Latest metrics incl. support for cluster external node-exporter
This commit is contained in:
parent
5008420349
commit
7cf5be2a75
|
|
@ -34,8 +34,10 @@ Kubernetes: `>= 1.24.0`
|
|||
|
||||
# Gitea
|
||||
|
||||
## OpenSSH 8.8 RSA disabled
|
||||
- https://github.com/go-gitea/gitea/issues/17798
|
||||
# Verdaccio
|
||||
|
||||
## Authentication sealed-secret
|
||||
```htpasswd -n -b -B -C 4 <username> <password> | kubeseal --raw --namespace verdaccio --name verdaccio-htpasswd```
|
||||
|
||||
## Resources
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-metrics
|
||||
description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
||||
type: application
|
||||
version: 0.9.0
|
||||
version: 0.9.1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
|
@ -19,7 +19,7 @@ dependencies:
|
|||
repository: https://cdn.zero-downtime.net/charts/
|
||||
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
||||
- name: kube-prometheus-stack
|
||||
version: 45.9.1
|
||||
version: 45.27.2
|
||||
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
||||
# repository: https://prometheus-community.github.io/helm-charts
|
||||
- name: prometheus-adapter
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-metrics
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
||||
|
||||
|
|
@ -18,7 +18,7 @@ Kubernetes: `>= 1.25.0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| | kube-prometheus-stack | 45.9.1 |
|
||||
| | kube-prometheus-stack | 45.27.2 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 4.1.1 |
|
||||
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.1.3 |
|
||||
|
|
@ -155,7 +155,7 @@ Kubernetes: `>= 1.25.0`
|
|||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].replacement | string | `"$1"` | |
|
||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].separator | string | `";"` | |
|
||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_node_name"` | |
|
||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].targetLabel | string | `"node"` | |
|
||||
| kube-prometheus-stack.prometheus-node-exporter.prometheus.monitor.relabelings[0].targetLabel | string | `"instance"` | |
|
||||
| kube-prometheus-stack.prometheus-node-exporter.resources.requests.cpu | string | `"20m"` | |
|
||||
| kube-prometheus-stack.prometheus-node-exporter.resources.requests.memory | string | `"16Mi"` | |
|
||||
| kube-prometheus-stack.prometheus.enabled | bool | `true` | |
|
||||
|
|
|
|||
|
|
@ -7,20 +7,20 @@ annotations:
|
|||
url: https://github.com/prometheus-operator/kube-prometheus
|
||||
artifacthub.io/operator: "true"
|
||||
apiVersion: v2
|
||||
appVersion: v0.63.0
|
||||
appVersion: v0.65.1
|
||||
dependencies:
|
||||
- condition: kubeStateMetrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 5.0.*
|
||||
version: 5.5.*
|
||||
- condition: nodeExporter.enabled
|
||||
name: prometheus-node-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.14.*
|
||||
version: 4.16.*
|
||||
- condition: grafana.enabled
|
||||
name: grafana
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
version: 6.51.*
|
||||
version: 6.56.*
|
||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
||||
and Prometheus rules combined with documentation and scripts to provide easy to
|
||||
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
||||
|
|
@ -52,4 +52,4 @@ sources:
|
|||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
version: 45.9.1
|
||||
version: 45.27.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 9.3.8
|
||||
appVersion: 9.5.1
|
||||
description: The leading tool for querying and visualizing time series and metrics.
|
||||
home: https://grafana.net
|
||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||
|
|
@ -19,4 +19,4 @@ name: grafana
|
|||
sources:
|
||||
- https://github.com/grafana/grafana
|
||||
type: application
|
||||
version: 6.51.5
|
||||
version: 6.56.2
|
||||
|
|
|
|||
|
|
@ -87,6 +87,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
||||
| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` |
|
||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
|
|
@ -216,8 +217,8 @@ This version requires Helm >= 3.1.0.
|
|||
| `rbac.create` | Create and use RBAC resources | `true` |
|
||||
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
|
||||
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
|
||||
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
|
||||
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
|
||||
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` |
|
||||
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` |
|
||||
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
|
||||
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
|
||||
| `command` | Define command to be executed by grafana container at startup | `nil` |
|
||||
|
|
@ -251,6 +252,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
|
||||
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
|
||||
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
|
||||
| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
|
||||
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
|
||||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
||||
|
|
@ -397,9 +399,41 @@ filters out the ones with a label as defined in `sidecar.datasources.label`. The
|
|||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
||||
the data sources in grafana can be imported.
|
||||
|
||||
Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://<svc-name>.<namespace>.svc.cluster.local/api/admin/provisioning/datasources/reload`.
