
|
||||||
# image-renderer Image tag
|
# image-renderer Image tag
|
||||||
tag: latest
|
tag: latest
|
||||||
# image-renderer Image sha (optional)
|
# image-renderer Image sha (optional)
|
||||||
@ -1043,12 +1069,29 @@ imageRenderer:
|
|||||||
# RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758
|
# RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758
|
||||||
# RENDERING_MODE: clustered
|
# RENDERING_MODE: clustered
|
||||||
# IGNORE_HTTPS_ERRORS: true
|
# IGNORE_HTTPS_ERRORS: true
|
||||||
|
|
||||||
|
## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
|
||||||
|
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
|
||||||
|
## Renders in container spec as:
|
||||||
|
## env:
|
||||||
|
## ...
|
||||||
|
## - name: <key>
|
||||||
|
## valueFrom:
|
||||||
|
## <value rendered as YAML>
|
||||||
|
envValueFrom: {}
|
||||||
|
# ENV_NAME:
|
||||||
|
# configMapKeyRef:
|
||||||
|
# name: configmap-name
|
||||||
|
# key: value_key
|
||||||
|
|
||||||
# image-renderer deployment serviceAccount
|
# image-renderer deployment serviceAccount
|
||||||
serviceAccountName: ""
|
serviceAccountName: ""
|
||||||
# image-renderer deployment securityContext
|
# image-renderer deployment securityContext
|
||||||
securityContext: {}
|
securityContext: {}
|
||||||
# image-renderer deployment container securityContext
|
# image-renderer deployment container securityContext
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
capabilities:
|
capabilities:
|
||||||
drop: ['ALL']
|
drop: ['ALL']
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
@ -18,4 +18,4 @@ name: kube-state-metrics
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/kubernetes/kube-state-metrics/
|
- https://github.com/kubernetes/kube-state-metrics/
|
||||||
type: application
|
type: application
|
||||||
version: 5.0.1
|
version: 5.5.0
|
||||||
|
@ -162,6 +162,9 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: kube-rbac-proxy-config
|
- name: kube-rbac-proxy-config
|
||||||
mountPath: /etc/kube-rbac-proxy-config
|
mountPath: /etc/kube-rbac-proxy-config
|
||||||
|
{{- with .Values.kubeRBACProxy.volumeMounts }}
|
||||||
|
{{- toYaml . | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
||||||
image: {{ include "kubeRBACProxy.image" . }}
|
image: {{ include "kubeRBACProxy.image" . }}
|
||||||
ports:
|
ports:
|
||||||
@ -197,6 +200,9 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: kube-rbac-proxy-config
|
- name: kube-rbac-proxy-config
|
||||||
mountPath: /etc/kube-rbac-proxy-config
|
mountPath: /etc/kube-rbac-proxy-config
|
||||||
|
{{- with .Values.kubeRBACProxy.volumeMounts }}
|
||||||
|
{{- toYaml . | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
||||||
image: {{ include "kubeRBACProxy.image" . }}
|
image: {{ include "kubeRBACProxy.image" . }}
|
||||||
ports:
|
ports:
|
||||||
|
@ -9,6 +9,10 @@ metadata:
|
|||||||
{{- with .Values.prometheus.monitor.additionalLabels }}
|
{{- with .Values.prometheus.monitor.additionalLabels }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.prometheus.monitor.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
|
jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
|
||||||
{{- with .Values.prometheus.monitor.targetLabels }}
|
{{- with .Values.prometheus.monitor.targetLabels }}
|
||||||
@ -56,6 +60,13 @@ spec:
|
|||||||
tlsConfig:
|
tlsConfig:
|
||||||
{{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }}
|
{{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.bearerTokenFile }}
|
||||||
|
bearerTokenFile: {{ .Values.prometheus.monitor.bearerTokenFile }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.prometheus.monitor.bearerTokenSecret }}
|
||||||
|
bearerTokenSecret:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.selfMonitor.enabled }}
|
{{- if .Values.selfMonitor.enabled }}
|
||||||
- port: metrics
|
- port: metrics
|
||||||
{{- if .Values.prometheus.monitor.interval }}
|
{{- if .Values.prometheus.monitor.interval }}
|
||||||
|
@ -115,6 +115,13 @@ kubeRBACProxy:
|
|||||||
# cpu: 10m
|
# cpu: 10m
|
||||||
# memory: 32Mi
|
# memory: 32Mi
|
||||||
|
|
||||||
|
## volumeMounts enables mounting custom volumes in rbac-proxy containers
|
||||||
|
## Useful for TLS certificates and keys
|
||||||
|
volumeMounts: []
|
||||||
|
# - mountPath: /etc/tls
|
||||||
|
# name: kube-rbac-proxy-tls
|
||||||
|
# readOnly: true
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
# Specifies whether a ServiceAccount should be created, require rbac true
|
# Specifies whether a ServiceAccount should be created, require rbac true
|
||||||
create: true
|
create: true
|
||||||
@ -132,6 +139,7 @@ serviceAccount:
|
|||||||
prometheus:
|
prometheus:
|
||||||
monitor:
|
monitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
annotations: {}
|
||||||
