Skip to content

C
charts
Unverified Commit cde39abc by Denise Committed by GitHub
Options

Merge pull request #224 from guangbochen/prome2.3

Bump prometheus chart to v9.1.0
parents 4a42de3b c52c8d54
Showing with 3429 additions and 0 deletions
charts/prometheus/v9.1.0/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
OWNERS
charts/prometheus/v9.1.0/Chart.yaml 0 → 100755
apiVersion: v1
name: prometheus
version: 9.1.0
appVersion: 2.11.1
description: Prometheus is a monitoring system and time series database.
home: https://prometheus.io/
icon: files://../logo.png
sources:
- https://github.com/prometheus/alertmanager
- https://github.com/prometheus/prometheus
- https://github.com/prometheus/pushgateway
- https://github.com/prometheus/node_exporter
- https://github.com/kubernetes/kube-state-metrics
maintainers:
- name: mgoodness
email: mgoodness@gmail.com
- name: gianrubio
email: gianrubio@gmail.com
engine: gotpl
tillerVersion: ">=2.8.0"
charts/prometheus/v9.1.0/OWNERS 0 → 100644
approvers:
- mgoodness
- gianrubio
reviewers:
- mgoodness
- gianrubio
charts/prometheus/v9.1.0/app-readme.md 0 → 100644
# Prometheus
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
## Prometheus 2.x
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/)
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
## Upgrading from previous chart versions.
Version 9.0 adds a new option to enable or disable the Prometheus Server.
This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment.
To install the server `server.enabled` must be set to `true`.
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
charts/prometheus/v9.1.0/charts/grafana/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.vscode
.project
.idea/
*.tmproj
OWNERS
charts/prometheus/v9.1.0/charts/grafana/Chart.yaml 0 → 100644
apiVersion: v1
name: grafana
version: 3.8.6
appVersion: 6.3.4
kubeVersion: "^1.8.0-0"
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net
icon: files://../grafana-logo.png
sources:
- https://github.com/grafana/grafana
maintainers:
- name: zanhsieh
email: zanhsieh@gmail.com
- name: rtluckie
email: rluckie@cisco.com
- name: maorfr
email: maor.friedman@redhat.com
engine: gotpl
charts/prometheus/v9.1.0/charts/grafana/OWNERS 0 → 100644
approvers:
- zanhsieh
- rtluckie
- maorfr
reviewers:
- zanhsieh
- rtluckie
- maorfr
charts/prometheus/v9.1.0/charts/grafana/app-readme.md 0 → 100644
# Grafana Helm Chart
* Installs the web dashboarding system [Grafana](http://grafana.org/)
charts/prometheus/v9.1.0/charts/grafana/questions.yml 0 → 100644
labels:
io.cattle.role: cluster # options are cluster/project
questions:
- variable: defaultImage
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: image.repository
default: "ranchercharts/grafana-grafana"
description: "Grafana image name"
type: string
label: Grafana Image Name
- variable: image.tag
default: "6.3.4"
description: "Grafana image tag"
type: string
label: Grafana Image Tag
- variable: sidecar.image
default: "ranchercharts/kiwigrid-k8s-sidecar:0.1.20"
description: "Sidecar image name"
type: string
label: Sidecar Image Name
- variable: downloadDashboardsImage.repository
default: "ranchercharts/appropriate-curl"
description: "Grafana Download Dashboard image name"
type: string
label: Grafana Download Dashboard Image Name
- variable: downloadDashboardsImage.tag
default: "latest"
description: "Grafana Download Dashboard image tag"
type: string
label: Grafana Download Dashboard Image Tag
# grafana configurations
- variable: admin.existingSecret
default: ""
description: "The name of an existing secret containing the admin credentials."
type: secret
group: "Grafana Settings"
label: Select Existing Admin Secret
- variable: adminUser
default: "admin"
description: "Grafana admin username"
type: string
group: "Grafana Settings"
label: Grafana Admin Username
required: true
show_if: "admin.existingSecret="
- variable: adminPassword
default: ""
description: "Grafana admin password"
type: password
group: "Grafana Settings"
label: Grafana Admin Password
show_if: "admin.existingSecret="
- variable: rbac.namespaced
default: true
description: "Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance."
type: boolean
group: "Grafana Settings"
label: Set Grafana RBAC to Namespaced
show_if: "admin.existingSecret="
- variable: persistence.enabled
default: false
description: "Enable persistent volume for Grafana"
type: boolean
required: true
label: Grafana Persistent Volume Enabled
show_subquestion_if: true
group: "Grafana Settings"
subquestions:
- variable: persistence.size
default: "8Gi"
description: "Grafana Persistent Volume Size"
type: string
label: Grafana Volume Size
required: true
- variable: persistence.storageClass
default: ""
description: "If undefined or set to null, using the default storageClass. Defaults to null."