|
||||
|
||||
Secrets are recommended over configmaps for this usecase because datasources usually contain private
|
||||
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
||||
|
||||
Example values to add a postgres datasource as a kubernetes secret:
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: grafana-datasources
|
||||
labels:
|
||||
grafana_datasource: 'true' # default value for: sidecar.datasources.label
|
||||
stringData:
|
||||
pg-db.yaml: |-
|
||||
apiVersion: 1
|
||||
datasources:
|
||||
- name: My pg db datasource
|
||||
type: postgres
|
||||
url: my-postgresql-db:5432
|
||||
user: db-readonly-user
|
||||
secureJsonData:
|
||||
password: 'SUperSEcretPa$$word'
|
||||
jsonData:
|
||||
database: my_datase
|
||||
sslmode: 'disable' # disable/require/verify-ca/verify-full
|
||||
maxOpenConns: 0 # Grafana v5.4+
|
||||
maxIdleConns: 2 # Grafana v5.4+
|
||||
connMaxLifetime: 14400 # Grafana v5.4+
|
||||
postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
|
||||
timescaledb: false
|
||||
# <bool> allow users to edit datasources from the UI.
|
||||
editable: false
|
||||
```
|
||||
|
||||
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
|
||||
|
||||
```yaml
|
||||
|
|
|
|||
|
|
@ -786,7 +786,7 @@ containers:
|
|||
{{- range .Values.extraConfigmapMounts }}
|
||||
- name: {{ tpl .name $root }}
|
||||
mountPath: {{ tpl .mountPath $root }}
|
||||
subPath: {{ (tpl .subPath $root) | default "" }}
|
||||
subPath: {{ tpl (.subPath | default "") $root }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
- name: storage
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ metadata:
|
|||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "grafana.fullname" . }}-clusterrole
|
||||
{{- if or .Values.sidecar.dashboards.enabled (or .Values.rbac.extraClusterRoleRules (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }}
|
||||
{{- if or .Values.sidecar.dashboards.enabled .Values.rbac.extraClusterRoleRules .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }}
|
||||
rules:
|
||||
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }}
|
||||
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }}
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resources: ["configmaps", "secrets"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
|
|
|
|||
|
|
@ -87,7 +87,11 @@ data:
|
|||
--connect-timeout 60 \
|
||||
--max-time 60 \
|
||||
{{- if not $value.b64content }}
|
||||
{{- if not $value.acceptHeader }}
|
||||
-H "Accept: application/json" \
|
||||
{{- else }}
|
||||
-H "Accept: {{ $value.acceptHeader }}" \
|
||||
{{- end }}
|
||||
{{- if $value.token }}
|
||||
-H "Authorization: token {{ $value.token }}" \
|
||||
{{- end }}
|
||||
|
|
@ -95,7 +99,7 @@ data:
|
|||
-H "Authorization: Bearer {{ $value.bearerToken }}" \
|
||||
{{- end }}
|
||||
{{- if $value.basic }}
|
||||
-H "Basic: {{ $value.basic }}" \
|
||||
-H "Authorization: Basic {{ $value.basic }}" \
|
||||
{{- end }}
|
||||
{{- if $value.gitlabToken }}
|
||||
-H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ spec:
|
|||
{{- if .Values.envRenderSecret }}
|
||||
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -92,6 +92,11 @@ spec:
|
|||
- name: ENABLE_METRICS
|
||||
value: "true"
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.imageRenderer.envValueFrom }}
|
||||
- name: {{ $key | quote }}
|
||||
valueFrom:
|
||||
{{- tpl (toYaml $value) $ | nindent 16 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.imageRenderer.env }}
|
||||
- name: {{ $key | quote }}
|
||||
value: {{ $value | quote }}
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ spec:
|
|||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ livenessProbe:
|
|||
# schedulerName: "default-scheduler"
|
||||
|
||||
image:
|
||||
repository: grafana/grafana
|
||||
repository: docker.io/grafana/grafana
|
||||
# Overrides the Grafana image tag whose default is the chart appVersion
|
||||
tag: ""
|
||||
sha: ""
|
||||
|
|
@ -100,17 +100,23 @@ image:
|
|||
|
||||
testFramework:
|
||||
enabled: true
|
||||
image: "bats/bats"
|
||||
image: docker.io/bats/bats
|
||||
tag: "v1.4.1"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext: {}
|
||||
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 472
|
||||
runAsGroup: 472
|
||||
fsGroup: 472
|
||||
|
||||
containerSecurityContext: {}
|
||||
containerSecurityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
# Enable creating the grafana configmap
|
||||
createConfigmap: true
|
||||
|
|
@ -137,7 +143,7 @@ extraLabels: {}
|
|||
# priorityClassName:
|
||||
|
||||
downloadDashboardsImage:
|
||||
repository: curlimages/curl
|
||||
repository: docker.io/curlimages/curl
|
||||
tag: 7.85.0
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
|
@ -146,7 +152,13 @@ downloadDashboards:
|
|||
env: {}
|
||||
envFromSecret: ""
|
||||
resources: {}
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
envValueFrom: {}
|
||||
# ENV_NAME:
|
||||
# configMapKeyRef:
|
||||
|
|
@ -346,7 +358,7 @@ initChownData:
|
|||
## initChownData container image
|
||||
##
|
||||
image:
|
||||
repository: busybox
|
||||
repository: docker.io/library/busybox
|
||||
tag: "1.31.1"
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
|
@ -364,7 +376,11 @@ initChownData:
|
|||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add:
|
||||
- CHOWN
|
||||
|
||||
# Administrator credentials when not using an existing secret (see below)
|
||||
adminUser: admin
|
||||
|
|
@ -520,6 +536,9 @@ lifecycleHooks: {}
|
|||
plugins: []
|
||||
# - digrich-bubblechart-panel
|
||||
# - grafana-clock-panel
|
||||
## You can also use other plugin download URL, as long as they are valid zip files,
|
||||
## and specify the name of the plugin after the semicolon. Like this:
|
||||
# - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource
|
||||
|
||||
## Configure grafana datasources
|
||||
## ref: http://docs.grafana.org/administration/provisioning/#datasources
|
||||
|
|
@ -676,6 +695,7 @@ dashboards: {}
|
|||
# local-dashboard-azure:
|
||||
# url: https://example.com/repository/test-azure.json
|
||||
# basic: ''
|
||||
# acceptHeader: '*/*'
|
||||
|
||||
## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value.