additionalLabels: {}
|
additionalLabels: {}
|
||||||
namespace: ""
|
namespace: ""
|
||||||
jobLabel: ""
|
jobLabel: ""
|
||||||
@ -164,6 +172,14 @@ prometheus:
|
|||||||
metricRelabelings: []
|
metricRelabelings: []
|
||||||
relabelings: []
|
relabelings: []
|
||||||
scheme: ""
|
scheme: ""
|
||||||
|
## File to read bearer token for scraping targets
|
||||||
|
bearerTokenFile: ""
|
||||||
|
## Secret to mount to read bearer token for scraping targets. The secret needs
|
||||||
|
## to be in the same namespace as the service monitor and accessible by the
|
||||||
|
## Prometheus Operator
|
||||||
|
bearerTokenSecret: {}
|
||||||
|
# name: secret-name
|
||||||
|
# key: key-name
|
||||||
tlsConfig: {}
|
tlsConfig: {}
|
||||||
|
|
||||||
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
||||||
@ -199,11 +215,18 @@ securityContext:
|
|||||||
runAsGroup: 65534
|
runAsGroup: 65534
|
||||||
runAsUser: 65534
|
runAsUser: 65534
|
||||||
fsGroup: 65534
|
fsGroup: 65534
|
||||||
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
|
||||||
## Specify security settings for a Container
|
## Specify security settings for a Container
|
||||||
## Allows overrides and additional options compared to (Pod) securityContext
|
## Allows overrides and additional options compared to (Pod) securityContext
|
||||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||||
containerSecurityContext: {}
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
|
||||||
## Node labels for pod assignment
|
## Node labels for pod assignment
|
||||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||||
|
@ -15,4 +15,4 @@ name: prometheus-node-exporter
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/prometheus/node_exporter/
|
- https://github.com/prometheus/node_exporter/
|
||||||
type: application
|
type: application
|
||||||
version: 4.14.0
|
version: 4.16.0
|
||||||
|
@ -76,10 +76,12 @@ The image to use
|
|||||||
*/}}
|
*/}}
|
||||||
{{- define "prometheus-node-exporter.image" -}}
|
{{- define "prometheus-node-exporter.image" -}}
|
||||||
{{- if .Values.image.sha }}
|
{{- if .Values.image.sha }}
|
||||||
|
{{- fail "image.sha forbidden. Use image.digest instead" }}
|
||||||
|
{{- else if .Values.image.digest }}
|
||||||
{{- if .Values.global.imageRegistry }}
|
{{- if .Values.global.imageRegistry }}
|
||||||
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
|
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
|
{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- if .Values.global.imageRegistry }}
|
{{- if .Values.global.imageRegistry }}
|
||||||
|
@ -0,0 +1,23 @@
|
|||||||
|
{{- if .Values.networkPolicy.enabled }}
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ include "prometheus-node-exporter.fullname" . }}
|
||||||
|
namespace: {{ include "prometheus-node-exporter.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus-node-exporter.labels" $ | nindent 4 }}
|
||||||
|
{{- with .Values.service.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
ingress:
|
||||||
|
- ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
policyTypes:
|
||||||
|
- Egress
|
||||||
|
- Ingress
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus-node-exporter.selectorLabels" . | nindent 6 }}
|
||||||
|
{{- end }}
|
@ -23,6 +23,10 @@ spec:
|
|||||||
{{- else }}
|
{{- else }}
|
||||||
{{- include "prometheus-node-exporter.selectorLabels" . | nindent 6 }}
|
{{- include "prometheus-node-exporter.selectorLabels" . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.prometheus.monitor.attachMetadata }}
|
||||||
|
attachMetadata:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: {{ .Values.service.portName }}
|
- port: {{ .Values.service.portName }}
|
||||||
scheme: {{ .Values.prometheus.monitor.scheme }}
|
scheme: {{ .Values.prometheus.monitor.scheme }}
|
||||||
|
@ -7,7 +7,7 @@ image:
|
|||||||
# Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
|
# Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
|
||||||
tag: ""
|
tag: ""
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
sha: ""
|
digest: ""
|
||||||
|
|
||||||
imagePullSecrets: []
|
imagePullSecrets: []
|
||||||
# - name: "image-pull-secret"
|
# - name: "image-pull-secret"
|
||||||
@ -72,6 +72,12 @@ service:
|
|||||||
annotations:
|
annotations:
|
||||||
prometheus.io/scrape: "true"
|
prometheus.io/scrape: "true"
|
||||||
|
|
||||||
|
# Set a NetworkPolicy with:
|
||||||
|
# ingress only on service.port
|
||||||
|
# no egress permitted
|
||||||
|
networkPolicy:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
# Additional environment variables that will be passed to the daemonset
|
# Additional environment variables that will be passed to the daemonset
|
||||||
env: {}
|
env: {}
|
||||||
## env:
|
## env:
|
||||||
@ -102,6 +108,11 @@ prometheus:
|
|||||||
##
|
##
|
||||||
selectorOverride: {}
|
selectorOverride: {}
|
||||||
|
|
||||||
|
## Attach node metadata to discovered targets. Requires Prometheus v2.35.0 and above.
|
||||||
|
##
|
||||||
|
attachMetadata:
|
||||||
|
node: false
|
||||||
|
|
||||||
relabelings: []
|
relabelings: []
|
||||||
metricRelabelings: []
|
metricRelabelings: []
|
||||||
interval: ""
|
interval: ""
|
||||||
|
@ -13,6 +13,7 @@ metadata:
|
|||||||
annotations:
|
annotations:
|
||||||
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
|
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
automountServiceAccountToken: {{ .Values.alertmanager.serviceAccount.automountServiceAccountToken }}
|
||||||
{{- if .Values.global.imagePullSecrets }}
|
{{- if .Values.global.imagePullSecrets }}
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}}
|
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.coreDns.enabled }}
|
{{- if and .Values.coreDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.coreDns.enabled }}
|
{{- if and .Values.coreDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.kubeApiServer.enabled }}
|
{{- if and .Values.kubeApiServer.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
|
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Endpoints
|
kind: Endpoints
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
|
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }}
|
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.kubeDns.enabled }}
|
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.kubeDns.enabled }}
|
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }}
|
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Endpoints
|
kind: Endpoints
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }}
|
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }}
|
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }}
|
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Endpoints
|
kind: Endpoints
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }}
|
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }}
|
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
|
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Endpoints
|
kind: Endpoints
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
|
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }}
|
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.kubelet.enabled }}
|
{{- if and .Values.kubelet.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -33,7 +33,11 @@ data:
|
|||||||
access: proxy
|
access: proxy
|
||||||
isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }}
|
isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }}
|
||||||
jsonData:
|
jsonData:
|
||||||
|
httpMethod: {{ .Values.grafana.sidecar.datasources.httpMethod }}
|
||||||
timeInterval: {{ $scrapeInterval }}
|
timeInterval: {{ $scrapeInterval }}
|
||||||
|
{{- if .Values.grafana.sidecar.datasources.timeout }}
|
||||||
|
timeout: {{ .Values.grafana.sidecar.datasources.timeout }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||||
exemplarTraceIdDestinations:
|
exemplarTraceIdDestinations:
|
||||||
- datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
- datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
||||||
|
@ -0,0 +1,32 @@
|
|||||||
|
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||||
|
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||||
|
apiVersion: cilium.io/v2
|
||||||
|
kind: CiliumNetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
|
annotations:
|
||||||
|
helm.sh/hook: post-install,post-upgrade
|
||||||
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||||
|
## Ensure this is run before the job
|
||||||
|
helm.sh/hook-weight: "-5"
|
||||||
|
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||||
|
{{ toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||||
|
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
endpointSelector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||||
|
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
||||||
|
egress:
|
||||||
|
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||||
|
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||||
|
{{- else }}
|
||||||
|
- toEntities:
|
||||||
|
- kube-apiserver
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,33 @@
|
|||||||
|
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||||
|
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||||
|
apiVersion: cilium.io/v2
|
||||||
|
kind: CiliumNetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
|
annotations:
|
||||||
|
helm.sh/hook: post-install,post-upgrade
|
||||||
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||||
|
## Ensure this is run before the job
|
||||||
|
helm.sh/hook-weight: "-5"
|
||||||
|
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||||
|
{{ toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||||
|
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
endpointSelector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||||
|
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
||||||
|
egress:
|
||||||
|
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||||
|
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||||
|
{{- else }}
|
||||||
|
- toEntities:
|
||||||
|
- kube-apiserver
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.prometheusOperator.networkPolicy.enabled }}
|
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.prometheusOperator.networkPolicy.enabled }}
|
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
|
@ -5,8 +5,8 @@ metadata:
|
|||||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
||||||
annotations:
|
annotations:
|
||||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
labels:
|
labels:
|
||||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||||
@ -41,4 +41,27 @@ webhooks:
|
|||||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||||
admissionReviewVersions: ["v1", "v1beta1"]
|
admissionReviewVersions: ["v1", "v1beta1"]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
|
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }}
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||||
|
- key: kubernetes.io/metadata.name
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||||
|
- {{ $namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||||
|
- key: kubernetes.io/metadata.name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||||
|
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||||
|
- {{ $namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||||
|
- {{ $namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -5,8 +5,8 @@ metadata:
|
|||||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
||||||
annotations:
|
annotations:
|
||||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
labels:
|
labels:
|
||||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||||
@ -41,4 +41,27 @@ webhooks:
|
|||||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||||
admissionReviewVersions: ["v1", "v1beta1"]
|
admissionReviewVersions: ["v1", "v1beta1"]
|
||||||
sideEffects: None
|
sideEffects: None
|
||||||
|
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }}
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||||
|
- key: kubernetes.io/metadata.name
|
||||||
|
operator: NotIn
|
||||||
|
values:
|
||||||
|
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||||
|
- {{ $namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||||
|
- key: kubernetes.io/metadata.name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||||
|
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||||
|
- {{ $namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||||
|
- {{ $namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -0,0 +1,35 @@
|
|||||||
|
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||||
|
apiVersion: cilium.io/v2
|
||||||
|
kind: CiliumNetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
|
||||||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||||
|
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
endpointSelector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||||
|
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
||||||
|
egress:
|
||||||
|
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||||
|
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||||
|
{{- else }}
|
||||||
|
- toEntities:
|
||||||
|
- kube-apiserver
|
||||||
|
{{- end }}
|
||||||
|
ingress:
|
||||||
|
- toPorts:
|
||||||
|
- ports:
|
||||||
|
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||||
|
- port: {{ .Values.prometheusOperator.tls.internalPort | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- port: "8080"
|
||||||
|
{{- end }}
|
||||||
|
protocol: "TCP"
|
||||||
|
rules:
|
||||||
|
http:
|
||||||
|
- method: "GET"
|
||||||
|
path: "/metrics"
|
