diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 190ace85..54818501 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -29,7 +29,7 @@ jobs: - name: Check helm docs did not change anything run: | - CHANGES=$(git diff --stat charts :^charts/kafka-manager) + CHANGES=$(git diff --stat charts) if [ -n "${CHANGES}" ]; then printf "README is not up to date with helm-docs. Following mismatches are detected:\n$CHANGES\n" exit 1 diff --git a/README.md b/README.md index e3437109..243b5596 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,12 @@ The external charts that have a depedency need manual steps: - In the `Chart.yaml` the repository should be changd to `https://radar-base.github.io/radar-helm-charts`. - The `Chart.lock` file should be removed and then run `helm dependency build` to recreate the file with new repository URL and remove any `.tgz` files that gets created. +### kube-prometheus-stack +For this chart, `Chart.yaml` needs to be updated to the latest version, remove `Chart.lock` and run `helm dependency build`. Make sure to copy the CRDs from +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/charts/crds/crds +to +https://github.com/RADAR-base/RADAR-Kubernetes/blob/main/etc/kube-prometheus-stack/files/crds.yaml + ## Feedback and Contributions Enabling RADAR-base community to use RADAR-Kubernetes is important for us. If you have troubles setting up the platform using provided instructions, you can create an issue with exact details to reproduce and the expected behaviour. diff --git a/charts/app-config-frontend/Chart.yaml b/charts/app-config-frontend/Chart.yaml index 1784042a..cda46385 100644 --- a/charts/app-config-frontend/Chart.yaml +++ b/charts/app-config-frontend/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.0.3 +version: 2.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/app-config-frontend/README.md b/charts/app-config-frontend/README.md index 0dd96cb7..3e445bd0 100644 --- a/charts/app-config-frontend/README.md +++ b/charts/app-config-frontend/README.md @@ -3,7 +3,7 @@ # app-config-frontend [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config-frontend)](https://artifacthub.io/packages/helm/radar-base/app-config-frontend) -![Version: 2.0.3](https://img.shields.io/badge/Version-2.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square) +![Version: 2.1.1](https://img.shields.io/badge/Version-2.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square) A Helm chart for the frontend application of RADAR-base application config (app-config). @@ -43,13 +43,15 @@ A Helm chart for the frontend application of RADAR-base application config (app- | securityContext | object | `{}` | Configure Appconfig containers' Security Context | | service.type | string | `"ClusterIP"` | Kubernetes Service type | | service.port | int | `8080` | Appconfig frontend port | +| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS | +| advertised_protocol | string | `"https"` | The protocol in advertised URIs (https, http) | | ingress.enabled | bool | `true` | Enable ingress controller resource | | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer | | ingress.path | string | `"/appconfig"` | Path within the url structure | | ingress.pathType | string | `"ImplementationSpecific"` | Ingress Path type | | ingress.ingressClassName | string | `"nginx"` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | | ingress.hosts | list | `["localhost"]` | Hosts to accept requests from | -| ingress.tls.secretName | string | `"radar-base-tls-appconfig-frontend"` | TLS Secret Name | +| ingress.tls.secretName | string | `"radar-base-tls"` | TLS Secret Name | | resources.limits | object | `{"cpu":"200m","memory":"512Mi"}` | CPU/Memory resource limits | | resources.requests | object | `{"cpu":"100m","memory":"128Mi"}` | CPU/Memory resource requests | | nodeSelector | object | `{}` | Node labels for pod assignment | diff --git a/charts/app-config-frontend/templates/deployment.yaml b/charts/app-config-frontend/templates/deployment.yaml index 0f6d2f57..b43999f8 100644 --- a/charts/app-config-frontend/templates/deployment.yaml +++ b/charts/app-config-frontend/templates/deployment.yaml @@ -1,4 +1,3 @@ -{{ $https := ternary "http" "https" (or .Values.disable_tls (not .Values.ingress.tls)) }} apiVersion: apps/v1 kind: Deployment metadata: @@ -53,9 +52,9 @@ spec: - name: APP_CONFIG_URL value: /appconfig/api - name: AUTH_URL - value: {{ printf "%s://%s/managementportal/oauth" $https .Values.serverName }} + value: {{ printf "%s://%s/managementportal/oauth" .Values.advertised_protocol .Values.serverName }} - name: AUTH_CALLBACK_URL - value: {{ printf "%s://%s/appconfig/login" $https .Values.serverName }} + value: {{ printf "%s://%s/appconfig/login" .Values.advertised_protocol .Values.serverName }} {{- with .Values.extraEnvVars }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/app-config-frontend/values.yaml b/charts/app-config-frontend/values.yaml index 6e0bf7b6..d4d67aa7 100644 --- a/charts/app-config-frontend/values.yaml +++ b/charts/app-config-frontend/values.yaml @@ -44,6 +44,11 @@ service: # -- Appconfig frontend port port: 8080 +# -- Reconfigure Ingress to not force TLS +disable_tls: false +# -- The protocol in advertised URIs (https, http) +advertised_protocol: https + ingress: # -- Enable ingress controller resource enabled: true @@ -62,7 +67,7 @@ ingress: - localhost tls: # -- TLS Secret Name - secretName: radar-base-tls-appconfig-frontend + secretName: radar-base-tls resources: # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/app-config/Chart.yaml b/charts/app-config/Chart.yaml index b064d277..5f987aa8 100644 --- a/charts/app-config/Chart.yaml +++ b/charts/app-config/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.5.2" description: A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration. name: app-config -version: 1.3.2 +version: 1.3.4 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" sources: - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/app-config diff --git a/charts/app-config/README.md b/charts/app-config/README.md index 8682734b..c2da4e3e 100644 --- a/charts/app-config/README.md +++ b/charts/app-config/README.md @@ -3,7 +3,7 @@ # app-config [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config)](https://artifacthub.io/packages/helm/radar-base/app-config) -![Version: 1.3.2](https://img.shields.io/badge/Version-1.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square) +![Version: 1.3.4](https://img.shields.io/badge/Version-1.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square) A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration. @@ -45,14 +45,14 @@ A Helm chart for RADAR-base application config (app-config) backend service whic | securityContext | object | `{}` | Configure Appconfig containers' Security Context | | service.type | string | `"ClusterIP"` | Kubernetes Service type | | service.port | int | `8090` | Appconfig port | -| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) | +| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS | | ingress.enabled | bool | `true` | Enable ingress controller resource | | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer | | ingress.path | string | `"/appconfig/api"` | Path within the url structure | | ingress.pathType | string | `"ImplementationSpecific"` | Ingress Path type | | ingress.ingressClassName | string | `"nginx"` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | | ingress.hosts | list | `["localhost"]` | Hosts to accept requests from | -| ingress.tls.secretName | string | `"radar-base-tls-appconfig"` | TLS Secret Name | +| ingress.tls.secretName | string | `"radar-base-tls"` | TLS Secret Name | | resources.limits | object | `{"cpu":2}` | CPU/Memory resource limits | | resources.requests | object | `{"cpu":"100m","memory":"768Mi"}` | CPU/Memory resource requests | | nodeSelector | object | `{}` | Node labels for pod assignment | diff --git a/charts/app-config/values.yaml b/charts/app-config/values.yaml index f942d64a..a11ac5b4 100644 --- a/charts/app-config/values.yaml +++ b/charts/app-config/values.yaml @@ -51,7 +51,7 @@ service: # -- Appconfig port port: 8090 -# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP) +# -- Reconfigure Ingress to not force TLS disable_tls: false ingress: @@ -72,7 +72,7 @@ ingress: - localhost tls: # -- TLS Secret Name - secretName: radar-base-tls-appconfig + secretName: radar-base-tls resources: # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/cc-schema-registry-proxy/Chart.yaml b/charts/cc-schema-registry-proxy/Chart.yaml index fb1763d5..f0f13523 100644 --- a/charts/cc-schema-registry-proxy/Chart.yaml +++ b/charts/cc-schema-registry-proxy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "1.0" description: A Helm chart for Confluent Cloud schema registry proxy. This proxy service is used when RADAR-base platform is used with Confluent Cloud based schema registry. It forwards requests to schema registry with an additonal basic authentication header with Confluent Cloud schema registry credentials. This service will be enabled if `cc.enabled = true`. name: cc-schema-registry-proxy -version: 0.3.2 +version: 0.3.3 type: application home: "https://radar-base.org" icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png" diff --git a/charts/cc-schema-registry-proxy/README.md b/charts/cc-schema-registry-proxy/README.md index ddbbedf9..66b5fc28 100644 --- a/charts/cc-schema-registry-proxy/README.md +++ b/charts/cc-schema-registry-proxy/README.md @@ -3,7 +3,7 @@ # cc-schema-registry-proxy [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cc-schema-registry-proxy)](https://artifacthub.io/packages/helm/radar-base/cc-schema-registry-proxy) -![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) +![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) A Helm chart for Confluent Cloud schema registry proxy. This proxy service is used when RADAR-base platform is used with Confluent Cloud based schema registry. It forwards requests to schema registry with an additonal basic authentication header with Confluent Cloud schema registry credentials. This service will be enabled if `cc.enabled = true`. @@ -34,7 +34,7 @@ A Helm chart for Confluent Cloud schema registry proxy. This proxy service is us | service.type | string | `"ExternalName"` | Kubernetes Service type, | | service.externalName | string | `"schema-registry-domain"` | Domain name used for pointing to actual schema registry instance | | service.port | int | `443` | Port number to connect to Confluent platform | -| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) | +| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS | | ingress.enabled | bool | `true` | Enable ingress controller resource | | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer | | ingress.path | string | `"/schema/?(.*)"` | Path within the url structure | diff --git a/charts/cc-schema-registry-proxy/values.yaml b/charts/cc-schema-registry-proxy/values.yaml index 108029cf..233754d1 100644 --- a/charts/cc-schema-registry-proxy/values.yaml +++ b/charts/cc-schema-registry-proxy/values.yaml @@ -9,7 +9,7 @@ service: # -- Port number to connect to Confluent platform port: 443 -# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP) +# -- Reconfigure Ingress to not force TLS disable_tls: false ingress: diff --git a/charts/data-dashboard-backend/Chart.yaml b/charts/data-dashboard-backend/Chart.yaml index 7d38acb7..038e75ea 100644 --- a/charts/data-dashboard-backend/Chart.yaml +++ b/charts/data-dashboard-backend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "0.2.2" name: data-dashboard-backend description: API for data in the data dashboard -version: 0.3.4 +version: 0.3.7 sources: ["https://github.com/thehyve/radar-data-dashboard-backend"] deprecated: false type: application diff --git a/charts/data-dashboard-backend/README.md b/charts/data-dashboard-backend/README.md index c71b60b9..ec823fad 100644 --- a/charts/data-dashboard-backend/README.md +++ b/charts/data-dashboard-backend/README.md @@ -2,7 +2,7 @@ # data-dashboard-backend -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square) +![Version: 0.3.7](https://img.shields.io/badge/Version-0.3.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square) API for data in the data dashboard @@ -40,19 +40,20 @@ API for data in the data dashboard | securityContext | object | `{}` | Configure container's Security Context | | service.type | string | `"ClusterIP"` | Kubernetes Service type | | service.port | int | `9000` | data-dashboard-backend port | -| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) | +| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS | | ingress.enabled | bool | `true` | Enable ingress controller resource | | ingress.ingressClassName | string | `"nginx"` | Ingress class name | | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer | | ingress.path | string | `"/api"` | Path within the url structure | | ingress.pathType | string | `"ImplementationSpecific"` | | | ingress.hosts | list | `["localhost"]` | Hosts to accept requests from | -| ingress.tls.secretName | string | `"radar-base-data-dashboard-tls"` | | +| ingress.tls.secretName | string | `"radar-base-tls"` | | | resources | object | `{}` | | | autoscaling.enabled | bool | `false` | Enable horizontal autoscaling | | autoscaling.minReplicas | int | `1` | | | autoscaling.maxReplicas | int | `100` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| networkpolicy | object | check `values.yaml` | Network policy defines who can access this application and who this applications has access to | | nodeSelector | object | `{}` | Node labels for pod assignment | | tolerations | list | `[]` | Toleration labels for pod assignment | | affinity | object | `{}` | Affinity labels for pod assignment | diff --git a/charts/data-dashboard-backend/templates/networkpolicy.yaml b/charts/data-dashboard-backend/templates/networkpolicy.yaml new file mode 100644 index 00000000..ee96faa4 --- /dev/null +++ b/charts/data-dashboard-backend/templates/networkpolicy.yaml @@ -0,0 +1,13 @@ +{{- if .Values.networkpolicy }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "data-dashboard-backend.fullname" . }} + labels: +{{ include "data-dashboard-backend.labels" . | indent 4 }} +spec: + podSelector: + matchLabels: +{{ include "data-dashboard-backend.labels" . | indent 6 }} + {{- tpl (toYaml .Values.networkpolicy) . | nindent 2 }} +{{- end -}} diff --git a/charts/data-dashboard-backend/values.yaml b/charts/data-dashboard-backend/values.yaml index 826e924b..fe97c072 100644 --- a/charts/data-dashboard-backend/values.yaml +++ b/charts/data-dashboard-backend/values.yaml @@ -40,7 +40,7 @@ service: # -- data-dashboard-backend port port: 9000 -# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP) +# -- Reconfigure Ingress to not force TLS disable_tls: false ingress: @@ -59,7 +59,7 @@ ingress: hosts: - localhost tls: - secretName: radar-base-data-dashboard-tls + secretName: radar-base-tls resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -81,6 +81,48 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# -- Network policy defines who can access this application and who this applications has access to +# @default -- check `values.yaml` +networkpolicy: + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: 'management-portal' + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: '{{ .Release.Namespace }}' + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # -- Node labels for pod assignment nodeSelector: {} diff --git a/charts/kafka-manager/.helmignore b/charts/kafka-manager/.helmignore deleted file mode 100644 index 7c04072e..00000000 --- a/charts/kafka-manager/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS diff --git a/charts/kafka-manager/Chart.yaml b/charts/kafka-manager/Chart.yaml deleted file mode 100644 index 811ee69d..00000000 --- a/charts/kafka-manager/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: kafka-manager -version: 2.3.0 -appVersion: 1.3.3.18 -kubeVersion: "^1.8.0-0" -description: A tool for managing Apache Kafka. -home: https://github.com/yahoo/kafka-manager -icon: https://kafka.apache.org/images/logo.png -sources: - - https://github.com/yahoo/kafka-manager -keywords: -- kafka -- zookeeper -- kafka-manager -maintainers: -- name: giacomoguiulfo - email: giacomoguiulfo@gmail.com -- name: ssalaues - email: salim.salaues@scality.com -engine: gotpl diff --git a/charts/kafka-manager/DOCS.md.gotmpl b/charts/kafka-manager/DOCS.md.gotmpl deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/kafka-manager/OWNERS b/charts/kafka-manager/OWNERS deleted file mode 100644 index b1df4d88..00000000 --- a/charts/kafka-manager/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- giacomoguiulfo -- ssalaues -reviewers: -- giacomoguiulfo -- ssalaues diff --git a/charts/kafka-manager/README.md b/charts/kafka-manager/README.md deleted file mode 100644 index 8aa2fdd4..00000000 --- a/charts/kafka-manager/README.md +++ /dev/null @@ -1,90 +0,0 @@ - - -# Kafka Manager Helm Chart - -[Kafka Manager](https://github.com/yahoo/kafka-manager) is a tool for managing [Apache Kafka](http://kafka.apache.org/). - -## TL;DR; - -```bash -$ helm install stable/kafka-manager -``` - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/kafka-manager -``` - -The command deploys Kafka Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Kafka Manager chart and their default values. - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| clusters | string | `nil` | | -| applicationSecret | string | `""` | | -| basicAuth.enabled | bool | `false` | | -| basicAuth.username | string | `"admin"` | | -| basicAuth.password | string | `""` | | -| javaOptions | string | `""` | | -| service.type | string | `"ClusterIP"` | | -| service.port | int | `9000` | | -| service.annotations | object | `{}` | | -| resources.requests.cpu | string | `"100m"` | | -| resources.requests.memory | string | `"400Mi"` | | -| nodeSelector | object | `{}` | | -| tolerations | list | `[]` | | -| affinity | object | `{}` | | -| zookeeper | object | `{"enabled":false,"env":{"ZK_HEAP_SIZE":"1G"},"persistence":{"enabled":false}}` | ---------------------------------------------------------------------------- | -| zkHosts | string | `"cp-zookeeper:2181"` | | -| image.repository | string | `"radarbase/kafka-manager"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| image.pullPolicy | string | `"IfNotPresent"` | | -| imagePullSecrets | list | `[]` | Docker registry secret names as an array | -| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) | -| ingress.enabled | bool | `true` | Enable ingress controller resource | -| ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer | -| ingress.path | string | `"/kafkamanager/"` | Path within the url structure | -| ingress.pathType | string | `"ImplementationSpecific"` | | -| ingress.hosts | list | `["localhost"]` | Hosts to accept requests from | -| ingress.tls.secretName | string | `"radar-base-tls"` | TLS Secret Name | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install stable/kafka-manager --name my-release \ - --set ingress.enabled=true -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install stable/kafka-manager --name my-release -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/kafka-manager/README.md.gotmpl b/charts/kafka-manager/README.md.gotmpl deleted file mode 100644 index 611d2665..00000000 --- a/charts/kafka-manager/README.md.gotmpl +++ /dev/null @@ -1,56 +0,0 @@ -# Kafka Manager Helm Chart - -[Kafka Manager](https://github.com/yahoo/kafka-manager) is a tool for managing [Apache Kafka](http://kafka.apache.org/). - -## TL;DR; - -```bash -$ helm install stable/kafka-manager -``` - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/kafka-manager -``` - -The command deploys Kafka Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Kafka Manager chart and their default values. - -{{ template "chart.valuesSection" . }} - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install stable/kafka-manager --name my-release \ - --set ingress.enabled=true -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install stable/kafka-manager --name my-release -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/kafka-manager/ci/example-values.yaml b/charts/kafka-manager/ci/example-values.yaml deleted file mode 100644 index 42b22284..00000000 --- a/charts/kafka-manager/ci/example-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -zookeeper: - enabled: true diff --git a/charts/kafka-manager/templates/NOTES.txt b/charts/kafka-manager/templates/NOTES.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/kafka-manager/templates/_helpers.tpl b/charts/kafka-manager/templates/_helpers.tpl deleted file mode 100644 index bd8a32ea..00000000 --- a/charts/kafka-manager/templates/_helpers.tpl +++ /dev/null @@ -1,92 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kafka-manager.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kafka-manager.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kafka-manager.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kafka-manager.labels" -}} -helm.sh/chart: {{ include "kafka-manager.chart" . }} -{{ include "kafka-manager.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kafka-manager.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kafka-manager.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create a default fully qualified bootstrap job name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kafka-manager.bootstrap.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-bootstrap" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified zookeeper name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kafka-manager.zookeeper.fullname" -}} -{{- $name := default "zookeeper" .Values.zookeeper.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use. -*/}} -{{- define "kafka-manager.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kafka-manager.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the kafka-manager zookeeper hosts url. -*/}} -{{- define "kafka-manager.zkHosts" -}} -{{- if .Values.zookeeper.enabled -}} - {{- printf "%s:2181" (include "kafka-manager.zookeeper.fullname" .) }} -{{- else -}} - {{- default "localhost:2181" (tpl .Values.zkHosts .) -}} -{{- end -}} -{{- end -}} diff --git a/charts/kafka-manager/templates/configmap.yaml b/charts/kafka-manager/templates/configmap.yaml deleted file mode 100644 index c9375510..00000000 --- a/charts/kafka-manager/templates/configmap.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.clusters -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kafka-manager.bootstrap.fullname" . }} - labels: - {{ include "kafka-manager.labels" . | indent 4 }} -data: - addClusters.sh: | - #!/bin/bash - set -e - {{- range $cluster := .Values.clusters }} - {{ printf "curl http://%s:9000/clusters -X POST -f " (include "kafka-manager.fullname" $) -}} - {{- printf "-d name=%v " (default "default" $cluster.name) -}} - {{- printf "-d zkHosts=%v " (default (include "kafka-manager.zkHosts" $) $cluster.zkHosts) -}} - {{- printf "-d kafkaVersion=%v " (default "1.0.0" $cluster.kafkaVersion) -}} - {{- printf "-d jmxEnabled=%v " (default "false" $cluster.jmxEnabled) -}} - {{- printf "-d jmxUser=%v " (default "" $cluster.jmxUser) -}} - {{- printf "-d jmxPass=%v " (default "" $cluster.jmxPass) -}} - {{- printf "-d jmxSsl=%v " (default "false" $cluster.jmxSsl) -}} - {{- printf "-d logkafkaEnabled=%v " (default "false" $cluster.logkafkaEnabled) -}} - {{- printf "-d pollConsumers=%v " (default "false" $cluster.pollConsumers) -}} - {{- printf "-d filterConsumers=%v " (default "false" $cluster.filterConsumers) -}} - {{- printf "-d activeOffsetCacheEnabled=%v " (default "false" $cluster.activeOffsetCacheEnabled) -}} - {{- printf "-d displaySizeEnabled=%v " (default "false" $cluster.displaySizeEnabled) -}} - {{- printf "-d tuning.brokerViewUpdatePeriodSeconds=%v " (default "30" $cluster.tuning.brokerViewUpdatePeriodSeconds) -}} - {{- printf "-d tuning.clusterManagerThreadPoolSize=%v " (default "2" $cluster.tuning.clusterManagerThreadPoolSize) -}} - {{- printf "-d tuning.clusterManagerThreadPoolQueueSize=%v " (default "100" $cluster.tuning.clusterManagerThreadPoolQueueSize) -}} - {{- printf "-d tuning.kafkaCommandThreadPoolSize=%v " (default "2" $cluster.tuning.kafkaCommandThreadPoolSize) -}} - {{- printf "-d tuning.kafkaCommandThreadPoolQueueSize=%v " (default "100" $cluster.tuning.kafkaCommandThreadPoolQueueSize) -}} - {{- printf "-d tuning.logkafkaCommandThreadPoolSize=%v " (default "2" $cluster.tuning.logkafkaCommandThreadPoolSize) -}} - {{- printf "-d tuning.logkafkaCommandThreadPoolQueueSize=%v " (default "100" $cluster.tuning.logkafkaCommandThreadPoolQueueSize) -}} - {{- printf "-d tuning.logkafkaUpdatePeriodSeconds=%v " (default "30" $cluster.tuning.logkafkaUpdatePeriodSeconds) -}} - {{- printf "-d tuning.partitionOffsetCacheTimeoutSecs=%v " (default "5" $cluster.tuning.partitionOffsetCacheTimeoutSecs) -}} - {{- printf "-d tuning.brokerViewThreadPoolSize=%v " (default "4" $cluster.tuning.brokerViewThreadPoolSize) -}} - {{- printf "-d tuning.brokerViewThreadPoolQueueSize=%v " (default "1000" $cluster.tuning.brokerViewThreadPoolQueueSize) -}} - {{- printf "-d tuning.offsetCacheThreadPoolSize=%v " (default "4" $cluster.tuning.offsetCacheThreadPoolSize) -}} - {{- printf "-d tuning.offsetCacheThreadPoolQueueSize=%v " (default "1000" $cluster.tuning.offsetCacheThreadPoolQueueSize) -}} - {{- printf "-d tuning.kafkaAdminClientThreadPoolSize=%v " (default "4" $cluster.tuning.kafkaAdminClientThreadPoolSize) -}} - {{- printf "-d tuning.kafkaAdminClientThreadPoolQueueSize=%v " (default "1000" $cluster.tuning.kafkaAdminClientThreadPoolQueueSize) -}} - {{- printf "-d tuning.kafkaManagedOffsetMetadataCheckMillis=%v " (default "30000" $cluster.tuning.kafkaManagedOffsetMetadataCheckMillis) -}} - {{- printf "-d tuning.kafkaManagedOffsetGroupCacheSize=%v " (default "1000000" $cluster.tuning.kafkaManagedOffsetGroupCacheSize) -}} - {{- printf "-d tuning.kafkaManagedOffsetGroupExpireDays=%v " (default "7" $cluster.tuning.kafkaManagedOffsetGroupExpireDays) -}} - {{- printf "-d securityProtocol=%v " (default "PLAINTEXT" $cluster.securityProtocol) -}} - {{- printf "$( if $KAFKA_MANAGER_AUTH_ENABLED; then echo -u $KAFKA_MANAGER_USERNAME:$KAFKA_MANAGER_PASSWORD ; fi ) " -}} - {{- end -}} -{{- end -}} diff --git a/charts/kafka-manager/templates/deployment.yaml b/charts/kafka-manager/templates/deployment.yaml deleted file mode 100644 index 091c1343..00000000 --- a/charts/kafka-manager/templates/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kafka-manager.fullname" . }} - labels: -{{ include "kafka-manager.labels" . | indent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "kafka-manager.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "kafka-manager.name" . }} - release: {{ .Release.Name }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kafka-manager.