|
||||
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
|
||||
|
|
@ -777,7 +797,13 @@ sidecar:
|
|||
# requests:
|
||||
# cpu: 50m
|
||||
# memory: 50Mi
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
# skipTlsVerify Set to true to skip tls verification for kube api calls
|
||||
# skipTlsVerify: true
|
||||
enableUniqueFilenames: false
|
||||
|
|
@ -1030,7 +1056,7 @@ imageRenderer:
|
|||
behavior: {}
|
||||
image:
|
||||
# image-renderer Image repository
|
||||
repository: grafana/grafana-image-renderer
|
||||
repository: docker.io/grafana/grafana-image-renderer
|
||||
# image-renderer Image tag
|
||||
tag: latest
|
||||
# image-renderer Image sha (optional)
|
||||
|
|
@ -1043,12 +1069,29 @@ imageRenderer:
|
|||
# RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758
|
||||
# RENDERING_MODE: clustered
|
||||
# IGNORE_HTTPS_ERRORS: true
|
||||
|
||||
## "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
|
||||
## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
|
||||
## Renders in container spec as:
|
||||
## env:
|
||||
## ...
|
||||
## - name: <key>
|
||||
## valueFrom:
|
||||
## <value rendered as YAML>
|
||||
envValueFrom: {}
|
||||
# ENV_NAME:
|
||||
# configMapKeyRef:
|
||||
# name: configmap-name
|
||||
# key: value_key
|
||||
|
||||
# image-renderer deployment serviceAccount
|
||||
serviceAccountName: ""
|
||||
# image-renderer deployment securityContext
|
||||
securityContext: {}
|
||||
# image-renderer deployment container securityContext
|
||||
containerSecurityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
|
|
|
|||
|
|
@ -18,4 +18,4 @@ name: kube-state-metrics
|
|||
sources:
|
||||
- https://github.com/kubernetes/kube-state-metrics/
|
||||
type: application
|
||||
version: 5.0.1
|
||||
version: 5.5.0
|
||||
|
|
|
|||
|
|
@ -162,6 +162,9 @@ spec:
|
|||
volumeMounts:
|
||||
- name: kube-rbac-proxy-config
|
||||
mountPath: /etc/kube-rbac-proxy-config
|
||||
{{- with .Values.kubeRBACProxy.volumeMounts }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
||||
image: {{ include "kubeRBACProxy.image" . }}
|
||||
ports:
|
||||
|
|
@ -197,6 +200,9 @@ spec:
|
|||
volumeMounts:
|
||||
- name: kube-rbac-proxy-config
|
||||
mountPath: /etc/kube-rbac-proxy-config
|
||||
{{- with .Values.kubeRBACProxy.volumeMounts }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
||||
image: {{ include "kubeRBACProxy.image" . }}
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -9,6 +9,10 @@ metadata:
|
|||
{{- with .Values.prometheus.monitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheus.monitor.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
|
||||
{{- with .Values.prometheus.monitor.targetLabels }}
|
||||
|
|
@ -56,6 +60,13 @@ spec:
|
|||
tlsConfig:
|
||||
{{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.prometheus.monitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheus.monitor.bearerTokenSecret }}
|
||||
bearerTokenSecret:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.selfMonitor.enabled }}
|
||||
- port: metrics
|
||||
{{- if .Values.prometheus.monitor.interval }}
|
||||
|
|
|
|||
|
|
@ -115,6 +115,13 @@ kubeRBACProxy:
|
|||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
## volumeMounts enables mounting custom volumes in rbac-proxy containers
|
||||
## Useful for TLS certificates and keys
|
||||
volumeMounts: []
|
||||
# - mountPath: /etc/tls
|
||||
# name: kube-rbac-proxy-tls
|
||||
# readOnly: true
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created, require rbac true
|
||||
create: true
|
||||
|
|
@ -132,6 +139,7 @@ serviceAccount:
|
|||
prometheus:
|
||||
monitor:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
jobLabel: ""
|
||||
|
|
@ -164,6 +172,14 @@ prometheus:
|
|||
metricRelabelings: []
|
||||
relabelings: []
|
||||
scheme: ""
|
||||
## File to read bearer token for scraping targets
|
||||
bearerTokenFile: ""
|
||||
## Secret to mount to read bearer token for scraping targets. The secret needs
|
||||
## to be in the same namespace as the service monitor and accessible by the
|
||||
## Prometheus Operator
|
||||
bearerTokenSecret: {}
|
||||
# name: secret-name
|
||||
# key: key-name
|
||||
tlsConfig: {}
|
||||
|
||||
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
||||
|
|
@ -199,11 +215,18 @@ securityContext:
|
|||
runAsGroup: 65534
|
||||
runAsUser: 65534
|
||||
fsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## Specify security settings for a Container
|
||||
## Allows overrides and additional options compared to (Pod) securityContext
|
||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
containerSecurityContext: {}
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
|
|
|
|||
|
|
@ -15,4 +15,4 @@ name: prometheus-node-exporter
|
|||
sources:
|
||||
- https://github.com/prometheus/node_exporter/
|
||||
type: application
|
||||
version: 4.14.0
|
||||
version: 4.16.0
|
||||
|
|
|
|||
|
|
@ -76,10 +76,12 @@ The image to use
|
|||
*/}}
|
||||
{{- define "prometheus-node-exporter.image" -}}
|
||||
{{- if .Values.image.sha }}
|
||||
{{- fail "image.sha forbidden. Use image.digest instead" }}
|
||||
{{- else if .Values.image.digest }}
|
||||
{{- if .Values.global.imageRegistry }}
|
||||
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
|
||||
{{- printf "%s/%s:%s@%s" .Values.global.imageRegistry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }}
|
||||
{{- else }}
|
||||