||||||
|
{{- end }}
|
@ -90,15 +90,24 @@ spec:
|
|||||||
- --config-reloader-cpu-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.cpu }}
|
- --config-reloader-cpu-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.cpu }}
|
||||||
- --config-reloader-memory-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.memory }}
|
- --config-reloader-memory-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.memory }}
|
||||||
- --config-reloader-memory-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.memory }}
|
- --config-reloader-memory-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.memory }}
|
||||||
|
{{- if .Values.prometheusOperator.prometheusConfigReloader.enableProbe }}
|
||||||
|
- --enable-config-reloader-probes=true
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
|
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
|
||||||
- --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
|
- --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||||
|
- --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }}
|
{{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }}
|
||||||
- --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
|
- --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
|
{{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
|
||||||
- --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
|
- --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||||
|
- --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.thanosImage.sha }}
|
{{- if .Values.prometheusOperator.thanosImage.sha }}
|
||||||
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
|
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
@ -107,8 +116,11 @@ spec:
|
|||||||
{{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
|
{{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
|
||||||
- --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
|
- --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||||
|
- --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.secretFieldSelector }}
|
{{- if .Values.prometheusOperator.secretFieldSelector }}
|
||||||
- --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
|
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.clusterDomain }}
|
{{- if .Values.prometheusOperator.clusterDomain }}
|
||||||
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
|
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.prometheusOperator.networkPolicy.enabled }}
|
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||||
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
|
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -0,0 +1,27 @@
|
|||||||
|
{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "cilium") }}
|
||||||
|
apiVersion: cilium.io/v2
|
||||||
|
kind: CiliumNetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
|
||||||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
|
||||||
|
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
endpointSelector:
|
||||||
|
{{- if .Values.prometheus.networkPolicy.cilium.endpointSelector }}
|
||||||
|
{{- toYaml .Values.prometheus.networkPolicy.cilium.endpointSelector | nindent 4 }}
|
||||||
|
{{- else }}
|
||||||
|
matchExpressions:
|
||||||
|
- {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
|
||||||
|
- {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.egress }}
|
||||||
|
egress:
|
||||||
|
{{ toYaml .Values.prometheus.networkPolicy.cilium.egress | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.ingress }}
|
||||||
|
ingress:
|
||||||
|
{{ toYaml .Values.prometheus.networkPolicy.cilium.ingress | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -14,6 +14,7 @@ metadata:
|
|||||||
{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }}
|
{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway
|
name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway
|
||||||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
|
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
|
||||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.prometheus.networkPolicy.enabled }}
|
{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "kubernetes") }}
|
||||||
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
|
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
metadata:
|
metadata:
|
||||||
@ -9,12 +9,10 @@ metadata:
|
|||||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.prometheus.networkPolicy.egress }}
|
{{- if .Values.prometheus.networkPolicy.egress }}
|
||||||
## Deny all egress by default
|
|
||||||
egress:
|
egress:
|
||||||
{{- toYaml .Values.prometheus.networkPolicy.egress | nindent 4 }}
|
{{- toYaml .Values.prometheus.networkPolicy.egress | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheus.networkPolicy.ingress }}
|
{{- if .Values.prometheus.networkPolicy.ingress }}
|
||||||
# Deny all ingress by default (prometheus scrapes itself using localhost)
|
|
||||||
ingress:
|
ingress:
|
||||||
{{- toYaml .Values.prometheus.networkPolicy.ingress | nindent 4 }}
|
{{- toYaml .Values.prometheus.networkPolicy.ingress | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -42,10 +42,7 @@ spec:
|
|||||||
{{- else }}
|
{{- else }}
|
||||||
image: "{{ $registry }}/{{ .Values.prometheus.prometheusSpec.image.repository }}"
|
image: "{{ $registry }}/{{ .Values.prometheus.prometheusSpec.image.repository }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
version: {{ .Values.prometheus.prometheusSpec.image.tag }}
|
version: {{ default .Values.prometheus.prometheusSpec.image.tag .Values.prometheus.prometheusSpec.version }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.image.sha }}
|
|
||||||
sha: {{ .Values.prometheus.prometheusSpec.image.sha }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.additionalArgs }}
|
{{- if .Values.prometheus.prometheusSpec.additionalArgs }}
|
||||||
additionalArgs:
|
additionalArgs:
|
||||||
@ -364,7 +361,8 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
excludedFromEnforcement:
|
excludedFromEnforcement:
|
||||||
{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }}
|
{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }}
|
||||||
- resource: prometheusrules
|
- group: monitoring.coreos.com
|
||||||
|
resource: prometheusrules
|
||||||
namespace: "{{ template "kube-prometheus-stack.namespace" $ }}"
|
namespace: "{{ template "kube-prometheus-stack.namespace" $ }}"
|
||||||
name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}"
|
name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -158,6 +158,7 @@ alertmanager:
|
|||||||
create: true
|
create: true
|
||||||
name: ""
|
name: ""
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
|
||||||
## Configure pod disruption budgets for Alertmanager
|
## Configure pod disruption budgets for Alertmanager
|
||||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
||||||
@ -822,6 +823,8 @@ grafana:
|
|||||||
enabled: true
|
enabled: true
|
||||||
label: grafana_dashboard
|
label: grafana_dashboard
|
||||||
labelValue: "1"
|
labelValue: "1"
|
||||||
|
# Allow discovery in all namespaces for dashboards
|
||||||
|
searchNamespace: ALL
|
||||||
|
|
||||||
## Annotations for Grafana dashboard configmaps
|
## Annotations for Grafana dashboard configmaps
|
||||||
##
|
##
|
||||||
@ -844,6 +847,9 @@ grafana:
|
|||||||
##
|
##
|
||||||
# url: http://prometheus-stack-prometheus:9090/
|
# url: http://prometheus-stack-prometheus:9090/
|
||||||
|
|
||||||
|
## Prometheus request timeout in seconds
|
||||||
|
# timeout: 30
|
||||||
|
|
||||||
# If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
|
# If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
|
||||||
# defaultDatasourceScrapeInterval: 15s
|
# defaultDatasourceScrapeInterval: 15s
|
||||||
|
|
||||||
@ -851,6 +857,9 @@ grafana:
|
|||||||
##
|
##
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
|
||||||
|
## Set method for HTTP to send query to datasource
|
||||||
|
httpMethod: POST
|
||||||
|
|
||||||
## Create datasource for each Pod of Prometheus StatefulSet;
|
## Create datasource for each Pod of Prometheus StatefulSet;
|
||||||
## this uses headless service `prometheus-operated` which is
|
## this uses headless service `prometheus-operated` which is
|
||||||
## created by Prometheus Operator
|
## created by Prometheus Operator
|
||||||
@ -929,6 +938,11 @@ grafana:
|
|||||||
# replacement: $1
|
# replacement: $1
|
||||||
# action: replace
|
# action: replace
|
||||||
|
|
||||||
|
## Flag to disable all the kubernetes component scrapers
|
||||||
|
##
|
||||||
|
kubernetesServiceMonitors:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
## Component scraping the kube api server
|
## Component scraping the kube api server
|
||||||
##
|
##
|
||||||
kubeApiServer:
|
kubeApiServer:
|
||||||
@ -1949,6 +1963,15 @@ prometheusOperator:
|
|||||||
##
|
##
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
## Flavor of the network policy to use.
|
||||||
|
# Can be:
|
||||||
|
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
|
||||||
|
# * cilium for cilium.io/v2/CiliumNetworkPolicy
|
||||||
|
flavor: kubernetes
|
||||||
|
|
||||||
|
# cilium:
|
||||||
|
# egress:
|
||||||
|
|
||||||
## Service account for Alertmanager to use.
|
## Service account for Alertmanager to use.
|
||||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||||
##
|
##
|
||||||
@ -2202,6 +2225,9 @@ prometheusOperator:
|
|||||||
tag: ""
|
tag: ""
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
|
# add prometheus config reloader liveness and readiness probe. Default: false
|
||||||
|
enableProbe: false
|
||||||
|
|
||||||
# resource config for prometheusConfigReloader
|
# resource config for prometheusConfigReloader
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@ -2219,6 +2245,17 @@ prometheusOperator:
|
|||||||
tag: v0.30.2
|
tag: v0.30.2
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
|
## Set a Label Selector to filter watched prometheus and prometheusAgent
|
||||||
|
##
|
||||||
|
prometheusInstanceSelector: ""
|
||||||
|
|
||||||
|
## Set a Label Selector to filter watched alertmanager
|
||||||
|
##
|
||||||
|
alertmanagerInstanceSelector: ""
|
||||||
|
|
||||||
|
## Set a Label Selector to filter watched thanosRuler
|
||||||
|
thanosRulerInstanceSelector: ""
|
||||||
|
|
||||||
## Set a Field Selector to filter watched secrets
|
## Set a Field Selector to filter watched secrets
|
||||||
##
|
##
|
||||||
secretFieldSelector: ""
|
secretFieldSelector: ""
|
||||||
@ -2235,6 +2272,18 @@ prometheus:
|
|||||||
## Configure network policy for the prometheus
|
## Configure network policy for the prometheus
|
||||||
networkPolicy:
|
networkPolicy:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
## Flavor of the network policy to use.
|
||||||
|
# Can be:
|
||||||
|
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
|
||||||
|
# * cilium for cilium.io/v2/CiliumNetworkPolicy
|
||||||
|
flavor: kubernetes
|
||||||
|
|
||||||
|
# cilium:
|
||||||
|
# endpointSelector:
|
||||||
|
# egress:
|
||||||
|
# ingress:
|
||||||
|
|
||||||
# egress:
|
# egress:
|
||||||
# - {}
|
# - {}
|
||||||
# ingress:
|
# ingress:
|
||||||
@ -2670,6 +2719,10 @@ prometheus:
|
|||||||
##
|
##
|
||||||
enableAdminAPI: false
|
enableAdminAPI: false
|
||||||
|
|
||||||
|
## Sets version of Prometheus overriding the Prometheus version as derived
|
||||||
|
## from the image tag. Useful in cases where the tag does not follow semver v2.
|
||||||
|
version: ""
|
||||||
|
|
||||||
## WebTLSConfig defines the TLS parameters for HTTPS
|
## WebTLSConfig defines the TLS parameters for HTTPS
|
||||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig
|
||||||
web: {}
|
web: {}
|
||||||
@ -2780,11 +2833,12 @@ prometheus:
|
|||||||
##
|
##
|
||||||
query: {}
|
query: {}
|
||||||
|
|
||||||
## Namespaces to be selected for PrometheusRules discovery.
|
## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery.
|
||||||
## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
|
|
||||||
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
|
|
||||||
##
|
|
||||||
ruleNamespaceSelector: {}
|
ruleNamespaceSelector: {}
|
||||||
|
## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel"
|
||||||
|
# ruleNamespaceSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# prometheus: somelabel
|
||||||
|
|
||||||
## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
|
## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
|
||||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||||
@ -2849,10 +2903,12 @@ prometheus:
|
|||||||
# matchLabels:
|
# matchLabels:
|
||||||
# prometheus: somelabel
|
# prometheus: somelabel
|
||||||
|
|
||||||
## Namespaces to be selected for PodMonitor discovery.
|
## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery.