type: storageclass
label: Storage Class for Grafana
- variable: persistence.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for Grafana
- variable: ingress.enabled
default: true
description: "Expose grafana using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose Grafana using Layer 7 Load Balancer
show_subquestion_if: true
group: "Service and Load Balancing"
required: true
subquestions:
- variable: ingress.hosts[0]
default: "xip.io"
description: "Hostname to your grafana installation"
type: hostname
required: true
label: Hostname
- variable: service.type
default: "NodePort"
description: "Grafana service type"
type: enum
group: "Service and Load Balancing"
options:
- "ClusterIP"
- "NodePort"
required: true
label: Grafana Service Type
show_subquestion_if: "NodePort"
subquestions:
- variable: service.nodePort
default: ""
description: "NodePort http port(to set explicitly, choose port between 30000-32767)"
type: int
min: 30000
max: 32767
show_if: "ingress.enabled=false"
label: Grafana NodePort Number
charts/prometheus/v9.1.0/charts/grafana/templates/NOTES.txt 0 → 100644
1. Get your '{{ .Values.adminUser }}' user password by running:
kubectl get secret --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ template "grafana.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.ingress.enabled }}
From outside the cluster, the server URL(s) are:
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
{{ else }}
Get the Grafana URL to visit by running these commands in the same shell:
{{ if contains "NodePort" .Values.service.type -}}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{ else if contains "LoadBalancer" .Values.service.type -}}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "grafana.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
http://$SERVICE_IP:{{ .Values.service.port -}}
{{ else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000
{{- end }}
{{- end }}
3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
{{- if not .Values.persistence.enabled }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Grafana pod is terminated. #####
#################################################################################
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "grafana.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "grafana.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "grafana.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account
*/}}
{{- define "grafana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "grafana.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "grafana.serviceAccountNameTest" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
{{- else -}}
{{ default "default" .Values.serviceAccount.nameTest }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/clusterrole.yaml 0 → 100644
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "grafana.fullname" . }}-clusterrole
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }}
rules:
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }}
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end}}
{{- with .Values.rbac.extraClusterRoleRules }}
{{ toYaml . | indent 0 }}
{{- end}}
{{- else }}
rules: []
{{- end}}
{{- end}}
charts/prometheus/v9.1.0/charts/grafana/templates/clusterrolebinding.yaml 0 → 100644
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "grafana.fullname" . }}-clusterrolebinding
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "grafana.fullname" . }}-clusterrole
apiGroup: rbac.authorization.k8s.io
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/configmap-dashboard-provider.yaml 0 → 100644
{{- if .Values.sidecar.dashboards.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "grafana.fullname" . }}-config-dashboards
namespace: {{ .Release.Namespace }}
data:
provider.yaml: |-
apiVersion: 1
providers:
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
type: {{ .Values.sidecar.dashboards.provider.type }}
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
options:
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
{{- end}}
charts/prometheus/v9.1.0/charts/grafana/templates/configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{- if .Values.plugins }}
plugins: {{ join "," .Values.plugins }}
{{- end }}
grafana.ini: |
{{- range $key, $value := index .Values "grafana.ini" }}
[{{ $key }}]
{{- range $elem, $elemVal := $value }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- if .Values.datasources }}
{{ $root := . }}
{{- range $key, $value := .Values.datasources }}
{{ $key }}: |
{{ tpl (toYaml $value | indent 4) $root }}
{{- end -}}
{{- end -}}
{{- if .Values.notifiers }}
{{- range $key, $value := .Values.notifiers }}
{{ $key }}: |
{{ toYaml $value | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{ $key }}: |
{{ toYaml $value | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.dashboards }}
download_dashboards.sh: |
#!/usr/bin/env sh
set -euf
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{- range $value.providers }}
mkdir -p {{ .options.path }}
{{- end }}
{{- end }}
{{- end }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
curl -sk \
--connect-timeout 60 \
--max-time 60 \
{{- if not $value.b64content }}
-H "Accept: application/json" \
-H "Content-Type: application/json;charset=UTF-8" \
{{- end }}
{{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \
> /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json
{{- end -}}
{{- end }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/dashboards-json-configmap.yaml 0 → 100644
{{- if .Values.dashboards }}
{{ $files := .Files }}
{{- range $provider, $dashboards := .Values.dashboards }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }}
namespace: {{ $.Release.Namespace }}
labels:
app: {{ template "grafana.name" $ }}
chart: {{ template "grafana.chart" $ }}
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
dashboard-provider: {{ $provider }}
data:
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
{{ print $key | indent 2 }}.json:
{{- if hasKey $value "json" }}
|-
{{ $value.json | indent 6 }}
{{- end }}
{{- if hasKey $value "file" }}
{{ toYaml ( $files.Get $value.file ) | indent 4}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/ingress.yaml 0 → 100644
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "grafana.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels | indent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/podsecuritypolicy.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