{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }}
|
||||
{{- printf "%s/%s:%s@%s" .Values.image.registry .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.digest }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- if .Values.global.imageRegistry }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
{{- if .Values.networkPolicy.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ include "prometheus-node-exporter.namespace" . }}
|
||||
labels:
|
||||
{{- include "prometheus-node-exporter.labels" $ | nindent 4 }}
|
||||
{{- with .Values.service.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "prometheus-node-exporter.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
|
@ -23,6 +23,10 @@ spec:
|
|||
{{- else }}
|
||||
{{- include "prometheus-node-exporter.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheus.monitor.attachMetadata }}
|
||||
attachMetadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
endpoints:
|
||||
- port: {{ .Values.service.portName }}
|
||||
scheme: {{ .Values.prometheus.monitor.scheme }}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ image:
|
|||
# Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
|
||||
tag: ""
|
||||
pullPolicy: IfNotPresent
|
||||
sha: ""
|
||||
digest: ""
|
||||
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
|
@ -72,6 +72,12 @@ service:
|
|||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
|
||||
# Set a NetworkPolicy with:
|
||||
# ingress only on service.port
|
||||
# no egress permitted
|
||||
networkPolicy:
|
||||
enabled: false
|
||||
|
||||
# Additional environment variables that will be passed to the daemonset
|
||||
env: {}
|
||||
## env:
|
||||
|
|
@ -102,6 +108,11 @@ prometheus:
|
|||
##
|
||||
selectorOverride: {}
|
||||
|
||||
## Attach node metadata to discovered targets. Requires Prometheus v2.35.0 and above.
|
||||
##
|
||||
attachMetadata:
|
||||
node: false
|
||||
|
||||
relabelings: []
|
||||
metricRelabelings: []
|
||||
interval: ""
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ metadata:
|
|||
annotations:
|
||||
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.alertmanager.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.coreDns.enabled }}
|
||||
{{- if and .Values.coreDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.coreDns.enabled }}
|
||||
{{- if and .Values.coreDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.kubeApiServer.enabled }}
|
||||
{{- if and .Values.kubeApiServer.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }}
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.kubeDns.enabled }}
|
||||
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.kubeDns.enabled }}
|
||||
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }}
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }}
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }}
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }}
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }}
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }}
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }}
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.kubelet.enabled }}
|
||||
{{- if and .Values.kubelet.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -33,7 +33,11 @@ data:
|
|||
access: proxy
|
||||
isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }}
|
||||
jsonData:
|
||||
httpMethod: {{ .Values.grafana.sidecar.datasources.httpMethod }}
|
||||
timeInterval: {{ $scrapeInterval }}
|
||||
{{- if .Values.grafana.sidecar.datasources.timeout }}
|
||||
timeout: {{ .Values.grafana.sidecar.datasources.timeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||
exemplarTraceIdDestinations:
|
||||
- datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,32 @@
|
|||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
helm.sh/hook-weight: "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
helm.sh/hook-weight: "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.prometheusOperator.networkPolicy.enabled }}
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.prometheusOperator.networkPolicy.enabled }}
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ metadata:
|
|||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
||||
annotations:
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
|
|
@ -41,4 +41,27 @@ webhooks:
|
|||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }}
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ metadata:
|
|||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
||||
annotations:
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
|
|
@ -41,4 +41,27 @@ webhooks:
|
|||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }}
|
||||
namespaceSelector:
|
||||
matchExpressions:
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 6 }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
ingress:
|
||||
- toPorts:
|
||||
- ports:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- port: {{ .Values.prometheusOperator.tls.internalPort | quote }}
|
||||
{{- else }}
|
||||
- port: "8080"
|
||||
{{- end }}
|
||||
protocol: "TCP"
|
||||
rules:
|
||||
http:
|
||||
- method: "GET"
|
||||
path: "/metrics"
|
||||
{{- end }}
|
||||
|
|
@ -90,15 +90,24 @@ spec:
|
|||
- --config-reloader-cpu-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.cpu }}
|
||||
- --config-reloader-memory-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.memory }}
|
||||