|
||||||
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
|
|
||||||
##
|
|
||||||
podMonitorNamespaceSelector: {}
|
podMonitorNamespaceSelector: {}
|
||||||
|
## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel"
|
||||||
|
# podMonitorNamespaceSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# prometheus: somelabel
|
||||||
|
|
||||||
## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
|
## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
|
||||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||||
@ -2869,10 +2925,12 @@ prometheus:
|
|||||||
# matchLabels:
|
# matchLabels:
|
||||||
# prometheus: somelabel
|
# prometheus: somelabel
|
||||||
|
|
||||||
## Namespaces to be selected for Probe discovery.
|
## If nil, select own namespace. Namespaces to be selected for Probe discovery.
|
||||||
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
|
|
||||||
##
|
|
||||||
probeNamespaceSelector: {}
|
probeNamespaceSelector: {}
|
||||||
|
## Example which selects Probe in namespaces with label "prometheus" set to "somelabel"
|
||||||
|
# probeNamespaceSelector:
|
||||||
|
# matchLabels:
|
||||||
|
# prometheus: somelabel
|
||||||
|
|
||||||
## How long to retain metrics
|
## How long to retain metrics
|
||||||
##
|
##
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
"subdir": "contrib/mixin"
|
"subdir": "contrib/mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "49b59cc8e5c838bdc5e661de6388a0e348b3985c",
|
"version": "2a0c9896623cc64543b01bd0bdf1140f6d622a67",
|
||||||
"sum": "QTzBqwjnM6cGGVBhOiVJyA+ZVTkmCTuH6C6YW7XKRFw="
|
"sum": "QTzBqwjnM6cGGVBhOiVJyA+ZVTkmCTuH6C6YW7XKRFw="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -58,7 +58,7 @@
|
|||||||
"subdir": "grafana-builder"
|
"subdir": "grafana-builder"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "d680faafc0727c4c5086f1624333363e57d2ce81",
|
"version": "d303b2031264728728dd1e1c05f74f67027139f6",
|
||||||
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -68,8 +68,8 @@
|
|||||||
"subdir": ""
|
"subdir": ""
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "eed459199703c969afc318ea55b9361ae48180a7",
|
"version": "d87b757edc73a5f5b78e9f6a9bbae9023131c946",
|
||||||
"sum": "iKDOR7+jXw3Rctog6Z1ofweIK5BLjuGeguIZjXLP8ls="
|
"sum": "fsAZNroGj9QOUt63dI78jcahPnCXlBhpfxuPJC3dTac="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -78,7 +78,7 @@
|
|||||||
"subdir": "jsonnet/kube-state-metrics"
|
"subdir": "jsonnet/kube-state-metrics"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "32f8c5e80500855dcdec0c0b7398b580b12f3470",
|
"version": "5f31736e444a674a969d65aaa9afd9d0864c8639",
|
||||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -88,7 +88,7 @@
|
|||||||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "32f8c5e80500855dcdec0c0b7398b580b12f3470",
|
"version": "5f31736e444a674a969d65aaa9afd9d0864c8639",
|
||||||
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
|
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -98,8 +98,8 @@
|
|||||||
"subdir": "jsonnet/kube-prometheus"
|
"subdir": "jsonnet/kube-prometheus"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "2a955da550e33f75e3a7ecf30d45e8fd19dc6c31",
|
"version": "c9e1145027df233fa3d1d7aed86cacbf6001d1f5",
|
||||||
"sum": "8SUhAtqVsKsqUmDYgmrdZWrvS6bQ1dHnVSi2LFJeCZU="
|
"sum": "Skpy4SojW1KNz8dJpg8J6mx/z596xf9nW8VEGvXnGJg="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -108,8 +108,8 @@
|
|||||||
"subdir": "jsonnet/mixin"
|
"subdir": "jsonnet/mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "06b5c4189f3f72737766d86103d049115c3aff48",
|
"version": "e8841ea9546b08693aefbb945bfebc11c8b33186",
|
||||||
"sum": "GQmaVFJwKMiD/P4n3N2LrAZVcwutriWrP8joclDtBYQ=",
|
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||||
"name": "prometheus-operator-mixin"
|
"name": "prometheus-operator-mixin"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -119,8 +119,8 @@
|
|||||||
"subdir": "jsonnet/prometheus-operator"
|
"subdir": "jsonnet/prometheus-operator"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "06b5c4189f3f72737766d86103d049115c3aff48",
|
"version": "e8841ea9546b08693aefbb945bfebc11c8b33186",
|
||||||
"sum": "8XqdRl/MXzaSKjhHkrMFWbrP8Tw0k5tsI5hNfX++1Pw="
|
"sum": "cNcVEO+LVAJK7fGxfL8RAIo/G/9ZU/ZUhCzUpdcgytc="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -129,7 +129,7 @@
|
|||||||
"subdir": "doc/alertmanager-mixin"
|