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: kafka-manager - containerPort: 9000 - protocol: TCP - env: - - name: ZK_HOSTS - value: {{ include "kafka-manager.zkHosts" . | quote }} - - name: JAVA_OPTS - value: {{ .Values.javaOptions }} - - name: APPLICATION_SECRET - valueFrom: - secretKeyRef: - name: {{ template "kafka-manager.fullname" . }} - key: applicationSecret - - name: KAFKA_MANAGER_AUTH_ENABLED - value: {{ .Values.basicAuth.enabled | quote }} - - name: KAFKA_MANAGER_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "kafka-manager.fullname" . }} - key: basicAuthUsername - - name: KAFKA_MANAGER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "kafka-manager.fullname" . }} - key: basicAuthPassword - livenessProbe: - exec: - command: - - /bin/sh - - -c - - wget localhost:9000/kafkamanager/api/health 2>&1 | grep -q 401 || exit 1 - readinessProbe: - exec: - command: - - /bin/sh - - -c - - wget localhost:9000/kafkamanager/api/health 2>&1 | grep -q 401 || exit 1 - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/charts/kafka-manager/templates/ingress.yaml b/charts/kafka-manager/templates/ingress.yaml deleted file mode 100644 index db1d8456..00000000 --- a/charts/kafka-manager/templates/ingress.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "kafka-manager.fullname" . -}} -{{- $path := .Values.ingress.path -}} -{{- $hosts := .Values.ingress.hosts -}} -{{- $svcPort := .Values.service.port -}} -{{- $pathType := .Values.ingress.pathType -}} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: -{{ include "kafka-manager.labels" . | indent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if and .Values.ingress.tls (not .Values.disable_tls) }} - tls: - - hosts: - {{- range $hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .Values.ingress.tls.secretName }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - - path: {{ $path | quote }} - {{- if and $pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/kafka-manager/templates/job.yaml b/charts/kafka-manager/templates/job.yaml deleted file mode 100644 index 7b8c255c..00000000 --- a/charts/kafka-manager/templates/job.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.clusters -}} -{{- $scriptHash := include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | trunc 8 -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "kafka-manager.bootstrap.fullname" . }}-{{ $scriptHash }}" - labels: -{{ include "kafka-manager.labels" . | indent 4 }} -spec: - template: - metadata: - labels: - app: {{ template "kafka-manager.name" . }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "kafka-manager.serviceAccountName" . }} - restartPolicy: OnFailure - volumes: - - name: script-volume - configMap: - name: {{ template "kafka-manager.bootstrap.fullname" . }} - defaultMode: 0744 - containers: - - name: {{ .Chart.Name }}-bootstrap - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/usr/local/script/addClusters.sh"] - env: - - name: KAFKA_MANAGER_AUTH_ENABLED - value: {{ .Values.basicAuth.enabled | quote }} - - name: KAFKA_MANAGER_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "kafka-manager.fullname" . }} - key: basicAuthUsername - - name: KAFKA_MANAGER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "kafka-manager.fullname" . }} - key: basicAuthPassword - volumeMounts: - - name: script-volume - mountPath: "/usr/local/script" - backoffLimit: 20 -{{- end -}} diff --git a/charts/kafka-manager/templates/secrets.yaml b/charts/kafka-manager/templates/secrets.yaml deleted file mode 100644 index 9e3d6cf6..00000000 --- a/charts/kafka-manager/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kafka-manager.fullname" . }} - labels: -{{ include "kafka-manager.labels" . | indent 4 }} -type: Opaque -data: - {{ if .Values.applicationSecret }} - applicationSecret: {{ .Values.applicationSecret | b64enc | quote }} - {{ else }} - applicationSecret: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} - basicAuthUsername: {{ .Values.basicAuth.username | b64enc | quote }} - {{ if .Values.basicAuth.password }} - basicAuthPassword: {{ .Values.basicAuth.password | b64enc | quote }} - {{ else }} - basicAuthPassword: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} diff --git a/charts/kafka-manager/templates/service.yaml b/charts/kafka-manager/templates/service.yaml deleted file mode 100644 index d7a054ac..00000000 --- a/charts/kafka-manager/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kafka-manager.fullname" . }} - labels: -{{ include "kafka-manager.labels" . | indent 4 }} -{{- with .Values.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - name: kafka-manager - port: {{ .Values.service.port }} - targetPort: kafka-manager - protocol: TCP - selector: - app: {{ template "kafka-manager.name" . }} - release: {{ .Release.Name }} diff --git a/charts/kafka-manager/templates/serviceaccount.yaml b/charts/kafka-manager/templates/serviceaccount.yaml deleted file mode 100644 index 86c851f2..00000000 --- a/charts/kafka-manager/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: -{{ include "kafka-manager.labels" . | indent 4 }} - name: {{ template "kafka-manager.serviceAccountName" . }} -{{- end }} diff --git a/charts/kafka-manager/values.yaml b/charts/kafka-manager/values.yaml deleted file mode 100644 index b46bd34a..00000000 --- a/charts/kafka-manager/values.yaml +++ /dev/null @@ -1,169 +0,0 @@ -# ------------------------------------------------------------------------------ -# Kafka Manager: -# ------------------------------------------------------------------------------ - -## Service account configuration -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - create: true - ## Define serviceAccount name. Defaults to fully qualified name or "default" - ## when create is false - ## - name: "" - -## Clusters to be added through the kafka-manager api -## -clusters: - ## Name of your cluster - # - name: "default" - - ## Cluster zookeeper hosts. It will default to the - ## Kafka-manager zookeeper hosts if not specified - ## - # zkHosts: "" - - ## The following parameters can be configured for your cluster. - ## See '_helpers.tpl' for the default values - ## - # kafkaVersion: "" - # jmxEnabled: "" - # jmxUser: "" - # jmxPass: "" - # jmxSsl: "" - # logkafkaEnabled: "" - # pollConsumers: "" - # filterConsumers: "" - # activeOffsetCacheEnabled: "" - # displaySizeEnabled: "" - # securityProtocol: "" - - ## Additional cluster tunning. It is mandatory that this value exists, - ## even if it's empty '{}'. - ## - # tuning: {} - # brokerViewUpdatePeriodSeconds: - # clusterManagerThreadPoolSize: - # clusterManagerThreadPoolQueueSize: - # kafkaCommandThreadPoolSize: - # kafkaCommandThreadPoolQueueSize: - # logkafkaCommandThreadPoolSize: - # logkafkaCommandThreadPoolQueueSize: - # logkafkaUpdatePeriodSeconds: - # partitionOffsetCacheTimeoutSecs: - # brokerViewThreadPoolSize: - # brokerViewThreadPoolQueueSize: - # offsetCacheThreadPoolSize: - # offsetCacheThreadPoolQueueSize: - # kafkaAdminClientThreadPoolSize: - # kafkaAdminClientThreadPoolQueueSize: - # kafkaManagedOffsetMetadataCheckMillis: - # kafkaManagedOffsetGroupCacheSize: - # kafkaManagedOffsetGroupExpireDays: - -## Application secret. Defaults to a random 10-character alphanumeric string -## -applicationSecret: "" - -## Basic Auth configuration -## -basicAuth: - enabled: false - username: "admin" - ## Defaults to a random 10-character alphanumeric string if not set - ## - password: "" - -## Java runtime options. Passed through the JAVA_OPTS environmental variable -## -javaOptions: "" - -## Service configuration -## Ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - type: ClusterIP - port: 9000 - annotations: {} - -## Pod resource requests and limits -## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: -# limits: -# cpu: 100m -# memory: 128Mi - requests: - cpu: 100m - memory: 400Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -# ------------------------------------------------------------------------------ -# Zookeeper: -# ------------------------------------------------------------------------------ - -zookeeper: - enabled: false - - ## Environmental variables to set in Zookeeper - ## - env: - ## The JVM heap size to allocate to Zookeeper - ZK_HEAP_SIZE: "1G" - - ## Configure Zookeeper persistence - persistence: - enabled: false - - -## Kafka-manager zookeeper hosts. Default to localhost:2181 or -## the bundled zookeeper chart service url if enabled (see below). -## This value can be a template -## -zkHosts: cp-zookeeper:2181 - -## Specs for the Kafka-manager image -## -image: - repository: radarbase/kafka-manager - # -- Overrides the image tag whose default is the chart appVersion. - tag: - pullPolicy: IfNotPresent - -# -- Docker registry secret names as an array -imagePullSecrets: [] - -# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP) -disable_tls: false - -ingress: - # -- Enable ingress controller resource - enabled: true - # -- Annotations that define default ingress class, certificate issuer - # @default -- check values.yaml - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod - # -- Path within the url structure - path: /kafkamanager/ - pathType: ImplementationSpecific - # -- Hosts to accept requests from - hosts: - - localhost - tls: - # -- TLS Secret Name - secretName: radar-base-tls diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index e00b71e8..138c540e 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts - version: 58.1.3 -digest: sha256:e483db8cb0bfece920d0849f4459b7dd10a5a569ec64e7996f0d42de2067daee -generated: "2024-04-22T11:55:48.617987562+02:00" + version: 65.3.2 +digest: sha256:e3ae65405e1a40db4fabd37d95aae1f7a9b808c3a96749b11ab95d1dd93d59e6 +generated: "2024-10-22T12:53:26.343866808+02:00" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 8f1b8799..0c177bbd 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -1,13 +1,13 @@ apiVersion: v2 -appVersion: "0.73.1" +appVersion: "v0.77.1" description: A Helm chart for Prometheus operator stack. This chart is an overlay for original kube-prometheus-stack chart. It defines some the default values for namespaces to monitor, alert templates, Nginx configuration and authentication and a few extra charts for Grafana. For more details on how to customize those values refer to original chart. name: kube-prometheus-stack -version: 0.4.3 +version: 0.4.4 sources: ["https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack"] deprecated: false type: application home: "https://prometheus-operator.dev" dependencies: - name: kube-prometheus-stack - version: 58.1.3 + version: 65.3.2 repository: https://prometheus-community.github.io/helm-charts diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index 92f69c40..679b1ee3 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -3,7 +3,7 @@ # kube-prometheus-stack [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kube-prometheus-stack)](https://artifacthub.io/packages/helm/radar-base/kube-prometheus-stack) -![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.73.1](https://img.shields.io/badge/AppVersion-0.73.1-informational?style=flat-square) +![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.77.1](https://img.shields.io/badge/AppVersion-v0.77.1-informational?style=flat-square) A Helm chart for Prometheus operator stack. This chart is an overlay for original kube-prometheus-stack chart. It defines some the default values for namespaces to monitor, alert templates, Nginx configuration and authentication and a few extra charts for Grafana. For more details on how to customize those values refer to original chart. @@ -23,4 +23,4 @@ A Helm chart for Prometheus operator stack. This chart is an overlay for origina | Repository | Name | Version | |------------|------|---------| -| https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 58.1.3 | +| https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 65.3.2 | diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-58.1.3.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-58.1.3.tgz deleted file mode 100644 index dc7cc203..00000000 Binary files a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-58.1.3.tgz and /dev/null differ diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-65.3.2.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-65.3.2.tgz new file mode 100644 index 00000000..a547477b Binary files /dev/null and b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-65.3.2.tgz differ diff --git a/charts/kube-prometheus-stack/files/nginx.json b/charts/kube-prometheus-stack/files/nginx.json index 8679720b..69ab5ce8 100644 --- a/charts/kube-prometheus-stack/files/nginx.json +++ b/charts/kube-prometheus-stack/files/nginx.json @@ -1,9 +1,61 @@ { + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.4.3" + }, + { + "type": "panel", + "id": "heatmap", + "name": "Heatmap", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], "annotations": { "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -11,7 +63,10 @@ "type": "dashboard" }, { - "datasource": "Prometheus", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "enable": true, "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", "hide": false, @@ -28,68 +83,75 @@ ] }, "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 16, - "iteration": 1561476310789, + "id": null, "links": [], "panels": [ { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - { - "name": "range to text", - "value": 2 - } - ], + "overrides": [] + }, + "id": 20, "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "tableColumn": "", + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", "format": "time_series", "intervalFactor": 1, @@ -97,36 +159,47 @@ "step": 4 } ], - "thresholds": "", "title": "Controller Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" + "type": "stat" }, { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] }, "gridPos": { "h": 3, @@ -135,44 +208,31 @@ "y": 0 }, "id": 82, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "tableColumn": "", + "pluginVersion": "10.4.3", "targets": [ { - "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",state=\"active\"}[2m]))", "format": "time_series", "instant": false, "intervalFactor": 1, @@ -180,36 +240,51 @@ "step": 4 } ], - "thresholds": "", "title": "Controller Connections", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" + "type": "stat" }, { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 95 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 99 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] }, "gridPos": { "h": 3, @@ -218,43 +293,30 @@ "y": 0 }, "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "tableColumn": "", + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", "format": "time_series", "intervalFactor": 1, @@ -262,37 +324,48 @@ "step": 4 } ], - "thresholds": "95, 99, 99.5", "title": "Controller Success Rate (non-4|5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" + "type": "stat" }, { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "decimals": 0, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] }, "gridPos": { "h": 3, @@ -301,82 +374,80 @@ "y": 0 }, "id": 81, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "tableColumn": "", + "pluginVersion": "10.4.3", "targets": [ { - "expr": "avg(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"})", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "avg(irate(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[1m])) * 60", "format": "time_series", - "instant": true, + "instant": false, "intervalFactor": 1, "refId": "A", "step": 4 } ], - "thresholds": "", "title": "Config Reloads", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" + "type": "stat" }, { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "decimals": 0, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] }, "gridPos": { "h": 3, @@ -385,43 +456,30 @@ "y": 0 }, "id": 83, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, - "tableColumn": "", + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", "format": "time_series", "instant": true, @@ -430,73 +488,120 @@ "step": 4 } ], - "thresholds": "", "title": "Last Config Failed", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" + "type": "stat" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 3 }, - "height": "200px", "id": 86, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": {}, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, + "options": { + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",exported_namespace=~\"$exported_namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", "format": "time_series", "hide": false, "instant": false, @@ -508,63 +613,135 @@ "step": 10 } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Ingress Request Volume", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "max - istio-proxy" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max - master" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max - prometheus" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, "gridPos": { "h": 7, "w": 12, @@ -572,39 +749,28 @@ "y": 3 }, "id": 87, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": {}, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "pluginVersion": "10.4.3", "targets": [ { - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",exported_namespace=~\"$exported_namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",exported_namespace=~\"$exported_namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", "format": "time_series", "instant": false, "interval": "10s", @@ -615,97 +781,99 @@ "step": 10 } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Ingress Success Rate (non-4|5xx responses)", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 1, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" + }, + "overrides": [] + }, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 10 }, - "height": "200px", "id": 32, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": {}, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false, + "width": 200 + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", "format": "time_series", "instant": false, @@ -717,6 +885,10 @@ "step": 10 }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", "format": "time_series", "hide": false, @@ -728,63 +900,115 @@ "step": 10 } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Network I/O pressure", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "max - istio-proxy" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max - master" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max - prometheus" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + } + ] + }, "gridPos": { "h": 6, "w": 8, @@ -792,36 +1016,29 @@ "y": 10 }, "id": 77, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": {}, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false, + "width": 200 + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", "format": "time_series", "instant": false, @@ -833,100 +1050,95 @@ "step": 10 } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Average Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 3, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "cores", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "line+area" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "transparent", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 10 }, - "height": "", "id": 79, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": {}, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", "targets": [ { - "expr": "sum (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "avg (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", "format": "time_series", "interval": "10s", "intervalFactor": 1, @@ -936,59 +1148,209 @@ "step": 10 } ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt" - } - ], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Average CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "cores", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "This data is real time, independent of dashboard time range", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "ingress" + }, + "properties": [ + { + "id": "displayName", + "value": "Ingress" + }, + { + "id": "unit", + "value": "short" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "P50 Latency" + }, + { + "id": "unit", + "value": "dtdurations" + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "P90 Latency" + }, + { + "id": "unit", + "value": "dtdurations" + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #C" + }, + "properties": [ + { + "id": "displayName", + "value": "P99 Latency" + }, + { + "id": "unit", + "value": "dtdurations" + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #D" + }, + "properties": [ + { + "id": "displayName", + "value": "IN" + }, + { + "id": "unit", + "value": "Bps" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)" + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "unit", + "value": "short" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + }, + { + "id": "custom.hidden", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #E" + }, + "properties": [ + { + "id": "displayName", + "value": "OUT" + }, + { + "id": "unit", + "value": "Bps" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + } + ] + }, "gridPos": { "h": 8, "w": 24, @@ -997,282 +1359,463 @@ }, "hideTimeOverride": false, "id": 75, - "links": [], - "options": {}, - "pageSize": 7, - "repeat": null, - "repeatDirection": "h", - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": true - }, - "styles": [ - { - "alias": "Ingress", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "ingress", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "ops" - }, - { - "alias": "Errors", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": false, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "IN", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - "" + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" + "show": false }, - { - "alias": "OUT", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #G", - "thresholds": [], - "type": "number", - "unit": "Bps" - } - ], + "showHeader": true + }, + "pluginVersion": "10.4.3", + "repeatDirection": "h", "targets": [ { - "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le, ingress))", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ ingress }}", - "refId": "C" + "refId": "A" }, { - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le, ingress))", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ ingress }}", - "refId": "D" + "refId": "B" }, { - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le, ingress))", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_service }}", - "refId": "E" + "refId": "C" }, { - "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (ingress)", "format": "table", "hide": false, "instant": true, "interval": "", "intervalFactor": 1, "legendFormat": "{{ ingress }}", - "refId": "F" + "refId": "D" }, { - "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (ingress)", "format": "table", "instant": true, "intervalFactor": 1, "legendFormat": "{{ ingress }}", - "refId": "G" + "refId": "E" } ], - "timeFrom": null, "title": "Ingress Percentile Response Times and Transfer Rates", - "transform": "table", - "type": "table" - }, - { - "columns": [ + "transformations": [ { - "text": "Current", - "value": "current" + "id": "merge", + "options": { + "reducers": [] + } } ], - "datasource": "Prometheus", - "fontSize": "100%", + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, "gridPos": { - "h": 8, - "w": 24, + "h": 7, + "w": 12, "x": 0, "y": 24 }, - "height": "1024", - "id": 85, - "links": [], - "options": {}, - "pageSize": 7, - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": false - }, - "styles": [ + "hideTimeOverride": false, + "id": 91, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.3.4", + "repeatDirection": "h", + "targets": [ { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "histogram_quantile(0.80, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "P80", + "refId": "C" }, { - "alias": "TTL", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Current", - "thresholds": [ - "0", - "691200" - ], - "type": "number", - "unit": "s" + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "P90", + "refId": "D" }, { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "P99", + "refId": "E" + } + ], + "title": "Ingress Percentile Response Times (Ingress Namespaces)", + "type": "timeseries" + }, + { + "cards": {}, + "color": { + "cardColor": "#b4ff00", + "colorScale": "sqrt", + "colorScheme": "interpolateWarm", + "exponent": 0.5, + "mode": "spectrum" + }, + "dataFormat": "tsbuckets", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "scaleDistribution": { + "type": "linear" + } + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 24 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 89, + "legend": { + "show": true + }, + "options": { + "calculate": false, + "calculation": {}, + "cellGap": 2, + "cellValues": {}, + "color": { + "exponent": 0.5, + "fill": "#b4ff00", + "mode": "scheme", + "reverse": false, + "scale": "exponential", + "scheme": "Warm", + "steps": 128 + }, + "exemplars": { + "color": "rgba(255,0,255,0.7)" + }, + "filterValues": { + "le": 1e-9 + }, + "legend": { + "show": true + }, + "rowsFrame": { + "layout": "auto" + }, + "showValue": "never", + "tooltip": { + "mode": "single", + "showColorScale": false, + "yHistogram": true + }, + "yAxis": { + "axisPlacement": "left", + "reverse": false, + "unit": "s" + } + }, + "pluginVersion": "10.4.3", + "reverseYBuckets": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\",exported_namespace=~\"$exported_namespace\"}[2m])) by (le)", + "format": "heatmap", + "interval": "", + "legendFormat": "{{le}}", + "refId": "A" } ], + "title": "Ingress Request Latency Heatmap (Ingress Namespaces)", + "tooltip": { + "show": true, + "showHistogram": true + }, + "type": "heatmap", + "xAxis": { + "show": true + }, + "yAxis": { + "format": "s", + "logBase": 1, + "show": true + }, + "yBucketBound": "auto" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "decimals": 2, + "displayName": "", + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Last *" + }, + "properties": [ + { + "id": "displayName", + "value": "TTL" + }, + { + "id": "unit", + "value": "s" + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-background" + } + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 691200 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Field" + }, + "properties": [ + { + "id": "displayName", + "value": "Host" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 85, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", "format": "time_series", "intervalFactor": 1, @@ -1283,25 +1826,54 @@ } ], "title": "Ingress Certificate Expiry", - "transform": "timeseries_aggregations", + "transformations": [ + { + "id": "reduce", + "options": { + "includeTimeField": false, + "labelsToFields": false, + "reducers": [ + "lastNotNull" + ] + } + } + ], "type": "table" } ], "refresh": "5s", - "schemaVersion": 18, - "style": "dark", + "schemaVersion": 39, "tags": [ "nginx" ], "templating": { "list": [ { - "allValue": ".