- --config-reloader-memory-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.memory }}
|
||||
{{- if .Values.prometheusOperator.prometheusConfigReloader.enableProbe }}
|
||||
- --enable-config-reloader-probes=true
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
|
||||
- --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
- --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }}
|
||||
- --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
|
||||
- --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
- --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosImage.sha }}
|
||||
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
|
||||
{{- else }}
|
||||
|
|
@ -107,8 +116,11 @@ spec:
|
|||
{{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
|
||||
- --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
- --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.secretFieldSelector }}
|
||||
- --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
|
||||
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.clusterDomain }}
|
||||
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.prometheusOperator.networkPolicy.enabled }}
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "cilium") }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
{{- if .Values.prometheus.networkPolicy.cilium.endpointSelector }}
|
||||
{{- toYaml .Values.prometheus.networkPolicy.cilium.endpointSelector | nindent 4 }}
|
||||
{{- else }}
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
|
||||
- {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
|
||||
{{- end }}
|
||||
{{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.egress }}
|
||||
egress:
|
||||
{{ toYaml .Values.prometheus.networkPolicy.cilium.egress | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.ingress }}
|
||||
ingress:
|
||||
{{ toYaml .Values.prometheus.networkPolicy.cilium.ingress | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -14,6 +14,7 @@ metadata:
|
|||
{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.prometheus.networkPolicy.enabled }}
|
||||
{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "kubernetes") }}
|
||||
apiVersion: {{ template "kube-prometheus-stack.prometheus.networkPolicy.apiVersion" . }}
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
|
|
@ -9,12 +9,10 @@ metadata:
|
|||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
{{- if .Values.prometheus.networkPolicy.egress }}
|
||||
## Deny all egress by default
|
||||
egress:
|
||||
{{- toYaml .Values.prometheus.networkPolicy.egress | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.networkPolicy.ingress }}
|
||||
# Deny all ingress by default (prometheus scrapes itself using localhost)
|
||||
ingress:
|
||||
{{- toYaml .Values.prometheus.networkPolicy.ingress | nindent 4 }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -42,10 +42,7 @@ spec:
|
|||
{{- else }}
|
||||
image: "{{ $registry }}/{{ .Values.prometheus.prometheusSpec.image.repository }}"
|
||||
{{- end }}
|
||||
version: {{ .Values.prometheus.prometheusSpec.image.tag }}
|
||||
{{- if .Values.prometheus.prometheusSpec.image.sha }}
|
||||
sha: {{ .Values.prometheus.prometheusSpec.image.sha }}
|
||||
{{- end }}
|
||||
version: {{ default .Values.prometheus.prometheusSpec.image.tag .Values.prometheus.prometheusSpec.version }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.prometheusSpec.additionalArgs }}
|
||||
additionalArgs:
|
||||
|
|
@ -364,7 +361,8 @@ spec:
|
|||
{{- end }}
|
||||
excludedFromEnforcement:
|
||||
{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }}
|
||||
- resource: prometheusrules
|
||||
- group: monitoring.coreos.com
|
||||
resource: prometheusrules
|
||||
namespace: "{{ template "kube-prometheus-stack.namespace" $ }}"
|
||||
name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}"
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -158,6 +158,7 @@ alertmanager:
|
|||
create: true
|
||||
name: ""
|
||||
annotations: {}
|
||||
automountServiceAccountToken: true
|
||||
|
||||
## Configure pod disruption budgets for Alertmanager
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
||||
|
|
@ -822,6 +823,8 @@ grafana:
|
|||
enabled: true
|
||||
label: grafana_dashboard
|
||||
labelValue: "1"
|
||||
# Allow discovery in all namespaces for dashboards
|
||||
searchNamespace: ALL
|
||||
|
||||
## Annotations for Grafana dashboard configmaps
|
||||
##
|
||||
|
|
@ -844,6 +847,9 @@ grafana:
|
|||
##
|
||||
# url: http://prometheus-stack-prometheus:9090/
|
||||
|
||||
## Prometheus request timeout in seconds
|
||||
# timeout: 30
|
||||
|
||||
# If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
|
||||
# defaultDatasourceScrapeInterval: 15s
|
||||
|
||||
|
|
@ -851,6 +857,9 @@ grafana:
|
|||
##
|
||||
annotations: {}
|
||||
|
||||
## Set method for HTTP to send query to datasource
|
||||
httpMethod: POST
|
||||
|
||||
## Create datasource for each Pod of Prometheus StatefulSet;
|
||||
## this uses headless service `prometheus-operated` which is
|
||||
## created by Prometheus Operator
|
||||
|
|
@ -929,6 +938,11 @@ grafana:
|
|||
# replacement: $1
|
||||
# action: replace
|
||||
|
||||
## Flag to disable all the kubernetes component scrapers
|
||||
##
|
||||
kubernetesServiceMonitors:
|
||||
enabled: true
|
||||
|
||||
## Component scraping the kube api server
|
||||
##
|
||||
kubeApiServer:
|
||||
|
|
@ -1949,6 +1963,15 @@ prometheusOperator:
|
|||
##
|
||||
enabled: false
|
||||
|
||||
## Flavor of the network policy to use.
|
||||
# Can be:
|
||||
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
|
||||
# * cilium for cilium.io/v2/CiliumNetworkPolicy
|
||||
flavor: kubernetes
|
||||
|
||||
# cilium:
|
||||
# egress:
|
||||
|
||||
## Service account for Alertmanager to use.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||
##
|
||||
|
|
@ -2202,6 +2225,9 @@ prometheusOperator:
|
|||
tag: ""
|
||||
sha: ""
|
||||
|
||||
# add prometheus config reloader liveness and readiness probe. Default: false
|
||||
enableProbe: false
|
||||
|
||||
# resource config for prometheusConfigReloader
|
||||
resources:
|
||||
requests:
|
||||
|
|
@ -2219,6 +2245,17 @@ prometheusOperator:
|
|||
tag: v0.30.2
|
||||
sha: ""
|
||||
|
||||
## Set a Label Selector to filter watched prometheus and prometheusAgent
|
||||
##
|
||||
prometheusInstanceSelector: ""
|
||||
|
||||
## Set a Label Selector to filter watched alertmanager
|
||||
##
|
||||
alertmanagerInstanceSelector: ""
|
||||
|
||||
## Set a Label Selector to filter watched thanosRuler
|
||||
thanosRulerInstanceSelector: ""
|
||||
|
||||
## Set a Field Selector to filter watched secrets
|
||||
##
|
||||
secretFieldSelector: ""
|
||||
|
|
@ -2235,6 +2272,18 @@ prometheus:
|
|||
## Configure network policy for the prometheus
|
||||
networkPolicy:
|
||||
enabled: false
|
||||
|
||||
## Flavor of the network policy to use.
|
||||
# Can be:
|
||||
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
|
||||
# * cilium for cilium.io/v2/CiliumNetworkPolicy
|
||||
flavor: kubernetes
|
||||
|
||||
# cilium:
|
||||
# endpointSelector:
|
||||
# egress:
|
||||
# ingress:
|
||||
|
||||
# egress:
|
||||
# - {}
|
||||
# ingress:
|
||||
|
|
@ -2670,6 +2719,10 @@ prometheus:
|
|||
##
|
||||
enableAdminAPI: false
|
||||
|
||||
## Sets version of Prometheus overriding the Prometheus version as derived
|
||||
## from the image tag. Useful in cases where the tag does not follow semver v2.
|
||||
version: ""
|
||||
|
||||
## WebTLSConfig defines the TLS parameters for HTTPS
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig
|
||||
web: {}
|
||||
|
|
@ -2780,11 +2833,12 @@ prometheus:
|
|||
##
|
||||
query: {}
|
||||
|
||||
## Namespaces to be selected for PrometheusRules discovery.
|
||||
## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
|
||||
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
|
||||
##
|
||||
## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery.
|
||||
ruleNamespaceSelector: {}
|
||||
## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel"
|
||||
# ruleNamespaceSelector:
|
||||
# matchLabels:
|
||||
# prometheus: somelabel
|
||||
|
||||
## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
|
||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||
|
|
@ -2849,10 +2903,12 @@ prometheus:
|
|||
# matchLabels:
|
||||
# prometheus: somelabel
|
||||
|
||||
## Namespaces to be selected for PodMonitor discovery.
|
||||
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
|
||||
##
|
||||
## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery.
|
||||
podMonitorNamespaceSelector: {}
|
||||
## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel"
|
||||
# podMonitorNamespaceSelector:
|
||||
# matchLabels:
|
||||
# prometheus: somelabel
|
||||
|
||||
## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
|
||||
## prometheus resource to be created with selectors based on values in the helm deployment,
|
||||
|
|
@ -2869,10 +2925,12 @@ prometheus:
|
|||
# matchLabels:
|
||||
# prometheus: somelabel
|
||||
|
||||
## Namespaces to be selected for Probe discovery.
|
||||
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage
|
||||
##
|
||||
## If nil, select own namespace. Namespaces to be selected for Probe discovery.
|
||||
probeNamespaceSelector: {}
|
||||
## Example which selects Probe in namespaces with label "prometheus" set to "somelabel"
|
||||
# probeNamespaceSelector:
|
||||
# matchLabels:
|
||||
# prometheus: somelabel
|
||||
|
||||
## How long to retain metrics
|
||||
##
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "49b59cc8e5c838bdc5e661de6388a0e348b3985c",
|
||||
"version": "2a0c9896623cc64543b01bd0bdf1140f6d622a67",
|
||||
"sum": "QTzBqwjnM6cGGVBhOiVJyA+ZVTkmCTuH6C6YW7XKRFw="
|
||||
},
|
||||
{
|
||||
|
|
@ -58,7 +58,7 @@
|
|||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "d680faafc0727c4c5086f1624333363e57d2ce81",
|
||||
"version": "d303b2031264728728dd1e1c05f74f67027139f6",
|
||||
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
||||
},
|
||||
{
|
||||
|
|
@ -68,8 +68,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "eed459199703c969afc318ea55b9361ae48180a7",
|
||||
"sum": "iKDOR7+jXw3Rctog6Z1ofweIK5BLjuGeguIZjXLP8ls="
|
||||
"version": "d87b757edc73a5f5b78e9f6a9bbae9023131c946",
|
||||
"sum": "fsAZNroGj9QOUt63dI78jcahPnCXlBhpfxuPJC3dTac="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
|
@ -78,7 +78,7 @@
|
|||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "32f8c5e80500855dcdec0c0b7398b580b12f3470",
|
||||
"version": "5f31736e444a674a969d65aaa9afd9d0864c8639",
|
||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||
},
|
||||
{
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "32f8c5e80500855dcdec0c0b7398b580b12f3470",
|
||||
"version": "5f31736e444a674a969d65aaa9afd9d0864c8639",
|
||||
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
|
||||
},
|
||||
{
|
||||
|
|
@ -98,8 +98,8 @@
|
|||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "2a955da550e33f75e3a7ecf30d45e8fd19dc6c31",
|
||||
"sum": "8SUhAtqVsKsqUmDYgmrdZWrvS6bQ1dHnVSi2LFJeCZU="
|
||||
"version": "c9e1145027df233fa3d1d7aed86cacbf6001d1f5",
|
||||
"sum": "Skpy4SojW1KNz8dJpg8J6mx/z596xf9nW8VEGvXnGJg="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
|
@ -108,8 +108,8 @@
|
|||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "06b5c4189f3f72737766d86103d049115c3aff48",
|
||||
"sum": "GQmaVFJwKMiD/P4n3N2LrAZVcwutriWrP8joclDtBYQ=",
|
||||
"version": "e8841ea9546b08693aefbb945bfebc11c8b33186",
|
||||
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
{
|
||||
|
|
@ -119,8 +119,8 @@
|
|||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "06b5c4189f3f72737766d86103d049115c3aff48",
|
||||
"sum": "8XqdRl/MXzaSKjhHkrMFWbrP8Tw0k5tsI5hNfX++1Pw="
|
||||
"version": "e8841ea9546b08693aefbb945bfebc11c8b33186",
|
||||
"sum": "cNcVEO+LVAJK7fGxfL8RAIo/G/9ZU/ZUhCzUpdcgytc="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
|
@ -129,7 +129,7 @@
|
|||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "0f14383b61c1e301a70130ecfc22df52bd85df6e",
|
||||
"version": "f67d03fe2854191bb36dbcb305ec507237583aa2",
|
||||
"sum": "PsK+V7oETCPKu2gLoPfqY0wwPKH9TzhNj6o2xezjjXc=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
|
|
@ -140,8 +140,8 @@
|
|||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "c8129fadd660ae90598b84791d8915a995a27815",
|
||||
"sum": "TwdaTm0Z++diiLyaKAAimmC6hBL7XbrJc0RHhBCpAdU="
|
||||
"version": "184a4e0893dd5c28e540ca3070f2e3a07f939f11",
|
||||
"sum": "aFUI56y6Y8EpniS4cfYqrSaHFnxeomIw4S4+Sz8yPtQ="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
|
@ -150,7 +150,7 @@
|
|||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "0ab95536115adfe50af249d36d73674be694ca3f",
|
||||
"version": "5c5fa5c319fca713506fa144ec6768fddf00d466",
|
||||
"sum": "LRx0tbMnoE1p8KEn+i81j2YsA5Sgt3itE5Y6jBf5eOQ=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
|
|
@ -161,8 +161,8 @@
|
|||
"subdir": "config/crd/bases"
|
||||
}
|
||||
},
|
||||
"version": "cd05347647955a378f32a888d194cb0f7c0134a6",
|
||||
"sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g="
|
||||
"version": "05405777468aca15ee63824512f8f13af9f08039",
|
||||
"sum": "MK8+uumteRncS0hkyjocvU2vdtlGbfBRPcU0/mJnU2M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
|
@ -171,7 +171,7 @@
|
|||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "a1ec4d5365e88967e4bb4b0f127d174617ed2bbc",
|
||||
"version": "cdb395a7100be554e804d61c735b8d4a4b678f11",
|
||||
"sum": "zSLNV/0bN4DcVKojzCqjmhfjtzTY4pDKZXqbAUzw5R0=",
|
||||
"name": "thanos-mixin"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@
|
|||
{
|
||||
"alert": "NodeClockSkewDetected",
|
||||
"annotations": {
|
||||
"description": "Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.",
|
||||
"description": "Clock on {{ $labels.instance }} is out of sync by more than 0.05s. Ensure NTP is configured correctly on this host.",
|
||||
"runbook_url": "https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected",
|
||||
"summary": "Clock skew detected."