"subdir": "doc/alertmanager-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "0f14383b61c1e301a70130ecfc22df52bd85df6e",
|
"version": "f67d03fe2854191bb36dbcb305ec507237583aa2",
|
||||||
"sum": "PsK+V7oETCPKu2gLoPfqY0wwPKH9TzhNj6o2xezjjXc=",
|
"sum": "PsK+V7oETCPKu2gLoPfqY0wwPKH9TzhNj6o2xezjjXc=",
|
||||||
"name": "alertmanager"
|
"name": "alertmanager"
|
||||||
},
|
},
|
||||||
@ -140,8 +140,8 @@
|
|||||||
"subdir": "docs/node-mixin"
|
"subdir": "docs/node-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "c8129fadd660ae90598b84791d8915a995a27815",
|
"version": "184a4e0893dd5c28e540ca3070f2e3a07f939f11",
|
||||||
"sum": "TwdaTm0Z++diiLyaKAAimmC6hBL7XbrJc0RHhBCpAdU="
|
"sum": "aFUI56y6Y8EpniS4cfYqrSaHFnxeomIw4S4+Sz8yPtQ="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -150,7 +150,7 @@
|
|||||||
"subdir": "documentation/prometheus-mixin"
|
"subdir": "documentation/prometheus-mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "0ab95536115adfe50af249d36d73674be694ca3f",
|
"version": "5c5fa5c319fca713506fa144ec6768fddf00d466",
|
||||||
"sum": "LRx0tbMnoE1p8KEn+i81j2YsA5Sgt3itE5Y6jBf5eOQ=",
|
"sum": "LRx0tbMnoE1p8KEn+i81j2YsA5Sgt3itE5Y6jBf5eOQ=",
|
||||||
"name": "prometheus"
|
"name": "prometheus"
|
||||||
},
|
},
|
||||||
@ -161,8 +161,8 @@
|
|||||||
"subdir": "config/crd/bases"
|
"subdir": "config/crd/bases"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "cd05347647955a378f32a888d194cb0f7c0134a6",
|
"version": "05405777468aca15ee63824512f8f13af9f08039",
|
||||||
"sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g="
|
"sum": "MK8+uumteRncS0hkyjocvU2vdtlGbfBRPcU0/mJnU2M="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": {
|
"source": {
|
||||||
@ -171,7 +171,7 @@
|
|||||||
"subdir": "mixin"
|
"subdir": "mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "a1ec4d5365e88967e4bb4b0f127d174617ed2bbc",
|
"version": "cdb395a7100be554e804d61c735b8d4a4b678f11",
|
||||||
"sum": "zSLNV/0bN4DcVKojzCqjmhfjtzTY4pDKZXqbAUzw5R0=",
|
"sum": "zSLNV/0bN4DcVKojzCqjmhfjtzTY4pDKZXqbAUzw5R0=",
|
||||||
"name": "thanos-mixin"
|
"name": "thanos-mixin"
|
||||||
}
|
}
|
||||||
|
@ -175,7 +175,7 @@
|
|||||||
{
|
{
|
||||||
"alert": "NodeClockSkewDetected",
|
"alert": "NodeClockSkewDetected",
|
||||||
"annotations": {
|
"annotations": {
|
||||||
"description": "Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.",
|
"description": "Clock on {{ $labels.instance }} is out of sync by more than 0.05s. Ensure NTP is configured correctly on this host.",
|
||||||
"runbook_url": "https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected",
|
"runbook_url": "https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected",
|
||||||
"summary": "Clock skew detected."
|
"summary": "Clock skew detected."
|
||||||
},
|
},
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
"app.kubernetes.io/component": "controller",
|
"app.kubernetes.io/component": "controller",
|
||||||
"app.kubernetes.io/name": "prometheus-operator",
|
"app.kubernetes.io/name": "prometheus-operator",
|
||||||
"app.kubernetes.io/part-of": "kube-prometheus",
|
"app.kubernetes.io/part-of": "kube-prometheus",
|
||||||
"app.kubernetes.io/version": "0.64.1",
|
"app.kubernetes.io/version": "0.65.1",
|
||||||
"prometheus": "k8s",
|
"prometheus": "k8s",
|
||||||
"role": "alert-rules"
|
"role": "alert-rules"
|
||||||
},
|
},
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
"app.kubernetes.io/instance": "k8s",
|
"app.kubernetes.io/instance": "k8s",
|
||||||
"app.kubernetes.io/name": "prometheus",
|
"app.kubernetes.io/name": "prometheus",
|
||||||
"app.kubernetes.io/part-of": "kube-prometheus",
|
"app.kubernetes.io/part-of": "kube-prometheus",
|
||||||
"app.kubernetes.io/version": "2.43.0",
|
"app.kubernetes.io/version": "2.43.1",
|
||||||
"prometheus": "k8s",
|
"prometheus": "k8s",
|
||||||
"role": "alert-rules"
|
"role": "alert-rules"
|
||||||
},
|
},
|
||||||
|
@ -125,7 +125,7 @@ spec:
|
|||||||
severity: warning
|
severity: warning
|
||||||
- alert: NodeClockSkewDetected
|
- alert: NodeClockSkewDetected
|
||||||
annotations:
|
annotations:
|
||||||
description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.
|
description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 0.05s. Ensure NTP is configured correctly on this host.
|
||||||
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected
|
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected
|
||||||
summary: Clock skew detected.
|
summary: Clock skew detected.