*", "current": { - "text": "All", - "value": "$__all" + "selected": false, + "text": "Prometheus", + "value": "${DS_PROMETHEUS}" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" }, - "datasource": "Prometheus", "definition": "", "hide": 0, "includeAll": true, @@ -1315,18 +1887,17 @@ "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" }, - "datasource": "Prometheus", "definition": "", "hide": 0, "includeAll": true, @@ -1340,18 +1911,17 @@ "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" }, - "datasource": "Prometheus", "definition": "", "hide": 0, "includeAll": true, @@ -1363,20 +1933,43 @@ "refresh": 1, "regex": "", "skipUrlSync": false, - "sort": 0, + "sort": 1, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Ingress Namespace", + "multi": false, + "name": "exported_namespace", + "options": [], + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\"}, exported_namespace) ", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" }, - "datasource": "Prometheus", "definition": "", "hide": 0, "includeAll": true, @@ -1384,13 +1977,12 @@ "multi": false, "name": "ingress", "options": [], - "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller=~\"$controller\"}, ingress) ", + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\",exported_namespace=~\"$exported_namespace\"}, ingress) ", "refresh": 1, "regex": "", "skipUrlSync": false, - "sort": 2, + "sort": 1, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false @@ -1429,5 +2021,6 @@ "timezone": "browser", "title": "NGINX Ingress controller", "uid": "nginx", - "version": 1 + "version": 1, + "weekStart": "" } diff --git a/charts/kube-prometheus-stack/files/request-handling-performance.json b/charts/kube-prometheus-stack/files/request-handling-performance.json new file mode 100644 index 00000000..cde79638 --- /dev/null +++ b/charts/kube-prometheus-stack/files/request-handling-performance.json @@ -0,0 +1,986 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.4.3" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 9614, + "graphTooltip": 1, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total time for NGINX and upstream servers to process a request and send a response", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 91, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "interval": "", + "legendFormat": ".5", + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "title": "Request Latency Percentiles", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "The time spent on receiving the response from the upstream server", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 94, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": ".5", + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "title": "Upstream Response Latency Percentiles", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "id": 93, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": " sum by (method, host, path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ method }} {{ host }}{{path }}", + "refId": "A" + } + ], + "title": "Request Rate by Method and Path", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "For each path observed, its median upstream response time", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 98, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "histogram_quantile(\n .5,\n sum by (le, method, host, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[5m]\n )\n )\n)", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ method }} {{ host }}{{path }}", + "refId": "A" + } + ], + "title": "Median Upstream Response Time by Method and Path", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Percentage of 4xx and 5xx responses among all responses.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "id": 100, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by (method, host, path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~ \"[4-5].*\"\n}[5m])) / sum by (method, host, path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n}[5m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ method }} {{ host }}{{path }}", + "refId": "A" + } + ], + "title": "Response Error Rate by Method and Path", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "For each path observed, the sum of upstream request time", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "id": 102, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum by (method, host, path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress =~ \"$ingress\"}[5m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ method }} {{ host }}{{path }}", + "refId": "A" + } + ], + "title": "Upstream Response Time by Method and Path", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "id": 101, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[5m]\n )\n ) by(method, host, path, status)\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ method }} {{ host }}{{path }} {{ status }}", + "refId": "A" + } + ], + "title": "Response Error Rate by Method and Path", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 24 + }, + "id": 99, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[5m]\n )\n) by (method, host, path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[5m]\n )\n) by (method, host, path)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ method }} {{ host }}{{path }}", + "refId": "D" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n ingress =~ \"$ingress\",\n }[5m])) by (le)\n", + "hide": true, + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "title": "Average Response Size by Method and Path", + "type": "timeseries" + } + ], + "refresh": "30s", + "schemaVersion": 39, + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "${DS_PROMETHEUS}" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(nginx_ingress_controller_requests, ingress) ", + "hide": 0, + "includeAll": true, + "label": "Service Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": { + "query": "label_values(nginx_ingress_controller_requests, ingress) ", + "refId": "Prometheus-ingress-Variable-Query" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Request Handling Performance", + "uid": "4GFbkOsZk", + "version": 1, + "weekStart": "" +} diff --git a/charts/kube-prometheus-stack/values-defaults.yaml b/charts/kube-prometheus-stack/values-defaults.yaml index 23b8d57d..3d7e3de7 100644 --- a/charts/kube-prometheus-stack/values-defaults.yaml +++ b/charts/kube-prometheus-stack/values-defaults.yaml @@ -1,1828 +1,2055 @@ -kube-prometheus-stack: - # Default values for kube-prometheus-stack. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. +# Default values for kube-prometheus-stack. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +## Provide a name in place of kube-prometheus-stack for `app:` labels +## +nameOverride: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6 +## +kubeTargetVersionOverride: "" + +## Allow kubeVersion to be overridden while creating the ingress +## +kubeVersionOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +## Install Prometheus Operator CRDs +## +crds: + enabled: true + +## custom Rules to override "for" and "severity" in defaultRules +## +customRules: {} + # AlertmanagerFailedReload: + # for: 3m + # AlertmanagerMembersInconsistent: + # for: 5m + # severity: "warning" + +## Create default rules for monitoring the cluster +## +defaultRules: + create: true + rules: + alertmanager: true + etcd: true + configReloaders: true + general: true + k8sContainerCpuUsageSecondsTotal: true + k8sContainerMemoryCache: true + k8sContainerMemoryRss: true + k8sContainerMemorySwap: true + k8sContainerResource: true + k8sContainerMemoryWorkingSetBytes: true + k8sPodOwner: true + kubeApiserverAvailability: true + kubeApiserverBurnrate: true + kubeApiserverHistogram: true + kubeApiserverSlos: true + kubeControllerManager: true + kubelet: true + kubeProxy: true + kubePrometheusGeneral: true + kubePrometheusNodeRecording: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeSchedulerAlerting: true + kubeSchedulerRecording: true + kubeStateMetrics: true + network: true + node: true + nodeExporterAlerting: true + nodeExporterRecording: true + prometheus: true + prometheusOperator: true + windows: true + + ## Reduce app namespace alert scope + appNamespacesTarget: ".*" + + ## Set keep_firing_for for all alerts + keepFiringFor: "" + + ## Labels for default rules + labels: {} + ## Annotations for default rules + annotations: {} + + ## Additional labels for PrometheusRule alerts + additionalRuleLabels: {} + + ## Additional annotations for PrometheusRule alerts + additionalRuleAnnotations: {} + + ## Additional labels for specific PrometheusRule alert groups + additionalRuleGroupLabels: + alertmanager: {} + etcd: {} + configReloaders: {} + general: {} + k8sContainerCpuUsageSecondsTotal: {} + k8sContainerMemoryCache: {} + k8sContainerMemoryRss: {} + k8sContainerMemorySwap: {} + k8sContainerResource: {} + k8sPodOwner: {} + kubeApiserverAvailability: {} + kubeApiserverBurnrate: {} + kubeApiserverHistogram: {} + kubeApiserverSlos: {} + kubeControllerManager: {} + kubelet: {} + kubeProxy: {} + kubePrometheusGeneral: {} + kubePrometheusNodeRecording: {} + kubernetesApps: {} + kubernetesResources: {} + kubernetesStorage: {} + kubernetesSystem: {} + kubeSchedulerAlerting: {} + kubeSchedulerRecording: {} + kubeStateMetrics: {} + network: {} + node: {} + nodeExporterAlerting: {} + nodeExporterRecording: {} + prometheus: {} + prometheusOperator: {} + + ## Additional annotations for specific PrometheusRule alerts groups + additionalRuleGroupAnnotations: + alertmanager: {} + etcd: {} + configReloaders: {} + general: {} + k8sContainerCpuUsageSecondsTotal: {} + k8sContainerMemoryCache: {} + k8sContainerMemoryRss: {} + k8sContainerMemorySwap: {} + k8sContainerResource: {} + k8sPodOwner: {} + kubeApiserverAvailability: {} + kubeApiserverBurnrate: {} + kubeApiserverHistogram: {} + kubeApiserverSlos: {} + kubeControllerManager: {} + kubelet: {} + kubeProxy: {} + kubePrometheusGeneral: {} + kubePrometheusNodeRecording: {} + kubernetesApps: {} + kubernetesResources: {} + kubernetesStorage: {} + kubernetesSystem: {} + kubeSchedulerAlerting: {} + kubeSchedulerRecording: {} + kubeStateMetrics: {} + network: {} + node: {} + nodeExporterAlerting: {} + nodeExporterRecording: {} + prometheus: {} + prometheusOperator: {} + + additionalAggregationLabels: [] + + ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules. + runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks" + + node: + fsSelector: 'fstype!=""' + # fsSelector: 'fstype=~"ext[234]|btrfs|xfs|zfs"' + + ## Disabled PrometheusRule alerts + disabled: {} + # KubeAPIDown: true + # NodeRAIDDegraded: true + +## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. +## +# additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRulesMap: {} +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## +global: + rbac: + create: true + + ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles + createAggregateClusterRoles: false + pspEnabled: false + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - ## Provide a name in place of kube-prometheus-stack for `app:` labels + ## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...) ## - nameOverride: "" + imageRegistry: "" - ## Override the deployment namespace + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## - namespaceOverride: "" + imagePullSecrets: [] + # - name: "image-pull-secret" + # or + # - "image-pull-secret" + +windowsMonitoring: + ## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter') + enabled: false + +## Configuration for prometheus-windows-exporter +## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter +## +prometheus-windows-exporter: + ## Enable ServiceMonitor and set Kubernetes label to use as a job label + ## + prometheus: + monitor: + enabled: true + jobLabel: jobLabel - ## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6 + releaseLabel: true + + ## Set job label to 'windows-exporter' as required by the default Prometheus rules and Grafana dashboards ## - kubeTargetVersionOverride: "" + podLabels: + jobLabel: windows-exporter - ## Allow kubeVersion to be overridden while creating the ingress + ## Enable memory and container metrics as required by the default Prometheus rules and Grafana dashboards ## - kubeVersionOverride: "" + config: |- + collectors: + enabled: '[defaults],memory,container' + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: - ## Provide a name to substitute for the full names of resources + ## Deploy alertmanager ## - fullnameOverride: "" + enabled: true - ## Labels to apply to all resources + ## Annotations for Alertmanager ## - commonLabels: {} - # scmhash: abc123 - # myLabel: aakkmd + annotations: {} - ## Install Prometheus Operator CRDs + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 ## - crds: - enabled: true + apiVersion: v2 - ## custom Rules to override "for" and "severity" in defaultRules + ## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features. ## - customRules: {} - # AlertmanagerFailedReload: - # for: 3m - # AlertmanagerMembersInconsistent: - # for: 5m - # severity: "warning" + enableFeatures: [] - ## Create default rules for monitoring the cluster + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## - defaultRules: + serviceAccount: create: true - rules: - alertmanager: true - etcd: true - configReloaders: true - general: true - k8sContainerCpuUsageSecondsTotal: true - k8sContainerMemoryCache: true - k8sContainerMemoryRss: true - k8sContainerMemorySwap: true - k8sContainerResource: true - k8sContainerMemoryWorkingSetBytes: true - k8sPodOwner: true - kubeApiserverAvailability: true - kubeApiserverBurnrate: true - kubeApiserverHistogram: true - kubeApiserverSlos: true - kubeControllerManager: true - kubelet: true - kubeProxy: true - kubePrometheusGeneral: true - kubePrometheusNodeRecording: true - kubernetesApps: true - kubernetesResources: true - kubernetesStorage: true - kubernetesSystem: true - kubeSchedulerAlerting: true - kubeSchedulerRecording: true - kubeStateMetrics: true - network: true - node: true - nodeExporterAlerting: true - nodeExporterRecording: true - prometheus: true - prometheusOperator: true - windows: true - - ## Reduce app namespace alert scope - appNamespacesTarget: ".*" - - ## Set keep_firing_for for all alerts - keepFiringFor: "" - - ## Labels for default rules - labels: {} - ## Annotations for default rules + name: "" annotations: {} + automountServiceAccountToken: true - ## Additional labels for PrometheusRule alerts - additionalRuleLabels: {} - - ## Additional annotations for PrometheusRule alerts - additionalRuleAnnotations: {} - - ## Additional labels for specific PrometheusRule alert groups - additionalRuleGroupLabels: - alertmanager: {} - etcd: {} - configReloaders: {} - general: {} - k8sContainerCpuUsageSecondsTotal: {} - k8sContainerMemoryCache: {} - k8sContainerMemoryRss: {} - k8sContainerMemorySwap: {} - k8sContainerResource: {} - k8sPodOwner: {} - kubeApiserverAvailability: {} - kubeApiserverBurnrate: {} - kubeApiserverHistogram: {} - kubeApiserverSlos: {} - kubeControllerManager: {} - kubelet: {} - kubeProxy: {} - kubePrometheusGeneral: {} - kubePrometheusNodeRecording: {} - kubernetesApps: {} - kubernetesResources: {} - kubernetesStorage: {} - kubernetesSystem: {} - kubeSchedulerAlerting: {} - kubeSchedulerRecording: {} - kubeStateMetrics: {} - network: {} - node: {} - nodeExporterAlerting: {} - nodeExporterRecording: {} - prometheus: {} - prometheusOperator: {} - - ## Additional annotations for specific PrometheusRule alerts groups - additionalRuleGroupAnnotations: - alertmanager: {} - etcd: {} - configReloaders: {} - general: {} - k8sContainerCpuUsageSecondsTotal: {} - k8sContainerMemoryCache: {} - k8sContainerMemoryRss: {} - k8sContainerMemorySwap: {} - k8sContainerResource: {} - k8sPodOwner: {} - kubeApiserverAvailability: {} - kubeApiserverBurnrate: {} - kubeApiserverHistogram: {} - kubeApiserverSlos: {} - kubeControllerManager: {} - kubelet: {} - kubeProxy: {} - kubePrometheusGeneral: {} - kubePrometheusNodeRecording: {} - kubernetesApps: {} - kubernetesResources: {} - kubernetesStorage: {} - kubernetesSystem: {} - kubeSchedulerAlerting: {} - kubeSchedulerRecording: {} - kubeStateMetrics: {} - network: {} - node: {} - nodeExporterAlerting: {} - nodeExporterRecording: {} - prometheus: {} - prometheusOperator: {} - - additionalAggregationLabels: [] - - ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules. - runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks" - - ## Disabled PrometheusRule alerts - disabled: {} - # KubeAPIDown: true - # NodeRAIDDegraded: true - - ## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. - ## - # additionalPrometheusRules: [] - # - name: my-rule-file - # groups: - # - name: my_group - # rules: - # - record: my_record - # expr: 100 * my_record - - ## Provide custom recording or alerting rules to be deployed into the cluster. + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget ## - additionalPrometheusRulesMap: {} - # rule-name: - # groups: - # - name: my_group - # rules: - # - record: my_record - # expr: 100 * my_record + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + ## Alertmanager configuration directives + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ ## - global: - rbac: - create: true - - ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs - ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles - createAggregateClusterRoles: false - pspEnabled: false - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + config: + global: + resolve_timeout: 5m + inhibit_rules: + - source_matchers: + - 'severity = critical' + target_matchers: + - 'severity =~ warning|info' + equal: + - 'namespace' + - 'alertname' + - source_matchers: + - 'severity = warning' + target_matchers: + - 'severity = info' + equal: + - 'namespace' + - 'alertname' + - source_matchers: + - 'alertname = InfoInhibitor' + target_matchers: + - 'severity = info' + equal: + - 'namespace' + - target_matchers: + - 'alertname = InfoInhibitor' + route: + group_by: ['namespace'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'null' + routes: + - receiver: 'null' + matchers: + - alertname = "Watchdog" + receivers: + - name: 'null' + templates: + - '/etc/alertmanager/config/*.tmpl' + + ## Alertmanager configuration directives (as string type, preferred over the config hash map) + ## stringConfig will be used only, if tplConfig is true + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ + ## + stringConfig: "" + + ## Pass the Alertmanager configuration directives through Helm's templating + ## engine. If the Alertmanager configuration contains Alertmanager templates, + ## they'll need to be properly escaped so that they are not interpreted by + ## Helm + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + ## https://prometheus.io/docs/alerting/configuration/#tmpl_string + ## https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + tplConfig: false + + ## Alertmanager template files to format alerts + ## By default, templateFiles are placed in /etc/alertmanager/config/ and if + ## they have a .tmpl file suffix will be loaded. See config.templates above + ## to change, add other suffixes. If adding other suffixes, be sure to update + ## config.templates above to include those suffixes. + ## ref: https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + ## + templateFiles: {} + # + ## An example template: + # template_1.tmpl: |- + # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }} + # + # {{ define "slack.myorg.text" }} + # {{- $root := . -}} + # {{ range .Alerts }} + # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}` + # *Cluster:* {{ template "cluster" $root }} + # *Description:* {{ .Annotations.description }} + # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:> + # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:> + # *Details:* + # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}` + # {{ end }} + # {{ end }} + # {{ end }} + + ingress: + enabled: false - ## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...) + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + + labels: {} + + ## Override ingress to a different defined port on the service + # servicePort: 8081 + ## Override ingress to a different service then the default, this is useful if you need to + ## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0) + # serviceName: kube-prometheus-stack-alertmanager-0 + + ## Hosts must be provided if Ingress is enabled. ## - imageRegistry: "" + hosts: [] + # - alertmanager.domain.com - ## Reference to one or more secrets to be used when pulling images - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix ## - imagePullSecrets: [] - # - name: "image-pull-secret" - # or - # - "image-pull-secret" + paths: [] + # - / - windowsMonitoring: - ## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter') - enabled: false + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific - ## Configuration for prometheus-windows-exporter - ## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter - ## - prometheus-windows-exporter: - ## Enable ServiceMonitor and set Kubernetes label to use as a job label + ## TLS configuration for Alertmanager Ingress + ## Secret must be manually created in the namespace ## - prometheus: - monitor: - enabled: true - jobLabel: jobLabel + tls: [] + # - secretName: alertmanager-general-tls + # hosts: + # - alertmanager.example.com + + ## Configuration for Alertmanager secret + ## + secret: + annotations: {} + + ## Configuration for creating an Ingress that will map to each Alertmanager replica service + ## alertmanager.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false - releaseLabel: true + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx - ## Set job label to 'windows-exporter' as required by the default Prometheus rules and Grafana dashboards + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} ## - podLabels: - jobLabel: windows-exporter + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" - ## Enable memory and container metrics as required by the default Prometheus rules and Grafana dashboards + ## Paths to use for ingress rules ## - config: |- - collectors: - enabled: '[defaults],memory,container' + paths: [] + # - / - ## Configuration for alertmanager - ## ref: https://prometheus.io/docs/alerting/alertmanager/ - ## - alertmanager: + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific - ## Deploy alertmanager - ## - enabled: true + ## Secret name containing the TLS certificate for alertmanager per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" - ## Annotations for Alertmanager + ## Separated secret for each per replica Ingress. Can be used together with cert-manager ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "alertmanager" + + ## Configuration for Alertmanager service + ## + service: annotations: {} + labels: {} + clusterIP: "" + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" - ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 + ## Port for Alertmanager Service to listen on + ## + port: 9093 + ## To be used with a proxy extraContainer port + ## + targetPort: 9093 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30903 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## - apiVersion: v2 - ## Service account for Alertmanager to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## Additional ports to open for Alertmanager service ## - serviceAccount: - create: true - name: "" - annotations: {} - automountServiceAccountToken: true + additionalPorts: [] + # - name: oauth-proxy + # port: 8081 + # targetPort: 8081 + # - name: oauth-metrics + # port: 8082 + # targetPort: 8082 + + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster - ## Configure pod disruption budgets for Alertmanager - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## If you want to make sure that connections from a particular client are passed to the same Pod each time + ## Accepts 'ClientIP' or 'None' ## - podDisruptionBudget: - enabled: false - minAvailable: 1 - maxUnavailable: "" - - ## Alertmanager configuration directives - ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file - ## https://prometheus.io/webtools/alerting/routing-tree-editor/ - ## - config: - global: - resolve_timeout: 5m - inhibit_rules: - - source_matchers: - - 'severity = critical' - target_matchers: - - 'severity =~ warning|info' - equal: - - 'namespace' - - 'alertname' - - source_matchers: - - 'severity = warning' - target_matchers: - - 'severity = info' - equal: - - 'namespace' - - 'alertname' - - source_matchers: - - 'alertname = InfoInhibitor' - target_matchers: - - 'severity = info' - equal: - - 'namespace' - - target_matchers: - - 'alertname = InfoInhibitor' - route: - group_by: ['namespace'] - group_wait: 30s - group_interval: 5m - repeat_interval: 12h - receiver: 'null' - routes: - - receiver: 'null' - matchers: - - alertname = "Watchdog" - receivers: - - name: 'null' - templates: - - '/etc/alertmanager/config/*.tmpl' - - ## Alertmanager configuration directives (as string type, preferred over the config hash map) - ## stringConfig will be used only, if tplConfig is true - ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file - ## https://prometheus.io/webtools/alerting/routing-tree-editor/ - ## - stringConfig: "" - - ## Pass the Alertmanager configuration directives through Helm's templating - ## engine. If the Alertmanager configuration contains Alertmanager templates, - ## they'll need to be properly escaped so that they are not interpreted by - ## Helm - ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function - ## https://prometheus.io/docs/alerting/configuration/#tmpl_string - ## https://prometheus.io/docs/alerting/notifications/ - ## https://prometheus.io/docs/alerting/notification_examples/ - tplConfig: false - - ## Alertmanager template files to format alerts - ## By default, templateFiles are placed in /etc/alertmanager/config/ and if - ## they have a .tmpl file suffix will be loaded. See config.templates above - ## to change, add other suffixes. If adding other suffixes, be sure to update - ## config.templates above to include those suffixes. - ## ref: https://prometheus.io/docs/alerting/notifications/ - ## https://prometheus.io/docs/alerting/notification_examples/ - ## - templateFiles: {} - # - ## An example template: - # template_1.tmpl: |- - # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }} - # - # {{ define "slack.myorg.text" }} - # {{- $root := . -}} - # {{ range .Alerts }} - # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}` - # *Cluster:* {{ template "cluster" $root }} - # *Description:* {{ .Annotations.description }} - # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:> - # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:> - # *Details:* - # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}` - # {{ end }} - # {{ end }} - # {{ end }} - - ingress: - enabled: false + sessionAffinity: None - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ## If you want to modify the ClientIP sessionAffinity timeout + ## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP" + ## + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 - annotations: {} + ## Service type + ## + type: ClusterIP - labels: {} + ## Configuration for creating a separate Service for each statefulset Alertmanager replica + ## + servicePerReplica: + enabled: false + annotations: {} - ## Override ingress to a different defined port on the service - # servicePort: 8081 - ## Override ingress to a different service then the default, this is useful if you need to - ## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0) - # serviceName: kube-prometheus-stack-alertmanager-0 + ## Port for Alertmanager Service per replica to listen on + ## + port: 9093 - ## Hosts must be provided if Ingress is enabled. - ## - hosts: [] - # - alertmanager.domain.com + ## To be used with a proxy extraContainer port + targetPort: 9093 - ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix - ## - paths: [] - # - / + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30904 - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] - ## TLS configuration for Alertmanager Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: alertmanager-general-tls - # hosts: - # - alertmanager.example.com + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster - ## Configuration for Alertmanager secret + ## Service type ## - secret: - annotations: {} + type: ClusterIP - ## Configuration for creating an Ingress that will map to each Alertmanager replica service - ## alertmanager.servicePerReplica must be enabled + ## Configuration for creating a ServiceMonitor for AlertManager + ## + serviceMonitor: + ## If true, a ServiceMonitor will be created for the AlertManager service. ## - ingressPerReplica: - enabled: false + selfMonitor: true - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - annotations: {} - labels: {} + ## Additional labels + ## + additionalLabels: {} - ## Final form of the hostname for each per replica ingress is - ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} - ## - ## Prefix for the per replica ingress that will have `-$replicaNumber` - ## appended to the end - hostPrefix: "" - ## Domain that will be used for the per replica ingress - hostDomain: "" + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## Paths to use for ingress rules - ## - paths: [] - # - / + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## Secret name containing the TLS certificate for alertmanager per replica ingress - ## Secret must be manually created in the namespace - tlsSecretName: "" + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## Separated secret for each per replica Ingress. Can be used together with cert-manager - ## - tlsSecretPerReplica: - enabled: false - ## Final form of the secret for each per replica ingress is - ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} - ## - prefix: "alertmanager" + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## Configuration for Alertmanager service + ## proxyUrl: URL of a proxy that should be used for scraping. ## - service: - annotations: {} - labels: {} - clusterIP: "" + proxyUrl: "" - ## Port for Alertmanager Service to listen on - ## - port: 9093 - ## To be used with a proxy extraContainer port - ## - targetPort: 9093 - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30903 - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" - ## Additional ports to open for Alertmanager service - ## - additionalPorts: [] - # - name: oauth-proxy - # port: 8081 - # targetPort: 8081 - # - name: oauth-metrics - # port: 8082 - # targetPort: 8082 - - externalIPs: [] - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## enableHttp2: Whether to enable HTTP2. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + enableHttp2: true - ## If you want to make sure that connections from a particular client are passed to the same Pod each time - ## Accepts 'ClientIP' or 'None' - ## - sessionAffinity: None + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} - ## If you want to modify the ClientIP sessionAffinity timeout - ## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP" - ## - sessionAffinityConfig: - clientIP: - timeoutSeconds: 10800 + bearerTokenFile: - ## Service type - ## - type: ClusterIP + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## Configuration for creating a separate Service for each statefulset Alertmanager replica + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - servicePerReplica: - enabled: false - annotations: {} + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## Port for Alertmanager Service per replica to listen on - ## - port: 9093 + ## Additional Endpoints + ## + additionalEndpoints: [] + # - port: oauth-metrics + # path: /metrics - ## To be used with a proxy extraContainer port - targetPort: 9093 + ## Settings affecting alertmanagerSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerspec + ## + alertmanagerSpec: + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. + ## + podMetadata: {} - ## Port to expose on each node - ## Only used if servicePerReplica.type is 'NodePort' - ## - nodePort: 30904 + ## Image of Alertmanager + ## + image: + registry: quay.io + repository: prometheus/alertmanager + tag: v0.27.0 + sha: "" - ## Loadbalancer source IP ranges - ## Only used if servicePerReplica.type is "LoadBalancer" - loadBalancerSourceRanges: [] + ## If true then the user will be responsible to provide a secret with alertmanager configuration + ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used + ## + useExistingSecret: false - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the + ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + ## + secrets: [] - ## Service type - ## - type: ClusterIP + ## If false then the user will opt out of automounting API credentials. + ## + automountServiceAccountToken: true - ## Configuration for creating a ServiceMonitor for AlertManager + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. + ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. ## - serviceMonitor: - ## If true, a ServiceMonitor will be created for the AlertManager service. - ## - selfMonitor: true + configMaps: [] - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for + ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + ## + # configSecret: - ## Additional labels - ## - additionalLabels: {} + ## WebTLSConfig defines the TLS parameters for HTTPS + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerwebspec + web: {} - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. + ## + alertmanagerConfigSelector: {} + ## Example which selects all alertmanagerConfig resources + ## with label "alertconfig" with values any of "example-config" or "example-config-2" + # alertmanagerConfigSelector: + # matchExpressions: + # - key: alertconfig + # operator: In + # values: + # - example-config + # - example-config-2 + # + ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" + # alertmanagerConfigSelector: + # matchLabels: + # role: example-config - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + ## + alertmanagerConfigNamespaceSelector: {} + ## Example which selects all namespaces + ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" + # alertmanagerConfigNamespaceSelector: + # matchExpressions: + # - key: alertmanagerconfig + # operator: In + # values: + # - example-namespace + # - example-namespace-2 + + ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" + # alertmanagerConfigNamespaceSelector: + # matchLabels: + # alertmanagerconfig: enabled + + ## AlermanagerConfig to be used as top level configuration + ## + alertmanagerConfiguration: {} + ## Example with select a global alertmanagerconfig + # alertmanagerConfiguration: + # name: global-alertmanager-Configuration - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg: + ## + alertmanagerConfigMatcherStrategy: {} + ## Example with use OnNamespace strategy + # alertmanagerConfigMatcherStrategy: + # type: OnNamespace - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## Define Log Format + # Use logfmt (default) or json logging + logFormat: logfmt - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## Log level for Alertmanager to be configured with. + ## + logLevel: info - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the + ## running cluster equal to the expected size. + replicas: 1 - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" + ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression + ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). + ## + retention: 120h - ## enableHttp2: Whether to enable HTTP2. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint - enableHttp2: true + ## Storage is the definition of how storage will be used by the Alertmanager instances. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md + ## + storage: {} + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + + ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false + ## + externalUrl: - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} + ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, + ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. + ## + routePrefix: / - bearerTokenFile: + ## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. + ## + paused: false - ## Additional Endpoints - ## - additionalEndpoints: [] - # - port: oauth-metrics - # path: /metrics + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} - ## Settings affecting alertmanagerSpec - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerspec + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## - alertmanagerSpec: - ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata - ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. - ## - podMetadata: {} + resources: {} + # requests: + # memory: 400Mi - ## Image of Alertmanager - ## - image: - registry: quay.io - repository: prometheus/alertmanager - tag: v0.27.0 - sha: "" + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + ## + podAntiAffinity: "" - ## If true then the user will be responsible to provide a secret with alertmanager configuration - ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used - ## - useExistingSecret: false + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname - ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the - ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - ## - secrets: [] + ## Assign custom affinity rules to the alertmanager instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 - ## If false then the user will opt out of automounting API credentials. - ## - automountServiceAccountToken: true + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" - ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. - ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. - ## - configMaps: [] + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: alertmanager + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault - ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for - ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. - ## - # configSecret: + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. + ## Note this is only for the Alertmanager UI, not the gossip communication. + ## + listenLocal: false - ## WebTLSConfig defines the TLS parameters for HTTPS - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerwebspec - web: {} + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. + ## + containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 + # args: + # - --upstream=http://127.0.0.1:9093 + # - --http-address=0.0.0.0:8081 + # - --metrics-address=0.0.0.0:8082 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # - containerPort: 8082 + # name: oauth-metrics + # protocol: TCP + # resources: {} + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## Priority class assigned to the Pods + ## + priorityClassName: "" - ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. - ## - alertmanagerConfigSelector: {} - ## Example which selects all alertmanagerConfig resources - ## with label "alertconfig" with values any of "example-config" or "example-config-2" - # alertmanagerConfigSelector: - # matchExpressions: - # - key: alertconfig - # operator: In - # values: - # - example-config - # - example-config-2 - # - ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" - # alertmanagerConfigSelector: - # matchLabels: - # role: example-config - - ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. - ## - alertmanagerConfigNamespaceSelector: {} - ## Example which selects all namespaces - ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" - # alertmanagerConfigNamespaceSelector: - # matchExpressions: - # - key: alertmanagerconfig - # operator: In - # values: - # - example-namespace - # - example-namespace-2 - - ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" - # alertmanagerConfigNamespaceSelector: - # matchLabels: - # alertmanagerconfig: enabled - - ## AlermanagerConfig to be used as top level configuration - ## - alertmanagerConfiguration: {} - ## Example with select a global alertmanagerconfig - # alertmanagerConfiguration: - # name: global-alertmanager-Configuration + ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + ## + additionalPeers: [] - ## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg: - ## - alertmanagerConfigMatcherStrategy: {} - ## Example with use OnNamespace strategy - # alertmanagerConfigMatcherStrategy: - # type: OnNamespace + ## PortName to use for Alert Manager. + ## + portName: "http-web" - ## Define Log Format - # Use logfmt (default) or json logging - logFormat: logfmt + ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ## + clusterAdvertiseAddress: false - ## Log level for Alertmanager to be configured with. - ## - logLevel: info + ## clusterGossipInterval determines interval between gossip attempts. + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + clusterGossipInterval: "" - ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the - ## running cluster equal to the expected size. - replicas: 1 + ## clusterPeerTimeout determines timeout for cluster peering. + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + clusterPeerTimeout: "" - ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression - ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). - ## - retention: 120h + ## clusterPushpullInterval determines interval between pushpull attempts. + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + clusterPushpullInterval: "" - ## Storage is the definition of how storage will be used by the Alertmanager instances. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md - ## - storage: {} - # volumeClaimTemplate: - # spec: - # storageClassName: gluster - # accessModes: ["ReadWriteOnce"] - # resources: - # requests: - # storage: 50Gi - # selector: {} - - - ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false - ## - externalUrl: + ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. + clusterLabel: "" - ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, - ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. - ## - routePrefix: / + ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + forceEnableClusterMode: false - ## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" + ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to + ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). + minReadySeconds: 0 - ## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} + ## Additional configuration which is not covered by the properties above. (passed through tpl) + additionalConfig: {} - ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. - ## - paused: false + ## Additional configuration which is not covered by the properties above. + ## Useful, if you need advanced templating inside alertmanagerSpec. + ## Otherwise, use alertmanager.alertmanagerSpec.additionalConfig (passed through tpl) + additionalConfigString: "" - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} + ## ExtraSecret can be used to store various data in an extra secret + ## (use it for example to store hashed basic auth credentials) + extraSecret: + ## if not set, name will be auto generated + # name: "" + annotations: {} + data: {} + # auth: | + # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 + # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. + +## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## +grafana: + enabled: true + namespaceOverride: "" - ## Define resources requests and limits for single Pods. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # requests: - # memory: 400Mi + ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled + ## + forceDeployDatasources: false - ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. - ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. - ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. - ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. - ## - podAntiAffinity: "" + ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled + ## + forceDeployDashboards: false - ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. - ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone - ## - podAntiAffinityTopologyKey: kubernetes.io/hostname + ## Deploy default dashboards + ## + defaultDashboardsEnabled: true - ## Assign custom affinity rules to the alertmanager instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 - # - e2e-az2 + ## Timezone for the default dashboards + ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg + ## + defaultDashboardsTimezone: utc - ## If specified, the pod's tolerations. - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" + ## Editable flag for the default dashboards + ## + defaultDashboardsEditable: true - ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - # labelSelector: - # matchLabels: - # app: alertmanager + adminPassword: prom-operator - ## SecurityContext holds pod-level security attributes and common container settings. - ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 2000 - seccompProfile: - type: RuntimeDefault + rbac: + ## If true, Grafana PSPs will be created + ## + pspEnabled: false - ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. - ## Note this is only for the Alertmanager UI, not the gossip communication. - ## - listenLocal: false + ingress: + ## If true, Grafana Ingress will be created + ## + enabled: false - ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. - ## - containers: [] - # containers: - # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 - # args: - # - --upstream=http://127.0.0.1:9093 - # - --http-address=0.0.0.0:8081 - # - --metrics-address=0.0.0.0:8082 - # - ... - # ports: - # - containerPort: 8081 - # name: oauth-proxy - # protocol: TCP - # - containerPort: 8082 - # name: oauth-metrics - # protocol: TCP - # resources: {} - - # Additional volumes on the output StatefulSet definition. - volumes: [] - - # Additional VolumeMounts on the output StatefulSet definition. - volumeMounts: [] - - ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes - ## (permissions, dir tree) on mounted volumes before starting prometheus - initContainers: [] - - ## Priority class assigned to the Pods - ## - priorityClassName: "" + ## IngressClassName for Grafana Ingress. + ## Should be provided if Ingress is enable. + ## + # ingressClassName: nginx - ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. - ## - additionalPeers: [] + ## Annotations for Grafana Ingress + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" - ## PortName to use for Alert Manager. - ## - portName: "http-web" + ## Labels to be added to the Ingress + ## + labels: {} - ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 - ## - clusterAdvertiseAddress: false + ## Hostnames. + ## Must be provided if Ingress is enable. + ## + # hosts: + # - grafana.domain.com + hosts: [] + + ## Path for grafana ingress + path: / - ## clusterGossipInterval determines interval between gossip attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) - clusterGossipInterval: "" + ## TLS configuration for grafana Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: grafana-general-tls + # hosts: + # - grafana.example.com + + # # To make Grafana persistent (Using Statefulset) + # # + # persistence: + # enabled: true + # type: sts + # storageClassName: "storageClassName" + # accessModes: + # - ReadWriteOnce + # size: 20Gi + # finalizers: + # - kubernetes.io/pvc-protection + + serviceAccount: + create: true + autoMount: true + + sidecar: + dashboards: + enabled: true + label: grafana_dashboard + labelValue: "1" + # Allow discovery in all namespaces for dashboards + searchNamespace: ALL - ## clusterPeerTimeout determines timeout for cluster peering. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) - clusterPeerTimeout: "" + # Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels + enableNewTablePanelSyntax: false - ## clusterPushpullInterval determines interval between pushpull attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) - clusterPushpullInterval: "" + ## Annotations for Grafana dashboard configmaps + ## + annotations: {} + multicluster: + global: + enabled: false + etcd: + enabled: false + provider: + allowUiUpdates: false + datasources: + enabled: true + defaultDatasourceEnabled: true + isDefaultDatasource: true - ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. - ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. - forceEnableClusterMode: false + name: Prometheus + uid: prometheus - ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to - ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). - minReadySeconds: 0 + ## URL of prometheus datasource + ## + # url: http://prometheus-stack-prometheus:9090/ - ## Additional configuration which is not covered by the properties above. (passed through tpl) - additionalConfig: {} + ## Prometheus request timeout in seconds + # timeout: 30 - ## Additional configuration which is not covered by the properties above. - ## Useful, if you need advanced templating inside alertmanagerSpec. - ## Otherwise, use alertmanager.alertmanagerSpec.additionalConfig (passed through tpl) - additionalConfigString: "" + # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default + # defaultDatasourceScrapeInterval: 15s - ## ExtraSecret can be used to store various data in an extra secret - ## (use it for example to store hashed basic auth credentials) - extraSecret: - ## if not set, name will be auto generated - # name: "" + ## Annotations for Grafana datasource configmaps + ## annotations: {} - data: {} - # auth: | - # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 - # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. - ## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml + ## Set method for HTTP to send query to datasource + httpMethod: POST + + ## Create datasource for each Pod of Prometheus StatefulSet; + ## this uses headless service `prometheus-operated` which is + ## created by Prometheus Operator + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286 + createPrometheusReplicasDatasources: false + label: grafana_datasource + labelValue: "1" + + ## Field with internal link pointing to existing data source in Grafana. + ## Can be provisioned via additionalDataSources + exemplarTraceIdDestinations: {} + # datasourceUid: Jaeger + # traceIdLabelName: trace_id + alertmanager: + enabled: true + name: Alertmanager + uid: alertmanager + handleGrafanaManagedAlerts: false + implementation: prometheus + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # configMap: certs-configmap + # readOnly: true + + deleteDatasources: [] + # - name: example-datasource + # orgId: 1 + + ## Configure additional grafana datasources (passed through tpl) + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + additionalDataSources: [] + # - name: prometheus-sample + # access: proxy + # basicAuth: true + # secureJsonData: + # basicAuthPassword: pass + # basicAuthUser: daco + # editable: false + # jsonData: + # tlsSkipVerify: true + # orgId: 1 + # type: prometheus + # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 + # version: 1 + + # Flag to mark provisioned data sources for deletion if they are no longer configured. + # It takes no effect if data sources are already listed in the deleteDatasources section. + # ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-config-file + prune: false + + ## Passed to grafana subchart and used by servicemonitor below ## - grafana: + service: + portName: http-web + ipFamilies: [] + ipFamilyPolicy: "" + + serviceMonitor: + # If true, a ServiceMonitor CRD is created for a prometheus operator + # https://github.com/coreos/prometheus-operator + # enabled: true - namespaceOverride: "" - ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled - ## - forceDeployDatasources: false + # Path to use for scraping metrics. Might be different if server.root_url is set + # in grafana.ini + path: "/metrics" - ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled - ## - forceDeployDashboards: false + # namespace: monitoring (defaults to use the namespace this chart is deployed to) - ## Deploy default dashboards - ## - defaultDashboardsEnabled: true + # labels for the ServiceMonitor + labels: {} - ## Timezone for the default dashboards - ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg - ## - defaultDashboardsTimezone: utc + # Scrape interval. If not set, the Prometheus default scrape interval is used. + # + interval: "" + scheme: http + tlsConfig: {} + scrapeTimeout: 30s - ## Editable flag for the default dashboards + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - defaultDashboardsEditable: true - - adminPassword: prom-operator + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - rbac: - ## If true, Grafana PSPs will be created - ## - pspEnabled: false +## Flag to disable all the kubernetes component scrapers +## +kubernetesServiceMonitors: + enabled: true + +## Component scraping the kube api server +## +kubeApiServer: + enabled: true + tlsConfig: + serverName: kubernetes + insecureSkipVerify: false + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ingress: - ## If true, Grafana Ingress will be created - ## - enabled: false + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## IngressClassName for Grafana Ingress. - ## Should be provided if Ingress is enable. - ## - # ingressClassName: nginx + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## Annotations for Grafana Ingress - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## Labels to be added to the Ingress - ## - labels: {} + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## Hostnames. - ## Must be provided if Ingress is enable. - ## - # hosts: - # - grafana.domain.com - hosts: [] + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## Path for grafana ingress - path: / + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" - ## TLS configuration for grafana Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: grafana-general-tls - # hosts: - # - grafana.example.com - - # # To make Grafana persistent (Using Statefulset) - # # - # persistence: - # enabled: true - # type: sts - # storageClassName: "storageClassName" - # accessModes: - # - ReadWriteOnce - # size: 20Gi - # finalizers: - # - kubernetes.io/pvc-protection - - serviceAccount: - create: true - autoMount: true - - sidecar: - dashboards: - enabled: true - label: grafana_dashboard - labelValue: "1" - # Allow discovery in all namespaces for dashboards - searchNamespace: ALL + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes - # Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels - enableNewTablePanelSyntax: false + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: + # Drop excessively noisy apiserver buckets. + - action: drop + regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50) + sourceLabels: + - __name__ + - le + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + + ## Additional labels + ## + additionalLabels: {} + # foo: bar - ## Annotations for Grafana dashboard configmaps - ## - annotations: {} - multicluster: - global: - enabled: false - etcd: - enabled: false - provider: - allowUiUpdates: false - datasources: - enabled: true - defaultDatasourceEnabled: true - isDefaultDatasource: true +## Component scraping the kubelet and kubelet-hosted cAdvisor +## +kubelet: + enabled: true + namespace: kube-system - uid: prometheus + serviceMonitor: + ## Attach metadata to discovered targets. Requires Prometheus v2.45 for endpoints created by the operator. + ## + attachMetadata: + node: false - ## URL of prometheus datasource - ## - # url: http://prometheus-stack-prometheus:9090/ + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## Prometheus request timeout in seconds - # timeout: 30 + ## If true, Prometheus use (respect) labels provided by exporter. + ## + honorLabels: true - # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default - # defaultDatasourceScrapeInterval: 15s + ## If true, Prometheus ingests metrics with timestamp provided by exporter. If false, Prometheus ingests metrics with timestamp of scrape. + ## + honorTimestamps: true - ## Annotations for Grafana datasource configmaps - ## - annotations: {} + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## Set method for HTTP to send query to datasource - httpMethod: POST - - ## Create datasource for each Pod of Prometheus StatefulSet; - ## this uses headless service `prometheus-operated` which is - ## created by Prometheus Operator - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286 - createPrometheusReplicasDatasources: false - label: grafana_datasource - labelValue: "1" - - ## Field with internal link pointing to existing data source in Grafana. - ## Can be provisioned via additionalDataSources - exemplarTraceIdDestinations: {} - # datasourceUid: Jaeger - # traceIdLabelName: trace_id - alertmanager: - enabled: true - uid: alertmanager - handleGrafanaManagedAlerts: false - implementation: prometheus - - extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /etc/grafana/ssl/ - # configMap: certs-configmap - # readOnly: true - - deleteDatasources: [] - # - name: example-datasource - # orgId: 1 - - ## Configure additional grafana datasources (passed through tpl) - ## ref: http://docs.grafana.org/administration/provisioning/#datasources - additionalDataSources: [] - # - name: prometheus-sample - # access: proxy - # basicAuth: true - # basicAuthPassword: pass - # basicAuthUser: daco - # editable: false - # jsonData: - # tlsSkipVerify: true - # orgId: 1 - # type: prometheus - # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 - # version: 1 - - ## Passed to grafana subchart and used by servicemonitor below - ## - service: - portName: http-web - - serviceMonitor: - # If true, a ServiceMonitor CRD is created for a prometheus operator - # https://github.com/coreos/prometheus-operator - # - enabled: true + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - # Path to use for scraping metrics. Might be different if server.root_url is set - # in grafana.ini - path: "/metrics" + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - # namespace: monitoring (defaults to use the namespace this chart is deployed to) + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - # labels for the ServiceMonitor - labels: {} + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - # Scrape interval. If not set, the Prometheus default scrape interval is used. - # - interval: "" - scheme: http - tlsConfig: {} - scrapeTimeout: 30s + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## Enable scraping the kubelet over https. For requirements to enable this see + ## https://github.com/prometheus-operator/prometheus-operator/issues/926 + ## + https: true - ## Flag to disable all the kubernetes component scrapers - ## - kubernetesServiceMonitors: - enabled: true + ## Skip TLS certificate validation when scraping. + ## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs + ## + insecureSkipVerify: true - ## Component scraping the kube api server - ## - kubeApiServer: - enabled: true - tlsConfig: - serverName: kubernetes - insecureSkipVerify: false - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## Enable scraping /metrics/cadvisor from kubelet's service + ## + cAdvisor: true - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Enable scraping /metrics/probes from kubelet's service + ## + probes: true - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## Enable scraping /metrics/resource from kubelet's service + ## This is disabled by default because container metrics are already exposed by cAdvisor + ## + resource: false + # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource + resourcePath: "/metrics/resource/v1alpha1" - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + cAdvisorMetricRelabelings: + # Drop less useful container CPU metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)' + # Drop less useful container / always zero filesystem metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)' + # Drop less useful / always zero container memory metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_memory_(mapped_file|swap)' + # Drop less useful container process metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_(file_descriptors|tasks_state|threads_max)' + # Drop container spec metrics that overlap with kube-state-metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_spec.*' + # Drop cgroup metrics with no pod. + - sourceLabels: [id, pod] + action: drop + regex: '.+;' + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + probesMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + ## metrics_path is required to match upstream rules and charts + cAdvisorRelabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + probesRelabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + resourceRelabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + ## metrics_path is required to match upstream rules and charts + relabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - jobLabel: component - selector: - matchLabels: - component: apiserver - provider: kubernetes + ## Additional labels + ## + additionalLabels: {} + # foo: bar - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: - # Drop excessively noisy apiserver buckets. - - action: drop - regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50) - sourceLabels: - - __name__ - - le - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] +## Component scraping the kube controller manager +## +kubeControllerManager: + enabled: true - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: - # - __meta_kubernetes_namespace - # - __meta_kubernetes_service_name - # - __meta_kubernetes_endpoint_port_name - # action: keep - # regex: default;kubernetes;https - # - targetLabel: __address__ - # replacement: kubernetes.default.svc:443 - - ## Additional labels - ## - additionalLabels: {} - # foo: bar + ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 - ## Component scraping the kubelet and kubelet-hosted cAdvisor + ## If using kubeControllerManager.endpoints only the port and targetPort are used ## - kubelet: + service: enabled: true - namespace: kube-system + ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change + ## of default port in Kubernetes 1.22. + ## + port: null + targetPort: null + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # selector: + # component: kube-controller-manager - serviceMonitor: - ## Attach metadata to discovered targets. Requires Prometheus v2.45 for endpoints created by the operator. - ## - attachMetadata: - node: false + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## If true, Prometheus use (respect) labels provided by exporter. - ## - honorLabels: true + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## If true, Prometheus ingests metrics with timestamp provided by exporter. If false, Prometheus ingests metrics with timestamp of scrape. - ## - honorTimestamps: true + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + jobLabel: jobLabel + selector: {} + # matchLabels: + # component: kube-controller-manager - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + ## Enable scraping kube-controller-manager over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. + ## If null or unset, the value is determined dynamically based on target Kubernetes version. + ## + https: null - ## Enable scraping the kubelet over https. For requirements to enable this see - ## https://github.com/prometheus-operator/prometheus-operator/issues/926 - ## - https: true + # Skip TLS certificate validation when scraping + insecureSkipVerify: null - ## Enable scraping /metrics/cadvisor from kubelet's service - ## - cAdvisor: true + # Name of the server to use when validating TLS certificate + serverName: null - ## Enable scraping /metrics/probes from kubelet's service - ## - probes: true + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## Enable scraping /metrics/resource from kubelet's service - ## This is disabled by default because container metrics are already exposed by cAdvisor - ## - resource: false - # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource - resourcePath: "/metrics/resource/v1alpha1" + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - cAdvisorMetricRelabelings: - # Drop less useful container CPU metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)' - # Drop less useful container / always zero filesystem metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)' - # Drop less useful / always zero container memory metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_memory_(mapped_file|swap)' - # Drop less useful container process metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_(file_descriptors|tasks_state|threads_max)' - # Drop container spec metrics that overlap with kube-state-metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_spec.*' - # Drop cgroup metrics with no pod. - - sourceLabels: [id, pod] - action: drop - regex: '.+;' - # - sourceLabels: [__name__, image] - # separator: ; - # regex: container_([a-z_]+); - # replacement: $1 - # action: drop - # - sourceLabels: [__name__] - # separator: ; - # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - # replacement: $1 - # action: drop + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping coreDns. Use either this or kubeDns +## +coreDns: + enabled: true + service: + enabled: true + port: 9153 + targetPort: 9153 - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - probesMetricRelabelings: [] - # - sourceLabels: [__name__, image] - # separator: ; - # regex: container_([a-z_]+); - # replacement: $1 - # action: drop - # - sourceLabels: [__name__] - # separator: ; - # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - # replacement: $1 - # action: drop + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # selector: + # k8s-app: kube-dns + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - ## metrics_path is required to match upstream rules and charts - cAdvisorRelabelings: - - action: replace - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - probesRelabelings: - - action: replace - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - resourceRelabelings: - - action: replace - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - sourceLabels: [__name__, image] - # separator: ; - # regex: container_([a-z_]+); - # replacement: $1 - # action: drop - # - sourceLabels: [__name__] - # separator: ; - # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - # replacement: $1 - # action: drop + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - ## metrics_path is required to match upstream rules and charts - relabelings: - - action: replace - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## Additional labels - ## - additionalLabels: {} - # foo: bar + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" - ## Component scraping the kube controller manager - ## - kubeControllerManager: - enabled: true + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # k8s-app: kube-dns - ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## If using kubeControllerManager.endpoints only the port and targetPort are used + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - service: - enabled: true - ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change - ## of default port in Kubernetes 1.22. - ## - port: null - targetPort: null - # selector: - # component: kube-controller-manager + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping kubeDns. Use either this or coreDns +## +kubeDns: + enabled: false + service: + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" - ## port: Name of the port the metrics will be scraped from - ## - port: http-metrics + jobLabel: jobLabel + selector: {} + # matchLabels: + # k8s-app: kube-dns - jobLabel: jobLabel - selector: {} - # matchLabels: - # component: kube-controller-manager + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## Enable scraping kube-controller-manager over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. - ## If null or unset, the value is determined dynamically based on target Kubernetes version. - ## - https: null + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - # Skip TLS certificate validation when scraping - insecureSkipVerify: null + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + dnsmasqMetricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - # Name of the server to use when validating TLS certificate - serverName: null + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + dnsmasqRelabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## Additional labels + ## + additionalLabels: {} + # foo: bar - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace +## Component scraping etcd +## +kubeEtcd: + enabled: true - ## Additional labels - ## - additionalLabels: {} - # foo: bar + ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 - ## Component scraping coreDns. Use either this or kubeDns + ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used ## - coreDns: + service: enabled: true - service: - enabled: true - port: 9153 - targetPort: 9153 - # selector: - # k8s-app: kube-dns - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + port: 2381 + targetPort: 2381 + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # selector: + # component: etcd - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Configure secure access to the etcd cluster by loading a secret into prometheus and + ## specifying security configuration below. For example, with a secret named etcd-client-cert + ## + ## serviceMonitor: + ## scheme: https + ## insecureSkipVerify: false + ## serverName: localhost + ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client + ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + ## + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## port: Name of the port the metrics will be scraped from - ## - port: http-metrics + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + scheme: http + insecureSkipVerify: false + serverName: "" + caFile: "" + certFile: "" + keyFile: "" + + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics - jobLabel: jobLabel - selector: {} - # matchLabels: - # k8s-app: kube-dns + jobLabel: jobLabel + selector: {} + # matchLabels: + # component: etcd - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## Additional labels - ## - additionalLabels: {} - # foo: bar + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping kube scheduler +## +kubeScheduler: + enabled: true - ## Component scraping kubeDns. Use either this or coreDns + ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on ## - kubeDns: - enabled: false - service: - dnsmasq: - port: 10054 - targetPort: 10054 - skydns: - port: 10055 - targetPort: 10055 - # selector: - # k8s-app: kube-dns - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## + service: + enabled: true + ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change + ## of default port in Kubernetes 1.23. + ## + port: null + targetPort: null + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # selector: + # component: kube-scheduler - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - jobLabel: jobLabel - selector: {} - # matchLabels: - # k8s-app: kube-dns + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + ## Enable scraping kube-scheduler over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. + ## If null or unset, the value is determined dynamically based on target Kubernetes version. + ## + https: null - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - dnsmasqMetricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + jobLabel: jobLabel + selector: {} + # matchLabels: + # component: kube-scheduler - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - dnsmasqRelabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## Skip TLS certificate validation when scraping + insecureSkipVerify: null - ## Additional labels - ## - additionalLabels: {} - # foo: bar + ## Name of the server to use when validating TLS certificate + serverName: null - ## Component scraping etcd - ## - kubeEtcd: - enabled: true + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + ## Additional labels ## - service: - enabled: true - port: 2381 - targetPort: 2381 - # selector: - # component: etcd - - ## Configure secure access to the etcd cluster by loading a secret into prometheus and - ## specifying security configuration below. For example, with a secret named etcd-client-cert - ## - ## serviceMonitor: - ## scheme: https - ## insecureSkipVerify: false - ## serverName: localhost - ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca - ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client - ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key - ## - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + additionalLabels: {} + # foo: bar - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 +## Component scraping kube proxy +## +kubeProxy: + enabled: true - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## If your kube proxy is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + service: + enabled: true + port: 10249 + targetPort: 10249 + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + # selector: + # k8s-app: kube-proxy - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - scheme: http - insecureSkipVerify: false - serverName: "" - caFile: "" - certFile: "" - keyFile: "" - - ## port: Name of the port the metrics will be scraped from - ## - port: http-metrics + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - jobLabel: jobLabel - selector: {} - # matchLabels: - # component: etcd + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## Additional labels - ## - additionalLabels: {} - # foo: bar + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" - ## Component scraping kube scheduler - ## - kubeScheduler: - enabled: true + ## port: Name of the port the metrics will be scraped from + ## + port: http-metrics + + jobLabel: jobLabel + selector: {} + # matchLabels: + # k8s-app: kube-proxy - ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## Enable scraping kube-proxy over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 + https: false - ## If using kubeScheduler.endpoints only the port and targetPort are used + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - service: - enabled: true - ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change - ## of default port in Kubernetes 1.23. - ## - port: null - targetPort: null - # selector: - # component: kube-scheduler + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## Additional labels + ## + additionalLabels: {} + # foo: bar - serviceMonitor: +## Component scraping kube state metrics +## +kubeStateMetrics: + enabled: true + +## Configuration for kube-state-metrics subchart +## +kube-state-metrics: + namespaceOverride: "" + rbac: + create: true + releaseLabel: true + prometheus: + monitor: enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. ## interval: "" @@ -1847,29 +2074,17 @@ kube-prometheus-stack: ## labelValueLengthLimit: 0 + ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used. + ## + scrapeTimeout: "" + ## proxyUrl: URL of a proxy that should be used for scraping. ## proxyUrl: "" - ## Enable scraping kube-scheduler over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. - ## If null or unset, the value is determined dynamically based on target Kubernetes version. - ## - https: null - ## port: Name of the port the metrics will be scraped from + # Keep labels from scraped data, overriding server-side labels ## - port: http-metrics - - jobLabel: jobLabel - selector: {} - # matchLabels: - # component: kube-scheduler - - ## Skip TLS certificate validation when scraping - insecureSkipVerify: null - - ## Name of the server to use when validating TLS certificate - serverName: null + honorLabels: true ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig @@ -1890,32 +2105,52 @@ kube-prometheus-stack: # replacement: $1 # action: replace - ## Additional labels - ## - additionalLabels: {} - # foo: bar + selfMonitor: + enabled: false + +## Deploy node exporter as a daemonset to all nodes +## +nodeExporter: + enabled: true + operatingSystems: + linux: + enabled: true + aix: + enabled: true + darwin: + enabled: true - ## Component scraping kube proxy + ## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled ## - kubeProxy: - enabled: true + forceDeployDashboards: false - ## If your kube proxy is not deployed as a pod, specify IPs it can be found on +## Configuration for prometheus-node-exporter subchart +## +prometheus-node-exporter: + namespaceOverride: "" + podLabels: + ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 + jobLabel: node-exporter + releaseLabel: true + extraArgs: + - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + service: + portName: http-metrics + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + labels: + jobLabel: node-exporter - service: + prometheus: + monitor: enabled: true - port: 10249 - targetPort: 10249 - # selector: - # k8s-app: kube-proxy - serviceMonitor: - enabled: true + jobLabel: jobLabel + ## Scrape interval. If not set, the Prometheus default scrape interval is used. ## interval: "" @@ -1940,2095 +2175,2023 @@ kube-prometheus-stack: ## labelValueLengthLimit: 0 - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## port: Name of the port the metrics will be scraped from + ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. ## - port: http-metrics - - jobLabel: jobLabel - selector: {} - # matchLabels: - # k8s-app: kube-proxy + scrapeTimeout: "" - ## Enable scraping kube-proxy over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## proxyUrl: URL of a proxy that should be used for scraping. ## - https: false + proxyUrl: "" ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + # - sourceLabels: [__name__] + # separator: ; + # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ + # replacement: $1 + # action: drop ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## relabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - - ## Component scraping kube state metrics - ## - kubeStateMetrics: - enabled: true + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + rbac: + ## If true, create PSPs for node-exporter + ## + pspEnabled: false - ## Configuration for kube-state-metrics subchart - ## - kube-state-metrics: - namespaceOverride: "" - rbac: - create: true - releaseLabel: true - prometheus: - monitor: - enabled: true +## Manages Prometheus and Alertmanager components +## +prometheusOperator: + enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## Use '{{ template "kube-prometheus-stack.fullname" . }}-operator' by default + fullnameOverride: "" - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Number of old replicasets to retain ## + ## The default value is 10, 0 will garbage-collect old replicasets ## + revisionHistoryLimit: 10 - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## Strategy of the deployment + ## + strategy: {} - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## Prometheus-Operator v0.39.0 and later support TLS natively. + ## + tls: + enabled: true + # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + tlsMinVersion: VersionTLS13 + # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. + internalPort: 10250 - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## Liveness probe for the prometheusOperator deployment + ## + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + ## Readiness probe for the prometheusOperator deployment + ## + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted + ## rules from making their way into prometheus and potentially preventing the container from starting + admissionWebhooks: + ## Valid values: Fail, Ignore, IgnoreOnInstallOnly + ## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail" + failurePolicy: "" + ## The default timeoutSeconds is 10 and the maximum value is 30. + timeoutSeconds: 10 + enabled: true + ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. + ## If unspecified, system trust roots on the apiserver are used. + caBundle: "" + ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. + ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own + ## certs ahead of time if you wish. + ## + annotations: {} + # argocd.argoproj.io/hook: PreSync + # argocd.argoproj.io/hook-delete-policy: HookSucceeded - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + namespaceSelector: {} + objectSelector: {} - ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used. - ## - scrapeTimeout: "" + mutatingWebhookConfiguration: + annotations: {} + # argocd.argoproj.io/hook: PreSync - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" + validatingWebhookConfiguration: + annotations: {} + # argocd.argoproj.io/hook: PreSync - # Keep labels from scraped data, overriding server-side labels - ## - honorLabels: true + deployment: + enabled: false - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## Number of replicas + ## + replicas: 1 - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - selfMonitor: - enabled: false + ## Strategy of the deployment + ## + strategy: {} - ## Deploy node exporter as a daemonset to all nodes - ## - nodeExporter: - enabled: true - operatingSystems: - linux: - enabled: true - darwin: - enabled: true + # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 1 - ## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled - ## - forceDeployDashboards: false + ## Number of old replicasets to retain ## + ## The default value is 10, 0 will garbage-collect old replicasets ## + revisionHistoryLimit: 10 - ## Configuration for prometheus-node-exporter subchart - ## - prometheus-node-exporter: - namespaceOverride: "" - podLabels: - ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## Prometheus-Operator v0.39.0 and later support TLS natively. ## - jobLabel: node-exporter - releaseLabel: true - extraArgs: - - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ - service: - portName: http-metrics - prometheus: - monitor: + tls: enabled: true + # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + tlsMinVersion: VersionTLS13 + # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. + internalPort: 10250 - jobLabel: jobLabel - - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Service account for Prometheus Operator Webhook to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + annotations: {} + automountServiceAccountToken: false + create: true + name: "" - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## Configuration for