|
||||
},
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"app.kubernetes.io/component": "controller",
|
||||
"app.kubernetes.io/name": "prometheus-operator",
|
||||
"app.kubernetes.io/part-of": "kube-prometheus",
|
||||
"app.kubernetes.io/version": "0.64.1",
|
||||
"app.kubernetes.io/version": "0.65.1",
|
||||
"prometheus": "k8s",
|
||||
"role": "alert-rules"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
"app.kubernetes.io/instance": "k8s",
|
||||
"app.kubernetes.io/name": "prometheus",
|
||||
"app.kubernetes.io/part-of": "kube-prometheus",
|
||||
"app.kubernetes.io/version": "2.43.0",
|
||||
"app.kubernetes.io/version": "2.43.1",
|
||||
"prometheus": "k8s",
|
||||
"role": "alert-rules"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ spec:
|
|||
severity: warning
|
||||
- alert: NodeClockSkewDetected
|
||||
annotations:
|
||||
description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.
|
||||
description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 0.05s. Ensure NTP is configured correctly on this host.
|
||||
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected
|
||||
summary: Clock skew detected.
|
||||
expr: "(\n node_timex_offset_seconds{job=\"node-exporter\"} > 0.05\nand\n deriv(node_timex_offset_seconds{job=\"node-exporter\"}[5m]) >= 0\n)\nor\n(\n node_timex_offset_seconds{job=\"node-exporter\"} < -0.05\nand\n deriv(node_timex_offset_seconds{job=\"node-exporter\"}[5m]) <= 0\n)\n"
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ kube-prometheus-stack:
|
|||
- sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||
separator: ;
|
||||
regex: ^(.*)$
|
||||
targetLabel: node
|
||||
targetLabel: instance
|
||||
replacement: $1
|
||||
action: replace
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-redis
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Redis HA
|
||||
|
||||
|
|
@ -14,7 +14,7 @@ KubeZero Umbrella Chart for Redis HA
|
|||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.20.0`
|
||||
Kubernetes: `>= 1.25.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero
|
||||
description: KubeZero - Root App of Apps chart
|
||||
type: application
|
||||
version: 1.25.8
|
||||
version: 1.25.8-1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero - Root App of Apps chart
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ Kubernetes: `>= 1.25.0`
|
|||
| metrics.istio.grafana | object | `{}` | |
|
||||
| metrics.istio.prometheus | object | `{}` | |
|
||||
| metrics.namespace | string | `"monitoring"` | |
|
||||
| metrics.targetRevision | string | `"0.9.0"` | |
|
||||
| metrics.targetRevision | string | `"0.9.1"` | |
|
||||
| network.cilium.cluster | object | `{}` | |
|
||||
| network.enabled | bool | `true` | |
|
||||
| network.retain | bool | `true` | |
|
||||
|
|
|
|||
|
|
@ -1,3 +1,60 @@
|
|||
{{- define "_kube-prometheus-stack" }}
|
||||
|
||||
{{- if .global.aws }}
|
||||
alertmanager:
|
||||
config:
|
||||
receivers:
|
||||
- name: 'null'
|
||||
- name: alerthub-notifications
|
||||
webhook_configs:
|
||||
- send_resolved: true
|
||||
url: http://localhost:9087/alert/AlertHub
|
||||
route:
|
||||
receiver: alerthub-notifications
|
||||
prometheus:
|
||||
prometheusSpec:
|
||||
externalLabels:
|
||||
awsAccount: '{{ .global.aws.accountId }}'
|
||||
awsRegion: {{ .global.aws.region }}
|
||||
clusterName: {{ .global.clusterName }}
|
||||
volumes:
|
||||
- name: aws-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
path: token
|
||||
expirationSeconds: 86400
|
||||
audience: "sts.amazonaws.com"
|
||||
volumeMounts:
|
||||
- name: aws-token
|
||||
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||
readOnly: true
|
||||
additionalScrapeConfigs:
|
||||
- job_name: 'nodes'
|
||||
ec2_sd_configs:
|
||||
- port: 9100
|
||||
region: {{ .global.aws.region }}
|
||||
filters:
|
||||
- name: 'tag-key'
|
||||
values: ['zdt:prometheus.node-exporter']
|
||||
relabel_configs:
|
||||
- source_labels:
|
||||
- '__meta_ec2_instance_id'
|
||||
target_label: 'instance_id'
|
||||
- source_labels:
|
||||
- '__meta_ec2_availability_zone'
|
||||
target_label: 'availability_zone'
|
||||
- source_labels:
|
||||
- '__meta_ec2_private_dns_name'
|
||||
target_label: 'instance'
|
||||
- source_labels:
|
||||
- '__meta_ec2_tag_Name'
|
||||
target_label: 'instance'
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- define "metrics-values" }}
|
||||
|
||||
{{- with .Values.metrics.istio }}
|
||||
|
|
@ -6,7 +63,7 @@ istio:
|
|||
{{- end }}
|
||||
{{- with index .Values "metrics" "kube-prometheus-stack" }}
|
||||
kube-prometheus-stack:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- toYaml ( merge ( include "_kube-prometheus-stack" $.Values | fromYaml ) . ) | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with index .Values "metrics" "prometheus-adapter" }}
|
||||
prometheus-adapter:
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ istio-private-ingress:
|
|||
metrics:
|
||||
enabled: false
|
||||
namespace: monitoring
|
||||
targetRevision: 0.9.0
|
||||
targetRevision: 0.9.1
|
||||
istio:
|
||||
grafana: {}
|
||||
prometheus: {}
|
||||
|
|
|
|||
Loading…
Reference in New Issue