|
||||||
expr: "(\n node_timex_offset_seconds{job=\"node-exporter\"} > 0.05\nand\n deriv(node_timex_offset_seconds{job=\"node-exporter\"}[5m]) >= 0\n)\nor\n(\n node_timex_offset_seconds{job=\"node-exporter\"} < -0.05\nand\n deriv(node_timex_offset_seconds{job=\"node-exporter\"}[5m]) <= 0\n)\n"
|
expr: "(\n node_timex_offset_seconds{job=\"node-exporter\"} > 0.05\nand\n deriv(node_timex_offset_seconds{job=\"node-exporter\"}[5m]) >= 0\n)\nor\n(\n node_timex_offset_seconds{job=\"node-exporter\"} < -0.05\nand\n deriv(node_timex_offset_seconds{job=\"node-exporter\"}[5m]) <= 0\n)\n"
|
||||||
|
@ -85,7 +85,7 @@ kube-prometheus-stack:
|
|||||||
- sourceLabels: [__meta_kubernetes_pod_node_name]
|
- sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||||
separator: ;
|
separator: ;
|
||||||
regex: ^(.*)$
|
regex: ^(.*)$
|
||||||
targetLabel: node
|
targetLabel: instance
|
||||||
replacement: $1
|
replacement: $1
|
||||||
action: replace
|
action: replace
|
||||||
resources:
|
resources:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-redis
|
# kubezero-redis
|
||||||
|
|
||||||
![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Redis HA
|
KubeZero Umbrella Chart for Redis HA
|
||||||
|
|
||||||
@ -14,7 +14,7 @@ KubeZero Umbrella Chart for Redis HA
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.20.0`
|
Kubernetes: `>= 1.25.0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero
|
name: kubezero
|
||||||
description: KubeZero - Root App of Apps chart
|
description: KubeZero - Root App of Apps chart
|
||||||
type: application
|
type: application
|
||||||
version: 1.25.8
|
version: 1.25.8-1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero
|
# kubezero
|
||||||
|
|
||||||
![Version: 1.25.8](https://img.shields.io/badge/Version-1.25.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 1.25.8-1](https://img.shields.io/badge/Version-1.25.8--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero - Root App of Apps chart
|
KubeZero - Root App of Apps chart
|
||||||
|
|
||||||
@ -67,7 +67,7 @@ Kubernetes: `>= 1.25.0`
|
|||||||
| metrics.istio.grafana | object | `{}` | |
|
| metrics.istio.grafana | object | `{}` | |
|
||||||
| metrics.istio.prometheus | object | `{}` | |
|
| metrics.istio.prometheus | object | `{}` | |
|
||||||
| metrics.namespace | string | `"monitoring"` | |
|
| metrics.namespace | string | `"monitoring"` | |
|
||||||
| metrics.targetRevision | string | `"0.9.0"` | |
|
| metrics.targetRevision | string | `"0.9.1"` | |
|
||||||
| network.cilium.cluster | object | `{}` | |
|
| network.cilium.cluster | object | `{}` | |
|
||||||
| network.enabled | bool | `true` | |
|
| network.enabled | bool | `true` | |
|
||||||
| network.retain | bool | `true` | |
|
| network.retain | bool | `true` | |
|
||||||
|
@ -1,3 +1,60 @@
|
|||||||
|
{{- define "_kube-prometheus-stack" }}
|
||||||
|
|
||||||
|
{{- if .global.aws }}
|
||||||
|
alertmanager:
|
||||||
|
config:
|
||||||
|
receivers:
|
||||||
|
- name: 'null'
|
||||||
|
- name: alerthub-notifications
|
||||||
|
webhook_configs:
|
||||||
|
- send_resolved: true
|
||||||
|
url: http://localhost:9087/alert/AlertHub
|
||||||
|
route:
|
||||||
|
receiver: alerthub-notifications
|
||||||
|
prometheus:
|
||||||
|
prometheusSpec:
|
||||||
|
externalLabels:
|
||||||
|
awsAccount: '{{ .global.aws.accountId }}'
|
||||||
|
awsRegion: {{ .global.aws.region }}
|
||||||
|
clusterName: {{ .global.clusterName }}
|
||||||
|
volumes:
|
||||||
|
- name: aws-token
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- serviceAccountToken:
|
||||||
|
path: token
|
||||||
|
expirationSeconds: 86400
|
||||||
|
audience: "sts.amazonaws.com"
|
||||||
|
volumeMounts:
|
||||||
|
- name: aws-token
|
||||||
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||||
|
readOnly: true
|
||||||
|
additionalScrapeConfigs:
|
||||||
|
- job_name: 'nodes'
|
||||||
|
ec2_sd_configs:
|
||||||
|
- port: 9100
|
||||||
|
region: {{ .global.aws.region }}
|
||||||
|
filters:
|
||||||
|
- name: 'tag-key'
|
||||||
|
values: ['zdt:prometheus.node-exporter']
|
||||||
|
relabel_configs:
|
||||||
|
- source_labels:
|
||||||
|
- '__meta_ec2_instance_id'
|
||||||
|
target_label: 'instance_id'
|
||||||
|
- source_labels:
|
||||||
|
- '__meta_ec2_availability_zone'
|
||||||
|
target_label: 'availability_zone'
|
||||||
|
- source_labels:
|
||||||
|
- '__meta_ec2_private_dns_name'
|
||||||
|
target_label: 'instance'
|
||||||
|
- source_labels:
|
||||||
|
- '__meta_ec2_tag_Name'
|
||||||
|
target_label: 'instance'
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
{{- define "metrics-values" }}
|
{{- define "metrics-values" }}
|
||||||
|
|
||||||
{{- with .Values.metrics.istio }}
|
{{- with .Values.metrics.istio }}
|
||||||
@ -6,7 +63,7 @@ istio:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with index .Values "metrics" "kube-prometheus-stack" }}
|
{{- with index .Values "metrics" "kube-prometheus-stack" }}
|
||||||
kube-prometheus-stack:
|
kube-prometheus-stack:
|
||||||
{{- toYaml . | nindent 2 }}
|
{{- toYaml ( merge ( include "_kube-prometheus-stack" $.Values | fromYaml ) . ) | nindent 2 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with index .Values "metrics" "prometheus-adapter" }}
|
{{- with index .Values "metrics" "prometheus-adapter" }}
|
||||||
prometheus-adapter:
|
prometheus-adapter:
|
||||||
|
@ -76,7 +76,7 @@ istio-private-ingress:
|
|||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
targetRevision: 0.9.0
|
targetRevision: 0.9.1
|
||||||
istio:
|
istio:
|
||||||
grafana: {}
|
grafana: {}
|
||||||
prometheus: {}
|
prometheus: {}
|
||||||
|
Loading…
Reference in New Issue
Block a user