Prometheus operator Webhook service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' ## - targetLimit: 0 + nodePort: 31080 - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + nodePortTls: 31443 - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## Additional ports to open for Prometheus operator Webhook service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services ## - labelNameLengthLimit: 0 + additionalPorts: [] - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" ## - labelValueLengthLimit: 0 + loadBalancerIP: "" + loadBalancerSourceRanges: [] - ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## - scrapeTimeout: "" + externalTrafficPolicy: Cluster - ## proxyUrl: URL of a proxy that should be used for scraping. + ## Service type + ## NodePort, ClusterIP, LoadBalancer ## - proxyUrl: "" + type: ClusterIP - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## - metricRelabelings: [] - # - sourceLabels: [__name__] - # separator: ; - # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ - # replacement: $1 - # action: drop - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - rbac: - ## If true, create PSPs for node-exporter - ## - pspEnabled: false + externalIPs: [] - ## Manages Prometheus and Alertmanager components - ## - prometheusOperator: - enabled: true - - ## Use '{{ template "kube-prometheus-stack.fullname" . }}-operator' by default - fullnameOverride: "" - - ## Number of old replicasets to retain ## - ## The default value is 10, 0 will garbage-collect old replicasets ## - revisionHistoryLimit: 10 - - ## Strategy of the deployment - ## - strategy: {} + # ## Labels to add to the operator webhook deployment + # ## + labels: {} - ## Prometheus-Operator v0.39.0 and later support TLS natively. - ## - tls: - enabled: true - # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants - tlsMinVersion: VersionTLS13 - # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. - internalPort: 10250 - - ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted - ## rules from making their way into prometheus and potentially preventing the container from starting - admissionWebhooks: - ## Valid values: Fail, Ignore, IgnoreOnInstallOnly - ## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail" - failurePolicy: "" - ## The default timeoutSeconds is 10 and the maximum value is 30. - timeoutSeconds: 10 - enabled: true - ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. - ## If unspecified, system trust roots on the apiserver are used. - caBundle: "" - ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. - ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own - ## certs ahead of time if you wish. + ## Annotations to add to the operator webhook deployment ## annotations: {} - # argocd.argoproj.io/hook: PreSync - # argocd.argoproj.io/hook-delete-policy: HookSucceeded - - namespaceSelector: {} - - deployment: - enabled: false - - ## Number of replicas - ## - replicas: 1 - ## Strategy of the deployment - ## - strategy: {} - - # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 1 - - ## Number of old replicasets to retain ## - ## The default value is 10, 0 will garbage-collect old replicasets ## - revisionHistoryLimit: 10 - - ## Prometheus-Operator v0.39.0 and later support TLS natively. - ## - tls: - enabled: true - # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants - tlsMinVersion: VersionTLS13 - # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. - internalPort: 10250 - - ## Service account for Prometheus Operator Webhook to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - automountServiceAccountToken: false - create: true - name: "" - - ## Configuration for Prometheus operator Webhook service - ## - service: - annotations: {} - labels: {} - clusterIP: "" - - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 31080 - - nodePortTls: 31443 - - ## Additional ports to open for Prometheus operator Webhook service - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services - ## - additionalPorts: [] + ## Labels to add to the operator webhook pod + ## + podLabels: {} - ## Loadbalancer IP - ## Only use if service.type is "LoadBalancer" - ## - loadBalancerIP: "" - loadBalancerSourceRanges: [] + ## Annotations to add to the operator webhook pod + ## + podAnnotations: {} - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## Assign a PriorityClassName to pods if set + # priorityClassName: "" - ## Service type - ## NodePort, ClusterIP, LoadBalancer - ## - type: ClusterIP + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] + ## Decrease log verbosity to errors only + # logLevel: error - # ## Labels to add to the operator webhook deployment - # ## - labels: {} + ## Prometheus-operator webhook image + ## + image: + registry: quay.io + repository: prometheus-operator/admission-webhook + # if not set appVersion field from Chart.yaml is used + tag: "" + sha: "" + pullPolicy: IfNotPresent - ## Annotations to add to the operator webhook deployment - ## - annotations: {} + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt - ## Labels to add to the operator webhook pod - ## - podLabels: {} + ## Decrease log verbosity to errors only + # logLevel: error - ## Annotations to add to the operator webhook pod - ## - podAnnotations: {} - ## Assign a PriorityClassName to pods if set - # priorityClassName: "" + ## Liveness probe + ## + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 - ## Define Log Format - # Use logfmt (default) or json logging - # logFormat: logfmt + ## Readiness probe + ## + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 - ## Decrease log verbosity to errors only - # logLevel: error + ## Resource limits & requests + ## + resources: {} + # limits: + # cpu: 200m + # memory: 200Mi + # requests: + # cpu: 100m + # memory: 100Mi - ## Prometheus-operator webhook image - ## - image: - registry: quay.io - repository: prometheus-operator/admission-webhook - # if not set appVersion field from Chart.yaml is used - tag: "" - sha: "" - pullPolicy: IfNotPresent + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false - ## Define Log Format - # Use logfmt (default) or json logging - # logFormat: logfmt + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} - ## Decrease log verbosity to errors only - # logLevel: error + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + ## Assign custom affinity rules to the prometheus operator + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault - ## Liveness probe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Readiness probe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Resource limits & requests - ## - resources: {} - # limits: - # cpu: 200m - # memory: 200Mi - # requests: - # cpu: 100m - # memory: 100Mi - - # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), - # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working - ## - hostNetwork: false + ## Container-specific security context configuration + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} + ## If false then the user will opt out of automounting API credentials. + ## + automountServiceAccountToken: true - ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - ## Assign custom affinity rules to the prometheus operator - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 - # - e2e-az2 - dnsConfig: {} - # nameservers: - # - 1.2.3.4 - # searches: - # - ns1.svc.cluster-domain.example - # - my.dns.search.suffix - # options: - # - name: ndots - # value: "2" - # - name: edns0 - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault - - ## Container-specific security context configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - - ## If false then the user will opt out of automounting API credentials. - ## - automountServiceAccountToken: true + patch: + enabled: true + image: + registry: registry.k8s.io + repository: ingress-nginx/kube-webhook-certgen + tag: v20221220-controller-v1.5.1-58-g787ea74b6 + sha: "" + pullPolicy: IfNotPresent + resources: {} + ## Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + ttlSecondsAfterFinished: 60 + annotations: {} + # argocd.argoproj.io/hook: PreSync + # argocd.argoproj.io/hook-delete-policy: HookSucceeded + podAnnotations: {} + nodeSelector: {} + affinity: {} + tolerations: [] - patch: - enabled: true - image: - registry: registry.k8s.io - repository: ingress-nginx/kube-webhook-certgen - tag: v20221220-controller-v1.5.1-58-g787ea74b6 - sha: "" - pullPolicy: IfNotPresent - resources: {} - ## Provide a priority class name to the webhook patching job - ## - priorityClassName: "" + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + seccompProfile: + type: RuntimeDefault + ## Service account for Prometheus Operator Webhook Job Patch to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true annotations: {} - # argocd.argoproj.io/hook: PreSync - # argocd.argoproj.io/hook-delete-policy: HookSucceeded - podAnnotations: {} - nodeSelector: {} - affinity: {} - tolerations: [] - - ## SecurityContext holds pod-level security attributes and common container settings. - ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - seccompProfile: - type: RuntimeDefault - - # Security context for create job container - createSecretJob: - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - - # Security context for patch job container - patchWebhookJob: - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - - # Use certmanager to generate webhook certs - certManager: - enabled: false - # self-signed root certificate - rootCert: - duration: "" # default to be 5y - admissionCert: - duration: "" # default to be 1y - # issuerRef: - # name: "issuer" - # kind: "ClusterIssuer" - - ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). - ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration - ## - namespaces: {} - # releaseNamespace: true - # additional: - # - kube-system - - ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). - ## - denyNamespaces: [] + automountServiceAccountToken: true - ## Filter namespaces to look for prometheus-operator custom resources - ## - alertmanagerInstanceNamespaces: [] - alertmanagerConfigNamespaces: [] - prometheusInstanceNamespaces: [] - thanosRulerInstanceNamespaces: [] + # Security context for create job container + createSecretJob: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. - ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) - ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 - ## - # clusterDomain: "cluster.local" + # Security context for patch job container + patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - networkPolicy: - ## Enable creation of NetworkPolicy resources. - ## + # Use certmanager to generate webhook certs + certManager: enabled: false + # self-signed root certificate + rootCert: + duration: "" # default to be 5y + admissionCert: + duration: "" # default to be 1y + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + + ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). + ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration + ## + namespaces: {} + # releaseNamespace: true + # additional: + # - kube-system - ## Flavor of the network policy to use. - # Can be: - # * kubernetes for networking.k8s.io/v1/NetworkPolicy - # * cilium for cilium.io/v2/CiliumNetworkPolicy - flavor: kubernetes - - # cilium: - # egress: + ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). + ## + denyNamespaces: [] - ## match labels used in selector - # matchLabels: {} + ## Filter namespaces to look for prometheus-operator custom resources + ## + alertmanagerInstanceNamespaces: [] + alertmanagerConfigNamespaces: [] + prometheusInstanceNamespaces: [] + thanosRulerInstanceNamespaces: [] + + ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. + ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) + ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 + ## + # clusterDomain: "cluster.local" - ## Service account for Prometheus Operator to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + networkPolicy: + ## Enable creation of NetworkPolicy resources. ## - serviceAccount: - create: true - name: "" - automountServiceAccountToken: true + enabled: false - ## Configuration for Prometheus operator service - ## - service: - annotations: {} - labels: {} - clusterIP: "" + ## Flavor of the network policy to use. + # Can be: + # * kubernetes for networking.k8s.io/v1/NetworkPolicy + # * cilium for cilium.io/v2/CiliumNetworkPolicy + flavor: kubernetes - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30080 + # cilium: + # egress: - nodePortTls: 30443 + ## match labels used in selector + # matchLabels: {} - ## Additional ports to open for Prometheus operator service - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services - ## - additionalPorts: [] + ## Service account for Prometheus Operator to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + annotations: {} - ## Loadbalancer IP - ## Only use if service.type is "LoadBalancer" - ## - loadBalancerIP: "" - loadBalancerSourceRanges: [] + ## Configuration for Prometheus operator service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30080 - ## Service type - ## NodePort, ClusterIP, LoadBalancer - ## - type: ClusterIP + nodePortTls: 30443 - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] + ## Additional ports to open for Prometheus operator service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] - # ## Labels to add to the operator deployment - # ## - labels: {} + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + ## + loadBalancerIP: "" + loadBalancerSourceRanges: [] - ## Annotations to add to the operator deployment + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## - annotations: {} + externalTrafficPolicy: Cluster - ## Labels to add to the operator pod - ## - podLabels: {} + ## Service type + ## NodePort, ClusterIP, LoadBalancer + ## + type: ClusterIP - ## Annotations to add to the operator pod + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## - podAnnotations: {} - - ## Assign a PriorityClassName to pods if set - # priorityClassName: "" - - ## Define Log Format - # Use logfmt (default) or json logging - # logFormat: logfmt + externalIPs: [] - ## Decrease log verbosity to errors only - # logLevel: error + # ## Labels to add to the operator deployment + # ## + labels: {} - kubeletService: - ## If true, the operator will create and maintain a service for scraping kubelets - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md - ## - enabled: true - namespace: kube-system - ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default - name: "" + ## Annotations to add to the operator deployment + ## + annotations: {} - ## Create a servicemonitor for the operator - ## - serviceMonitor: - ## If true, create a serviceMonitor for prometheus operator - ## - selfMonitor: true + ## Labels to add to the operator pod + ## + podLabels: {} - ## Labels for ServiceMonitor - additionalLabels: {} + ## Annotations to add to the operator pod + ## + podAnnotations: {} - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + ## Assign a PriorityClassName to pods if set + # priorityClassName: "" - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## Decrease log verbosity to errors only + # logLevel: error - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + kubeletService: + ## If true, the operator will create and maintain a service for scraping kubelets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md + ## + enabled: true + namespace: kube-system + selector: "" + ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default + name: "" - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## Create Endpoints objects for kubelet targets. + kubeletEndpointsEnabled: true + ## Create EndpointSlice objects for kubelet targets. + kubeletEndpointSliceEnabled: false - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## If true, create a serviceMonitor for prometheus operator + ## + selfMonitor: true - ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. - scrapeTimeout: "" + ## Labels for ServiceMonitor + additionalLabels: {} - ## Metric relabel configs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - # relabel configs to apply to samples before ingestion. - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## Resource limits & requests + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. ## - resources: {} - # limits: - # cpu: 200m - # memory: 200Mi - # requests: - # cpu: 100m - # memory: 100Mi + targetLimit: 0 - ## Operator Environment - ## env: - ## VARIABLE: value - env: - GOGC: "30" + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), - # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## - hostNetwork: false + labelNameLengthLimit: 0 - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## - nodeSelector: {} + labelValueLengthLimit: 0 - ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. + scrapeTimeout: "" + + ## Metric relabel configs to apply to samples before ingestion. ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## Assign custom affinity rules to the prometheus operator - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + # relabel configs to apply to samples before ingestion. ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Resource limits & requests + ## + resources: {} + # limits: + # cpu: 200m + # memory: 200Mi + # requests: + # cpu: 100m + # memory: 100Mi + + ## Operator Environment + ## env: + ## VARIABLE: value + env: + GOGC: "30" + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Assign custom affinity rules to the prometheus operator + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 # - e2e-az2 - dnsConfig: {} - # nameservers: - # - 1.2.3.4 - # searches: - # - ns1.svc.cluster-domain.example - # - my.dns.search.suffix - # options: - # - name: ndots + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots # value: "2" - # - name: edns0 - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - seccompProfile: - type: RuntimeDefault + # - name: edns0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + + ## Container-specific security context configuration + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + # Enable vertical pod autoscaler support for prometheus-operator + verticalPodAutoscaler: + enabled: false - ## Container-specific security context configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction + # minReplicas: 1 + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". + updateMode: Auto + + ## Prometheus-operator image + ## + image: + registry: quay.io + repository: prometheus-operator/prometheus-operator + # if not set appVersion field from Chart.yaml is used + tag: "" + sha: "" + pullPolicy: IfNotPresent + + ## Prometheus image to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImage: prometheus/prometheus - # Enable vertical pod autoscaler support for prometheus-operator - verticalPodAutoscaler: - enabled: false + ## Prometheus image registry to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImageRegistry: quay.io - # Recommender responsible for generating recommendation for the object. - # List should be empty (then the default recommender will generate the recommendation) - # or contain exactly one recommender. - # recommenders: - # - name: custom-recommender-performance - - # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory - controlledResources: [] - # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. - # controlledValues: RequestsAndLimits - - # Define the max allowed resources for the pod - maxAllowed: {} - # cpu: 200m - # memory: 100Mi - # Define the min allowed resources for the pod - minAllowed: {} - # cpu: 200m - # memory: 100Mi - - updatePolicy: - # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction - # minReplicas: 1 - # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates - # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". - updateMode: Auto - - ## Prometheus-operator image - ## + ## Alertmanager image to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImage: prometheus/alertmanager + + ## Alertmanager image registry to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImageRegistry: quay.io + + ## Prometheus-config-reloader + ## + prometheusConfigReloader: image: registry: quay.io - repository: prometheus-operator/prometheus-operator + repository: prometheus-operator/prometheus-config-reloader # if not set appVersion field from Chart.yaml is used tag: "" sha: "" - pullPolicy: IfNotPresent - ## Prometheus image to use for prometheuses managed by the operator - ## - # prometheusDefaultBaseImage: prometheus/prometheus - - ## Prometheus image registry to use for prometheuses managed by the operator - ## - # prometheusDefaultBaseImageRegistry: quay.io + # add prometheus config reloader liveness and readiness probe. Default: false + enableProbe: false - ## Alertmanager image to use for alertmanagers managed by the operator - ## - # alertmanagerDefaultBaseImage: prometheus/alertmanager + # resource config for prometheusConfigReloader + resources: {} + # requests: + # cpu: 200m + # memory: 50Mi + # limits: + # cpu: 200m + # memory: 50Mi - ## Alertmanager image registry to use for alertmanagers managed by the operator - ## - # alertmanagerDefaultBaseImageRegistry: quay.io + ## Thanos side-car image when configured + ## + thanosImage: + registry: quay.io + repository: thanos/thanos + tag: v0.36.1 + sha: "" - ## Prometheus-config-reloader - ## - prometheusConfigReloader: - image: - registry: quay.io - repository: prometheus-operator/prometheus-config-reloader - # if not set appVersion field from Chart.yaml is used - tag: "" - sha: "" + ## Set a Label Selector to filter watched prometheus and prometheusAgent + ## + prometheusInstanceSelector: "" - # add prometheus config reloader liveness and readiness probe. Default: false - enableProbe: false + ## Set a Label Selector to filter watched alertmanager + ## + alertmanagerInstanceSelector: "" - # resource config for prometheusConfigReloader - resources: {} - # requests: - # cpu: 200m - # memory: 50Mi - # limits: - # cpu: 200m - # memory: 50Mi + ## Set a Label Selector to filter watched thanosRuler + thanosRulerInstanceSelector: "" - ## Thanos side-car image when configured - ## - thanosImage: - registry: quay.io - repository: thanos/thanos - tag: v0.34.1 - sha: "" + ## Set a Field Selector to filter watched secrets + ## + secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1" - ## Set a Label Selector to filter watched prometheus and prometheusAgent - ## - prometheusInstanceSelector: "" + ## If false then the user will opt out of automounting API credentials. + ## + automountServiceAccountToken: true - ## Set a Label Selector to filter watched alertmanager - ## - alertmanagerInstanceSelector: "" + ## Additional volumes + ## + extraVolumes: [] - ## Set a Label Selector to filter watched thanosRuler - thanosRulerInstanceSelector: "" + ## Additional volume mounts + ## + extraVolumeMounts: [] - ## Set a Field Selector to filter watched secrets - ## - secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1" +## Deploy a Prometheus instance +## +prometheus: + enabled: true - ## If false then the user will opt out of automounting API credentials. - ## - automountServiceAccountToken: true + ## Toggle prometheus into agent mode + ## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/designs/prometheus-agent.md + ## + agentMode: false - ## Additional volumes - ## - extraVolumes: [] + ## Annotations for Prometheus + ## + annotations: {} - ## Additional volume mounts - ## - extraVolumeMounts: [] + ## Configure network policy for the prometheus + networkPolicy: + enabled: false - ## Deploy a Prometheus instance + ## Flavor of the network policy to use. + # Can be: + # * kubernetes for networking.k8s.io/v1/NetworkPolicy + # * cilium for cilium.io/v2/CiliumNetworkPolicy + flavor: kubernetes + + # cilium: + # endpointSelector: + # egress: + # ingress: + + # egress: + # - {} + # ingress: + # - {} + # podSelector: + # matchLabels: + # app: prometheus + + ## Service account for Prometheuses to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## - prometheus: - enabled: true - - ## Toggle prometheus into agent mode - ## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/designs/prometheus-agent.md - ## - agentMode: false + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: true - ## Annotations for Prometheus - ## + # Service for thanos service discovery on sidecar + # Enable this can make Thanos Query can use + # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery + # Thanos sidecar on prometheus nodes + # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) + thanosService: + enabled: false annotations: {} + labels: {} - ## Configure network policy for the prometheus - networkPolicy: - enabled: false + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster - ## Flavor of the network policy to use. - # Can be: - # * kubernetes for networking.k8s.io/v1/NetworkPolicy - # * cilium for cilium.io/v2/CiliumNetworkPolicy - flavor: kubernetes - - # cilium: - # endpointSelector: - # egress: - # ingress: - - # egress: - # - {} - # ingress: - # - {} - # podSelector: - # matchLabels: - # app: prometheus - - ## Service account for Prometheuses to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - create: true - name: "" - annotations: {} - automountServiceAccountToken: true + ## Service type + ## + type: ClusterIP - # Service for thanos service discovery on sidecar - # Enable this can make Thanos Query can use - # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery - # Thanos sidecar on prometheus nodes - # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) - thanosService: + ## Service dual stack + ## + ipDualStack: enabled: false - annotations: {} - labels: {} - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" - ## Service type - ## - type: ClusterIP + ## gRPC port config + portName: grpc + port: 10901 + targetPort: "grpc" - ## gRPC port config - portName: grpc - port: 10901 - targetPort: "grpc" + ## HTTP port config (for metrics) + httpPortName: http + httpPort: 10902 + targetHttpPort: "http" - ## HTTP port config (for metrics) - httpPortName: http - httpPort: 10902 - targetHttpPort: "http" + ## ClusterIP to assign + # Default is to make this a headless service ("None") + clusterIP: "None" - ## ClusterIP to assign - # Default is to make this a headless service ("None") - clusterIP: "None" + ## Port to expose on each node, if service type is NodePort + ## + nodePort: 30901 + httpNodePort: 30902 - ## Port to expose on each node, if service type is NodePort - ## - nodePort: 30901 - httpNodePort: 30902 + # ServiceMonitor to scrape Sidecar metrics + # Needs thanosService to be enabled as well + thanosServiceMonitor: + enabled: false + interval: "" - # ServiceMonitor to scrape Sidecar metrics - # Needs thanosService to be enabled as well - thanosServiceMonitor: - enabled: false - interval: "" + ## Additional labels + ## + additionalLabels: {} - ## Additional labels - ## - additionalLabels: {} + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} + bearerTokenFile: - bearerTokenFile: + ## Metric relabel configs to apply to samples before ingestion. + metricRelabelings: [] - ## Metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] + ## relabel configs to apply to samples before ingestion. + relabelings: [] - ## relabel configs to apply to samples before ingestion. - relabelings: [] + # Service for external access to sidecar + # Enabling this creates a service to expose thanos-sidecar outside the cluster. + thanosServiceExternal: + enabled: false + annotations: {} + labels: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] - # Service for external access to sidecar - # Enabling this creates a service to expose thanos-sidecar outside the cluster. - thanosServiceExternal: - enabled: false - annotations: {} - labels: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] + ## gRPC port config + portName: grpc + port: 10901 + targetPort: "grpc" - ## gRPC port config - portName: grpc - port: 10901 - targetPort: "grpc" + ## HTTP port config (for metrics) + httpPortName: http + httpPort: 10902 + targetHttpPort: "http" - ## HTTP port config (for metrics) - httpPortName: http - httpPort: 10902 - targetHttpPort: "http" + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## Service type + ## + type: LoadBalancer - ## Service type - ## - type: LoadBalancer + ## Port to expose on each node + ## + nodePort: 30901 + httpNodePort: 30902 - ## Port to expose on each node - ## - nodePort: 30901 - httpNodePort: 30902 + ## Configuration for Prometheus service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + ipDualStack: + enabled: false + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" - ## Configuration for Prometheus service + ## Port for Prometheus Service to listen on ## - service: - annotations: {} - labels: {} - clusterIP: "" + port: 9090 - ## Port for Prometheus Service to listen on - ## - port: 9090 + ## To be used with a proxy extraContainer port + targetPort: 9090 - ## To be used with a proxy extraContainer port - targetPort: 9090 + ## Port for Prometheus Reloader to listen on + ## + reloaderWebPort: 8080 - ## Port for Prometheus Reloader to listen on - ## - reloaderWebPort: 8080 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30090 - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30090 + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + loadBalancerIP: "" + loadBalancerSourceRanges: [] - ## Loadbalancer IP - ## Only use if service.type is "LoadBalancer" - loadBalancerIP: "" - loadBalancerSourceRanges: [] + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## Service type + ## + type: ClusterIP - ## Service type - ## - type: ClusterIP + ## Additional ports to open for Prometheus service + ## + additionalPorts: [] + # additionalPorts: + # - name: oauth-proxy + # port: 8081 + # targetPort: 8081 + # - name: oauth-metrics + # port: 8082 + # targetPort: 8082 + + ## Consider that all endpoints are considered "ready" even if the Pods themselves are not + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec + publishNotReadyAddresses: false + + ## If you want to make sure that connections from a particular client are passed to the same Pod each time + ## Accepts 'ClientIP' or 'None' + ## + sessionAffinity: None - ## Additional ports to open for Prometheus service - ## - additionalPorts: [] - # additionalPorts: - # - name: oauth-proxy - # port: 8081 - # targetPort: 8081 - # - name: oauth-metrics - # port: 8082 - # targetPort: 8082 - - ## Consider that all endpoints are considered "ready" even if the Pods themselves are not - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec - publishNotReadyAddresses: false - - ## If you want to make sure that connections from a particular client are passed to the same Pod each time - ## Accepts 'ClientIP' or 'None' - ## - sessionAffinity: None + ## If you want to modify the ClientIP sessionAffinity timeout + ## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP" + ## + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 - ## If you want to modify the ClientIP sessionAffinity timeout - ## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP" - ## - sessionAffinityConfig: - clientIP: - timeoutSeconds: 10800 + ## Configuration for creating a separate Service for each statefulset Prometheus replica + ## + servicePerReplica: + enabled: false + annotations: {} - ## Configuration for creating a separate Service for each statefulset Prometheus replica + ## Port for Prometheus Service per replica to listen on ## - servicePerReplica: - enabled: false - annotations: {} - - ## Port for Prometheus Service per replica to listen on - ## - port: 9090 + port: 9090 - ## To be used with a proxy extraContainer port - targetPort: 9090 + ## To be used with a proxy extraContainer port + targetPort: 9090 - ## Port to expose on each node - ## Only used if servicePerReplica.type is 'NodePort' - ## - nodePort: 30091 + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30091 - ## Loadbalancer source IP ranges - ## Only used if servicePerReplica.type is "LoadBalancer" - loadBalancerSourceRanges: [] + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster - ## Service type - ## - type: ClusterIP + ## Service type + ## + type: ClusterIP - ## Configure pod disruption budgets for Prometheus - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## Service dual stack ## - podDisruptionBudget: + ipDualStack: enabled: false - minAvailable: 1 - maxUnavailable: "" + ipFamilies: ["IPv6", "IPv4"] + ipFamilyPolicy: "PreferDualStack" - # Ingress exposes thanos sidecar outside the cluster - thanosIngress: - enabled: false + ## Configure pod disruption budgets for Prometheus + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + # Ingress exposes thanos sidecar outside the cluster + thanosIngress: + enabled: false - annotations: {} - labels: {} - servicePort: 10901 + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30901 + annotations: {} + labels: {} + servicePort: 10901 - ## Hosts must be provided if Ingress is enabled. - ## - hosts: [] + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30901 + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] # - thanos-gateway.domain.com - ## Paths to use for ingress rules - ## - paths: [] - # - / + ## Paths to use for ingress rules + ## + paths: [] + # - / - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific - ## TLS configuration for Thanos Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: thanos-gateway-tls - # hosts: - # - thanos-gateway.domain.com - # - - ## ExtraSecret can be used to store various data in an extra secret - ## (use it for example to store hashed basic auth credentials) - extraSecret: - ## if not set, name will be auto generated - # name: "" - annotations: {} - data: {} - # auth: | - # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 - # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. + ## TLS configuration for Thanos Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: thanos-gateway-tls + # hosts: + # - thanos-gateway.domain.com + # - ingress: - enabled: false + ## ExtraSecret can be used to store various data in an extra secret + ## (use it for example to store hashed basic auth credentials) + extraSecret: + ## if not set, name will be auto generated + # name: "" + annotations: {} + data: {} + # auth: | + # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 + # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. + + ingress: + enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx - annotations: {} - labels: {} + annotations: {} + labels: {} - ## Redirect ingress to an additional defined port on the service - # servicePort: 8081 + ## Redirect ingress to an additional defined port on the service + # servicePort: 8081 - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - prometheus.domain.com - hosts: [] + ## Hostnames. + ## Must be provided if Ingress is enabled. + ## + # hosts: + # - prometheus.domain.com + hosts: [] - ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix - ## - paths: [] - # - / + ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix + ## + paths: [] + # - / - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific - ## TLS configuration for Prometheus Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-general-tls - # hosts: + ## TLS configuration for Prometheus Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-general-tls + # hosts: # - prometheus.example.com - ## Configuration for creating an Ingress that will map to each Prometheus replica service - ## prometheus.servicePerReplica must be enabled - ## - ingressPerReplica: - enabled: false + ## Configuration for creating an Ingress that will map to each Prometheus replica service + ## prometheus.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx - annotations: {} - labels: {} + annotations: {} + labels: {} - ## Final form of the hostname for each per replica ingress is - ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} - ## - ## Prefix for the per replica ingress that will have `-$replicaNumber` - ## appended to the end - hostPrefix: "" - ## Domain that will be used for the per replica ingress - hostDomain: "" + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" - ## Paths to use for ingress rules - ## - paths: [] - # - / + ## Paths to use for ingress rules + ## + paths: [] + # - / - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific - ## Secret name containing the TLS certificate for Prometheus per replica ingress - ## Secret must be manually created in the namespace - tlsSecretName: "" + ## Secret name containing the TLS certificate for Prometheus per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" - ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} ## - tlsSecretPerReplica: - enabled: false - ## Final form of the secret for each per replica ingress is - ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} - ## - prefix: "prometheus" - - ## Configure additional options for default pod security policy for Prometheus - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - podSecurityPolicy: - allowedCapabilities: [] - allowedHostPaths: [] - volumes: [] + prefix: "prometheus" - serviceMonitor: - ## If true, create a serviceMonitor for prometheus - ## - selfMonitor: true + ## Configure additional options for default pod security policy for Prometheus + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + allowedCapabilities: [] + allowedHostPaths: [] + volumes: [] - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" + serviceMonitor: + ## If true, create a serviceMonitor for prometheus + ## + selfMonitor: true - ## Additional labels - ## - additionalLabels: {} + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" - ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - ## - sampleLimit: 0 + ## Additional labels + ## + additionalLabels: {} - ## TargetLimit defines a limit on the number of scraped targets that will be accepted. - ## - targetLimit: 0 + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 - ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelLimit: 0 + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 - ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelNameLengthLimit: 0 + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 - ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. - ## - labelValueLengthLimit: 0 + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" - bearerTokenFile: + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} - ## Metric relabel configs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] + bearerTokenFile: - # relabel configs to apply to samples before ingestion. - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace + ## Metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] - ## Additional Endpoints - ## - additionalEndpoints: [] - # - port: oauth-metrics - # path: /metrics + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace - ## Settings affecting prometheusSpec - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheusspec + ## Additional Endpoints ## - prometheusSpec: - ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos - ## - disableCompaction: false - ## APIServerConfig - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig - ## - apiserverConfig: {} + additionalEndpoints: [] + # - port: oauth-metrics + # path: /metrics - ## Allows setting additional arguments for the Prometheus container - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Prometheus - additionalArgs: [] + ## Settings affecting prometheusSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheusspec + ## + prometheusSpec: + ## Statefulset's persistent volume claim retention policy + ## pvcDeleteOnStsDelete and pvcDeleteOnStsScale determine whether + ## statefulset's PVCs are deleted (true) or retained (false) on scaling down + ## and deleting statefulset, respectively. Requires 1.27.0+. + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + persistentVolumeClaimRetentionPolicy: {} + # whenDeleted: Retain + # whenScaled: Retain + + ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos + ## + ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod, + ## If the field isn’t set, the operator mounts the service account token by default. + ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery, + ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. + automountServiceAccountToken: true - ## Interval between consecutive scrapes. - ## Defaults to 30s. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 - ## - scrapeInterval: "" + disableCompaction: false + ## APIServerConfig + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig + ## + apiserverConfig: {} - ## Number of seconds to wait for target to respond before erroring - ## - scrapeTimeout: "" + ## Allows setting additional arguments for the Prometheus container + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Prometheus + additionalArgs: [] - ## Interval between consecutive evaluations. - ## - evaluationInterval: "" + ## Interval between consecutive scrapes. + ## Defaults to 30s. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 + ## + scrapeInterval: "" - ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. - ## - listenLocal: false + ## Number of seconds to wait for target to respond before erroring + ## + scrapeTimeout: "" - ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. - ## This is disabled by default. - ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis - ## - enableAdminAPI: false - - ## Sets version of Prometheus overriding the Prometheus version as derived - ## from the image tag. Useful in cases where the tag does not follow semver v2. - version: "" - - ## WebTLSConfig defines the TLS parameters for HTTPS - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig - web: {} - - ## Exemplars related settings that are runtime reloadable. - ## It requires to enable the exemplar storage feature to be effective. - exemplars: "" - ## Maximum number of exemplars stored in memory for all series. - ## If not set, Prometheus uses its default value. - ## A value of zero or less than zero disables the storage. - # maxSize: 100000 + ## List of scrape classes to expose to scraping objects such as + ## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs. + ## + scrapeClasses: [] + # - name: istio-mtls + # default: false + # tlsConfig: + # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem + # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem + + ## Interval between consecutive evaluations. + ## + evaluationInterval: "" - # EnableFeatures API enables access to Prometheus disabled features. - # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ - enableFeatures: [] - # - exemplar-storage + ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + ## + listenLocal: false - ## Image of Prometheus. - ## - image: - registry: quay.io - repository: prometheus/prometheus - tag: v2.51.2 - sha: "" + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. + ## This is disabled by default. + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + + ## Sets version of Prometheus overriding the Prometheus version as derived + ## from the image tag. Useful in cases where the tag does not follow semver v2. + version: "" + + ## WebTLSConfig defines the TLS parameters for HTTPS + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig + web: {} + + ## Exemplars related settings that are runtime reloadable. + ## It requires to enable the exemplar storage feature to be effective. + exemplars: "" + ## Maximum number of exemplars stored in memory for all series. + ## If not set, Prometheus uses its default value. + ## A value of zero or less than zero disables the storage. + # maxSize: 100000 - ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" + # EnableFeatures API enables access to Prometheus disabled features. + # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + enableFeatures: [] + # - exemplar-storage - ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - # labelSelector: - # matchLabels: - # app: prometheus - - ## Alertmanagers to which alerts will be sent - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerendpoints - ## - ## Default configuration will connect to the alertmanager deployed as part of this release - ## - alertingEndpoints: [] - # - name: "" - # namespace: "" - # port: http - # scheme: http - # pathPrefix: "" - # tlsConfig: {} - # bearerTokenFile: "" - # apiVersion: v2 + ## Image of Prometheus. + ## + image: + registry: quay.io + repository: prometheus/prometheus + tag: v2.54.1 + sha: "" - ## External labels to add to any time series or alerts when communicating with external systems - ## - externalLabels: {} + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" - ## enable --web.enable-remote-write-receiver flag on prometheus-server - ## - enableRemoteWriteReceiver: false + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: prometheus + + ## Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerendpoints + ## + ## Default configuration will connect to the alertmanager deployed as part of this release + ## + alertingEndpoints: [] + # - name: "" + # namespace: "" + # port: http + # scheme: http + # pathPrefix: "" + # tlsConfig: {} + # bearerTokenFile: "" + # apiVersion: v2 + + ## External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} - ## Name of the external label used to denote replica name - ## - replicaExternalLabelName: "" + ## enable --web.enable-remote-write-receiver flag on prometheus-server + ## + enableRemoteWriteReceiver: false - ## If true, the Operator won't add the external label used to denote replica name - ## - replicaExternalLabelNameClear: false + ## Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" - ## Name of the external label used to denote Prometheus instance name - ## - prometheusExternalLabelName: "" + ## If true, the Operator won't add the external label used to denote replica name + ## + replicaExternalLabelNameClear: false - ## If true, the Operator won't add the external label used to denote Prometheus instance name - ## - prometheusExternalLabelNameClear: false + ## Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" - ## External URL at which Prometheus will be reachable. - ## - externalUrl: "" + ## If true, the Operator won't add the external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} + ## External URL at which Prometheus will be reachable. + ## + externalUrl: "" - ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. - ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not - ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated - ## with the new list of secrets. - ## - secrets: [] + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} - ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. - ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. - ## - configMaps: [] + ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not + ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated + ## with the new list of secrets. + ## + secrets: [] - ## QuerySpec defines the query command line flags when starting Prometheus. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#queryspec - ## - query: {} - - ## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery. - ruleNamespaceSelector: {} - ## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel" - # ruleNamespaceSelector: - # matchLabels: - # prometheus: somelabel - - ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the PrometheusRule resources created - ## - ruleSelectorNilUsesHelmValues: true + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. + ## + configMaps: [] - ## PrometheusRules to be selected for target discovery. - ## If {}, select all PrometheusRules - ## - ruleSelector: {} - ## Example which select all PrometheusRules resources - ## with label "prometheus" with values any of "example-rules" or "example-rules-2" - # ruleSelector: - # matchExpressions: - # - key: prometheus - # operator: In - # values: - # - example-rules - # - example-rules-2 - # - ## Example which select all PrometheusRules resources with label "role" set to "example-rules" - # ruleSelector: - # matchLabels: - # role: example-rules - - ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the servicemonitors created - ## - serviceMonitorSelectorNilUsesHelmValues: true + ## QuerySpec defines the query command line flags when starting Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#queryspec + ## + query: {} + + ## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery. + ruleNamespaceSelector: {} + ## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel" + # ruleNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the PrometheusRule resources created + ## + ruleSelectorNilUsesHelmValues: true - ## ServiceMonitors to be selected for target discovery. - ## If {}, select all ServiceMonitors - ## - serviceMonitorSelector: {} - ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" - # serviceMonitorSelector: - # matchLabels: - # prometheus: somelabel + ## PrometheusRules to be selected for target discovery. + ## If {}, select all PrometheusRules + ## + ruleSelector: {} + ## Example which select all PrometheusRules resources + ## with label "prometheus" with values any of "example-rules" or "example-rules-2" + # ruleSelector: + # matchExpressions: + # - key: prometheus + # operator: In + # values: + # - example-rules + # - example-rules-2 + # + ## Example which select all PrometheusRules resources with label "role" set to "example-rules" + # ruleSelector: + # matchLabels: + # role: example-rules + + ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the servicemonitors created + ## + serviceMonitorSelectorNilUsesHelmValues: true - ## Namespaces to be selected for ServiceMonitor discovery. - ## - serviceMonitorNamespaceSelector: {} - ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" - # serviceMonitorNamespaceSelector: - # matchLabels: - # prometheus: somelabel - - ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the podmonitors created - ## - podMonitorSelectorNilUsesHelmValues: true + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: + # matchLabels: + # prometheus: somelabel - ## PodMonitors to be selected for target discovery. - ## If {}, select all PodMonitors - ## - podMonitorSelector: {} - ## Example which selects PodMonitors with label "prometheus" set to "somelabel" - # podMonitorSelector: - # matchLabels: - # prometheus: somelabel - - ## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery. - podMonitorNamespaceSelector: {} - ## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel" - # podMonitorNamespaceSelector: - # matchLabels: - # prometheus: somelabel - - ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the probes created - ## - probeSelectorNilUsesHelmValues: true + ## Namespaces to be selected for ServiceMonitor discovery. + ## + serviceMonitorNamespaceSelector: {} + ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" + # serviceMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the podmonitors created + ## + podMonitorSelectorNilUsesHelmValues: true - ## Probes to be selected for target discovery. - ## If {}, select all Probes - ## - probeSelector: {} - ## Example which selects Probes with label "prometheus" set to "somelabel" - # probeSelector: - # matchLabels: - # prometheus: somelabel - - ## If nil, select own namespace. Namespaces to be selected for Probe discovery. - probeNamespaceSelector: {} - ## Example which selects Probe in namespaces with label "prometheus" set to "somelabel" - # probeNamespaceSelector: - # matchLabels: - # prometheus: somelabel - - ## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the scrapeConfigs created - ## - scrapeConfigSelectorNilUsesHelmValues: true + ## PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## Example which selects PodMonitors with label "prometheus" set to "somelabel" + # podMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery. + podMonitorNamespaceSelector: {} + ## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel" + # podMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the probes created + ## + probeSelectorNilUsesHelmValues: true - ## scrapeConfigs to be selected for target discovery. - ## If {}, select all scrapeConfigs - ## - scrapeConfigSelector: {} - ## Example which selects scrapeConfigs with label "prometheus" set to "somelabel" - # scrapeConfigSelector: - # matchLabels: - # prometheus: somelabel - - ## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery. - scrapeConfigNamespaceSelector: {} - ## Example which selects scrapeConfig in namespaces with label "prometheus" set to "somelabel" - # scrapeConfigNamespaceSelector: - # matchLabels: - # prometheus: somelabel - - ## How long to retain metrics - ## - retention: 10d + ## Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## Example which selects Probes with label "prometheus" set to "somelabel" + # probeSelector: + # matchLabels: + # prometheus: somelabel + + ## If nil, select own namespace. Namespaces to be selected for Probe discovery. + probeNamespaceSelector: {} + ## Example which selects Probe in namespaces with label "prometheus" set to "somelabel" + # probeNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the scrapeConfigs created + ## + scrapeConfigSelectorNilUsesHelmValues: true - ## Maximum size of metrics - ## - retentionSize: "" + ## scrapeConfigs to be selected for target discovery. + ## If {}, select all scrapeConfigs + ## + scrapeConfigSelector: {} + ## Example which selects scrapeConfigs with label "prometheus" set to "somelabel" + # scrapeConfigSelector: + # matchLabels: + # prometheus: somelabel + + ## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery. + scrapeConfigNamespaceSelector: {} + ## Example which selects scrapeConfig in namespaces with label "prometheus" set to "somelabel" + # scrapeConfigNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## How long to retain metrics + ## + retention: 10d - ## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration - ## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb - tsdb: - outOfOrderTimeWindow: 0s + ## Maximum size of metrics + ## + retentionSize: "" - ## Enable compression of the write-ahead log using Snappy. - ## - walCompression: true + ## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration + ## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb + tsdb: + outOfOrderTimeWindow: 0s - ## If true, the Operator won't process any Prometheus configuration changes - ## - paused: false + ## Enable compression of the write-ahead log using Snappy. + ## + walCompression: true - ## Number of replicas of each shard to deploy for a Prometheus deployment. - ## Number of replicas multiplied by shards is the total number of Pods created. - ## - replicas: 1 + ## If true, the Operator won't process any Prometheus configuration changes + ## + paused: false - ## EXPERIMENTAL: Number of shards to distribute targets onto. - ## Number of replicas multiplied by shards is the total number of Pods created. - ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. - ## Increasing shards will not reshard data either but it will continue to be available from the same instances. - ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. - ## Sharding is done on the content of the `__address__` target meta-label. - ## - shards: 1 + ## Number of replicas of each shard to deploy for a Prometheus deployment. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## + replicas: 1 + + ## EXPERIMENTAL: Number of shards to distribute targets onto. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. + ## Increasing shards will not reshard data either but it will continue to be available from the same instances. + ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. + ## Sharding is done on the content of the `__address__` target meta-label. + ## + shards: 1 - ## Log level for Prometheus be configured in - ## - logLevel: info + ## Log level for Prometheus be configured in + ## + logLevel: info - ## Log format for Prometheus be configured in - ## - logFormat: logfmt + ## Log format for Prometheus be configured in + ## + logFormat: logfmt - ## Prefix used to register routes, overriding externalUrl route. - ## Useful for proxies that rewrite URLs. - ## - routePrefix: / + ## Prefix used to register routes, overriding externalUrl route. + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / - ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata - ## Metadata Labels and Annotations gets propagated to the prometheus pods. - ## - podMetadata: {} - # labels: - # app: prometheus - # k8s-app: prometheus - - ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. - ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. - ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. - ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. - podAntiAffinity: "" - - ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. - ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone - ## - podAntiAffinityTopologyKey: kubernetes.io/hostname + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the prometheus pods. + ## + podMetadata: {} + # labels: + # app: prometheus + # k8s-app: prometheus + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname - ## Assign custom affinity rules to the prometheus instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 - # - e2e-az2 + ## Assign custom affinity rules to the prometheus instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 - ## The remote_read spec configuration for Prometheus. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotereadspec - remoteRead: [] - # - url: http://remote1/read - ## additionalRemoteRead is appended to remoteRead - additionalRemoteRead: [] + ## The remote_read spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotereadspec + remoteRead: [] + # - url: http://remote1/read + ## additionalRemoteRead is appended to remoteRead + additionalRemoteRead: [] - ## The remote_write spec configuration for Prometheus. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotewritespec - remoteWrite: [] - # - url: http://remote1/push - ## additionalRemoteWrite is appended to remoteWrite - additionalRemoteWrite: [] + ## The remote_write spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotewritespec + remoteWrite: [] + # - url: http://remote1/push + ## additionalRemoteWrite is appended to remoteWrite + additionalRemoteWrite: [] - ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature - remoteWriteDashboards: false + ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature + remoteWriteDashboards: false - ## Resource limits & requests - ## - resources: {} - # requests: - # memory: 400Mi + ## Resource limits & requests + ## + resources: {} + # requests: + # memory: 400Mi - ## Prometheus StorageSpec for persistent data - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md - ## - storageSpec: {} - ## Using PersistentVolumeClaim - ## - # volumeClaimTemplate: - # spec: - # storageClassName: gluster - # accessModes: ["ReadWriteOnce"] - # resources: - # requests: - # storage: 50Gi - # selector: {} - - ## Using tmpfs volume - ## - # emptyDir: - # medium: Memory - - # Additional volumes on the output StatefulSet definition. - volumes: [] - - # Additional VolumeMounts on the output StatefulSet definition. - volumeMounts: [] - - ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations - ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form - ## as specified in the official Prometheus documentation: - ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are - ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility - ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible - ## scrape configs are going to break Prometheus after the upgrade. - ## AdditionalScrapeConfigs can be defined as a list or as a templated string. - ## - ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the - ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes - ## - additionalScrapeConfigs: [] - # - job_name: kube-etcd - # kubernetes_sd_configs: - # - role: node - # scheme: https - # tls_config: - # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca - # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client - # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key - # relabel_configs: - # - action: labelmap - # regex: __meta_kubernetes_node_label_(.+) - # - source_labels: [__address__] - # action: replace - # targetLabel: __address__ - # regex: ([^:;]+):(\d+) - # replacement: ${1}:2379 - # - source_labels: [__meta_kubernetes_node_name] - # action: keep - # regex: .*mst.* - # - source_labels: [__meta_kubernetes_node_name] - # action: replace - # targetLabel: node - # regex: (.*) - # replacement: ${1} - # metric_relabel_configs: - # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) - # action: labeldrop - # - ## If scrape config contains a repetitive section, you may want to use a template. - ## In the following example, you can see how to define `gce_sd_configs` for multiple zones - # additionalScrapeConfigs: | - # - job_name: "node-exporter" - # gce_sd_configs: - # {{range $zone := .Values.gcp_zones}} - # - project: "project1" - # zone: "{{$zone}}" - # port: 9100 - # {{end}} - # relabel_configs: - # ... - - - ## If additional scrape configurations are already deployed in a single secret file you can use this section. - ## Expected values are the secret name and key - ## Cannot be used with additionalScrapeConfigs - additionalScrapeConfigsSecret: {} - # enabled: false - # name: + ## Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Using PersistentVolumeClaim + ## + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + ## Using tmpfs volume + ## + # emptyDir: + # medium: Memory + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations + ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form + ## as specified in the official Prometheus documentation: + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are + ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility + ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible + ## scrape configs are going to break Prometheus after the upgrade. + ## AdditionalScrapeConfigs can be defined as a list or as a templated string. + ## + ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the + ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes + ## + additionalScrapeConfigs: [] + # - job_name: kube-etcd + # kubernetes_sd_configs: + # - role: node + # scheme: https + # tls_config: + # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client + # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + # relabel_configs: + # - action: labelmap + # regex: __meta_kubernetes_node_label_(.+) + # - source_labels: [__address__] + # action: replace + # targetLabel: __address__ + # regex: ([^:;]+):(\d+) + # replacement: ${1}:2379 + # - source_labels: [__meta_kubernetes_node_name] + # action: keep + # regex: .*mst.* + # - source_labels: [__meta_kubernetes_node_name] + # action: replace + # targetLabel: node + # regex: (.*) + # replacement: ${1} + # metric_relabel_configs: + # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) + # action: labeldrop + # + ## If scrape config contains a repetitive section, you may want to use a template. + ## In the following example, you can see how to define `gce_sd_configs` for multiple zones + # additionalScrapeConfigs: | + # - job_name: "node-exporter" + # gce_sd_configs: + # {{range $zone := .Values.gcp_zones}} + # - project: "project1" + # zone: "{{$zone}}" + # port: 9100 + # {{end}} + # relabel_configs: + # ... + + + ## If additional scrape configurations are already deployed in a single secret file you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalScrapeConfigs + additionalScrapeConfigsSecret: {} + # enabled: false + # name: # key: - ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful - ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' - additionalPrometheusSecretsAnnotations: {} + ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful + ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' + additionalPrometheusSecretsAnnotations: {} - ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified - ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. - ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. - ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this - ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release - ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. - ## - additionalAlertManagerConfigs: [] - # - consul_sd_configs: - # - server: consul.dev.test:8500 - # scheme: http - # datacenter: dev - # tag_separator: ',' - # services: - # - metrics-prometheus-alertmanager - - ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage - ## them separately from the helm deployment, you can use this section. - ## Expected values are the secret name and key - ## Cannot be used with additionalAlertManagerConfigs - additionalAlertManagerConfigsSecret: {} - # name: - # key: + ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified + ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. + ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. + ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this + ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release + ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. + ## + additionalAlertManagerConfigs: [] + # - consul_sd_configs: + # - server: consul.dev.test:8500 + # scheme: http + # datacenter: dev + # tag_separator: ',' + # services: + # - metrics-prometheus-alertmanager + + ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage + ## them separately from the helm deployment, you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalAlertManagerConfigs + additionalAlertManagerConfigsSecret: {} + # name: + # key: # optional: false - ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended - ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the - ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. - ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the - ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel - ## configs are going to break Prometheus after the upgrade. - ## - additionalAlertRelabelConfigs: [] - # - separator: ; - # regex: prometheus_replica - # replacement: $1 - # action: labeldrop - - ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage - ## them separately from the helm deployment, you can use this section. - ## Expected values are the secret name and key - ## Cannot be used with additionalAlertRelabelConfigs - additionalAlertRelabelConfigsSecret: {} - # name: + ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended + ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the + ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the + ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel + ## configs are going to break Prometheus after the upgrade. + ## + additionalAlertRelabelConfigs: [] + # - separator: ; + # regex: prometheus_replica + # replacement: $1 + # action: labeldrop + + ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage + ## them separately from the helm deployment, you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalAlertRelabelConfigs + additionalAlertRelabelConfigsSecret: {} + # name: # key: - ## SecurityContext holds pod-level security attributes and common container settings. - ## This defaults to non root user with uid 1000 and gid 2000. - ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md - ## - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 2000 - seccompProfile: - type: RuntimeDefault + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. + ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault - ## Priority class assigned to the Pods - ## - priorityClassName: "" + ## Priority class assigned to the Pods + ## + priorityClassName: "" - ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. - ## This section is experimental, it may change significantly without deprecation notice in any release. - ## This is experimental and may change significantly without backward compatibility in any release. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosspec - ## - thanos: {} - # secretProviderClass: - # provider: gcp - # parameters: - # secrets: | - # - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest" - # fileName: "objstore.yaml" - ## ObjectStorageConfig configures object storage in Thanos. - # objectStorageConfig: - # # use existing secret, if configured, objectStorageConfig.secret will not be used - # existingSecret: {} - # # name: "" - # # key: "" - # # will render objectStorageConfig secret data and configure it to be used by Thanos custom resource, - # # ignored when prometheusspec.thanos.objectStorageConfig.existingSecret is set - # # https://thanos.io/tip/thanos/storage.md/#s3 - # secret: {} - # # type: S3 - # # config: - # # bucket: "" - # # endpoint: "" - # # region: "" - # # access_key: "" + ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. + ## This section is experimental, it may change significantly without deprecation notice in any release. + ## This is experimental and may change significantly without backward compatibility in any release. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosspec + ## + thanos: {} + # secretProviderClass: + # provider: gcp + # parameters: + # secrets: | + # - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest" + # fileName: "objstore.yaml" + ## ObjectStorageConfig configures object storage in Thanos. + # objectStorageConfig: + # # use existing secret, if configured, objectStorageConfig.secret will not be used + # existingSecret: {} + # # name: "" + # # key: "" + # # will render objectStorageConfig secret data and configure it to be used by Thanos custom resource, + # # ignored when prometheusspec.thanos.objectStorageConfig.existingSecret is set + # # https://thanos.io/tip/thanos/storage.md/#s3 + # secret: {} + # # type: S3 + # # config: + # # bucket: "" + # # endpoint: "" + # # region: "" + # # access_key: "" # # secret_key: "" - ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. - ## if using proxy extraContainer update targetPort with proxy container port - containers: [] - # containers: - # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 - # args: - # - --upstream=http://127.0.0.1:9090 - # - --http-address=0.0.0.0:8081 - # - --metrics-address=0.0.0.0:8082 - # - ... - # ports: - # - containerPort: 8081 - # name: oauth-proxy - # protocol: TCP - # - containerPort: 8082 - # name: oauth-metrics - # protocol: TCP - # resources: {} - - ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes - ## (permissions, dir tree) on mounted volumes before starting prometheus - initContainers: [] - - ## PortName to use for Prometheus. - ## - portName: "http-web" - - ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files - ## on the file system of the Prometheus container e.g. bearer token files. - arbitraryFSAccessThroughSMs: false - - ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor - ## or PodMonitor to true, this overrides honor_labels to false. - overrideHonorLabels: false - - ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. - overrideHonorTimestamps: false - - ## When ignoreNamespaceSelectors is set to true, namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored, - ## they will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object, - ## and servicemonitors will be installed in the default service namespace. - ## Defaults to false. - ignoreNamespaceSelectors: false - - ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. - ## The label value will always be the namespace of the object that is being created. - ## Disabled by default - enforcedNamespaceLabel: "" - - ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. - ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair - ## Deprecated, use `excludedFromEnforcement` instead - prometheusRulesExcludedFromEnforce: [] - - ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects - ## to be excluded from enforcing a namespace label of origin. - ## Works only if enforcedNamespaceLabel set to true. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#objectreference - excludedFromEnforcement: [] - - ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, - ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such - ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions - ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) - queryLogFile: false - - # Use to set global sample_limit for Prometheus. This act as default SampleLimit for ServiceMonitor or/and PodMonitor. - # Set to 'false' to disable global sample_limit. or set to a number to override the default value. - sampleLimit: false - - # EnforcedKeepDroppedTargetsLimit defines on the number of targets dropped by relabeling that will be kept in memory. - # The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets - # is greater than zero and less than spec.enforcedKeepDroppedTargets. 0 means no limit. - enforcedKeepDroppedTargets: 0 - - ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit - ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall - ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. - enforcedSampleLimit: false - - ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set - ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall - ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except - ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. - enforcedTargetLimit: false - - - ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present - ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions - ## 2.27.0 and newer. - enforcedLabelLimit: false - - ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number - ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions - ## 2.27.0 and newer. - enforcedLabelNameLengthLimit: false - - ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this - ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus - ## versions 2.27.0 and newer. - enforcedLabelValueLengthLimit: false - - ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental - ## in Prometheus so it may change in any upcoming release. - allowOverlappingBlocks: false - - ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to - ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). - minReadySeconds: 0 + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. + ## if using proxy extraContainer update targetPort with proxy container port + containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 + # args: + # - --upstream=http://127.0.0.1:9090 + # - --http-address=0.0.0.0:8081 + # - --metrics-address=0.0.0.0:8082 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # - containerPort: 8082 + # name: oauth-metrics + # protocol: TCP + # resources: {} + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## PortName to use for Prometheus. + ## + portName: "http-web" + + ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files + ## on the file system of the Prometheus container e.g. bearer token files. + arbitraryFSAccessThroughSMs: false + + ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor + ## or PodMonitor to true, this overrides honor_labels to false. + overrideHonorLabels: false + + ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + overrideHonorTimestamps: false + + ## When ignoreNamespaceSelectors is set to true, namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored, + ## they will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object, + ## and servicemonitors will be installed in the default service namespace. + ## Defaults to false. + ignoreNamespaceSelectors: false + + ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. + ## The label value will always be the namespace of the object that is being created. + ## Disabled by default + enforcedNamespaceLabel: "" + + ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. + ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + ## Deprecated, use `excludedFromEnforcement` instead + prometheusRulesExcludedFromEnforce: [] + + ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects + ## to be excluded from enforcing a namespace label of origin. + ## Works only if enforcedNamespaceLabel set to true. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#objectreference + excludedFromEnforcement: [] + + ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, + ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such + ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions + ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + queryLogFile: false + + # Use to set global sample_limit for Prometheus. This act as default SampleLimit for ServiceMonitor or/and PodMonitor. + # Set to 'false' to disable global sample_limit. or set to a number to override the default value. + sampleLimit: false + + # EnforcedKeepDroppedTargetsLimit defines on the number of targets dropped by relabeling that will be kept in memory. + # The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets + # is greater than zero and less than spec.enforcedKeepDroppedTargets. 0 means no limit. + enforcedKeepDroppedTargets: 0 + + ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit + ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall + ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + enforcedSampleLimit: false + + ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set + ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall + ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except + ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. + enforcedTargetLimit: false + + + ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present + ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions + ## 2.27.0 and newer. + enforcedLabelLimit: false + + ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number + ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions + ## 2.27.0 and newer. + enforcedLabelNameLengthLimit: false + + ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this + ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus + ## versions 2.27.0 and newer. + enforcedLabelValueLengthLimit: false + + ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental + ## in Prometheus so it may change in any upcoming release. + allowOverlappingBlocks: false + + ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to + ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). + minReadySeconds: 0 - # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), - # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working - # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. - # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. - hostNetwork: false + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. + # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. + hostNetwork: false - # HostAlias holds the mapping between IP and hostnames that will be injected - # as an entry in the pod’s hosts file. - hostAliases: [] - # - ip: 10.10.0.100 - # hostnames: - # - a1.app.local - # - b1.app.local - - ## TracingConfig configures tracing in Prometheus. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheustracingconfig - tracingConfig: {} - - ## Additional configuration which is not covered by the properties above. (passed through tpl) - additionalConfig: {} - - ## Additional configuration which is not covered by the properties above. - ## Useful, if you need advanced templating inside alertmanagerSpec. - ## Otherwise, use prometheus.prometheusSpec.additionalConfig (passed through tpl) - additionalConfigString: "" - - ## Defines the maximum time that the `prometheus` container's startup probe - ## will wait before being considered failed. The startup probe will return - ## success after the WAL replay is complete. If set, the value should be - ## greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 - ## minutes). - maximumStartupDurationSeconds: 0 - - additionalRulesForClusterRole: [] - # - apiGroups: [ "" ] - # resources: - # - nodes/proxy - # verbs: [ "get", "list", "watch" ] - - additionalServiceMonitors: [] - ## Name of the ServiceMonitor to create - ## - # - name: "" + # HostAlias holds the mapping between IP and hostnames that will be injected + # as an entry in the pod’s hosts file. + hostAliases: [] + # - ip: 10.10.0.100 + # hostnames: + # - a1.app.local + # - b1.app.local + + ## TracingConfig configures tracing in Prometheus. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheustracingconfig + tracingConfig: {} + + ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints. + ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. + serviceDiscoveryRole: "" + + ## Additional configuration which is not covered by the properties above. (passed through tpl) + additionalConfig: {} + + ## Additional configuration which is not covered by the properties above. + ## Useful, if you need advanced templating inside alertmanagerSpec. + ## Otherwise, use prometheus.prometheusSpec.additionalConfig (passed through tpl) + additionalConfigString: "" + + ## Defines the maximum time that the `prometheus` container's startup probe + ## will wait before being considered failed. The startup probe will return + ## success after the WAL replay is complete. If set, the value should be + ## greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15 + ## minutes). + maximumStartupDurationSeconds: 0 + + additionalRulesForClusterRole: [] + # - apiGroups: [ "" ] + # resources: + # - nodes/proxy + # verbs: [ "get", "list", "watch" ] + + additionalServiceMonitors: [] + ## Name of the ServiceMonitor to create + ## + # - name: "" - ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from - ## the chart - ## - # additionalLabels: {} + ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from + ## the chart + ## + # additionalLabels: {} - ## Service label for use in assembling a job name of the form