{{- if .Values.rbac.pspUseAppArmor }}
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
# Default set from Docker, without DAC_OVERRIDE or CHOWN
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_RAW
- SYS_CHROOT
- MKNOD
- AUDIT_WRITE
- SETFCAP
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
readOnlyRootFilesystem: false
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/pvc.yaml 0 → 100644
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/role.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }}
rules:
{{- if .Values.rbac.pspEnabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "grafana.fullname" . }}]
{{- end }}
{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }}
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end }}
{{- with .Values.rbac.extraRoleRules }}
{{ toYaml . | indent 0 }}
{{- end}}
{{- else }}
rules: []
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/rolebinding.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "grafana.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
roleRef:
kind: Role
name: {{ template "grafana.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/secret.yaml 0 → 100644
{{- if not .Values.admin.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- if .Values.adminPassword }}
admin-password: {{ .Values.adminPassword | b64enc | quote }}
{{- else }}
admin-password: {{ randAlphaNum 40 | b64enc | quote }}
{{- end }}
{{- if not .Values.ldap.existingSecret }}
ldap-toml: {{ .Values.ldap.config | b64enc | quote }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels | indent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
type: ClusterIP
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
ports:
- name: service
port: {{ .Values.service.port }}
protocol: TCP
targetPort: {{ .Values.service.targetPort }}
{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
nodePort: {{.Values.service.nodePort}}
{{ end }}
selector:
app: {{ template "grafana.name" . }}
release: {{ .Release.Name }}
charts/prometheus/v9.1.0/charts/grafana/templates/serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
data:
run.sh: |-
@test "Test Health" {
url="http://{{ template "grafana.fullname" . }}/api/health"
code=$(curl -s -o /dev/null -I -w "%{http_code}" $url)
[ "$code" == "200" ]
}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-podsecuritypolicy.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
allowPrivilegeEscalation: true
privileged: false
hostNetwork: false
hostIPC: false
hostPID: false
fsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- projected
- secret
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-role.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "grafana.fullname" . }}-test]
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-rolebinding.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "grafana.fullname" . }}-test
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountNameTest" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "grafana.serviceAccountNameTest" . }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test.yaml 0 → 100644
apiVersion: v1
kind: Pod
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }}
{{- if .Values.testFramework.securityContext }}
securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }}
{{- end }}
initContainers:
- name: test-framework
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end}}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 4 }}
{{- end }}
containers:
- name: {{ .Release.Name }}-test
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: {{ template "grafana.fullname" . }}-test
- name: tools
emptyDir: {}
restartPolicy: Never
charts/prometheus/v9.1.0/requirements.yaml 0 → 100644
dependencies:
- name: grafana
version: 0.0.30
condition: grafana.enabled
repository: "files://./charts/grafana"
charts/prometheus/v9.1.0/templates/NOTES.txt 0 → 100644
{{- if .Values.server.enabled -}}
The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.server.ingress.enabled -}}
From outside the cluster, the server URL(s) are:
{{- range .Values.server.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the Prometheus server URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.server.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.server.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }}
{{- else if contains "ClusterIP" .Values.server.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090
{{- end }}
{{- end }}
{{- if .Values.server.persistentVolume.enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Server pod is terminated. #####
#################################################################################
{{- end }}
{{- end }}
{{ if .Values.alertmanager.enabled }}
The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.alertmanager.ingress.enabled -}}
From outside the cluster, the alertmanager URL(s) are:
{{- range .Values.alertmanager.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the Alertmanager URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.alertmanager.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }}
{{- else if contains "ClusterIP" .Values.alertmanager.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093
{{- end }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the AlertManager pod is terminated. #####
#################################################################################
{{- end }}
{{- end }}
{{- if .Values.nodeExporter.podSecurityPolicy.enabled }}
{{- else }}
#################################################################################
###### WARNING: Pod Security Policy has been moved to a global property. #####
###### use .Values.podSecurityPolicy.enabled with pod-based #####
###### annotations #####
###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
#################################################################################
{{- end }}
{{ if .Values.pushgateway.enabled }}
The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.pushgateway.ingress.enabled -}}
From outside the cluster, the pushgateway URL(s) are:
{{- range .Values.pushgateway.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the PushGateway URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.pushgateway.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }}
{{- else if contains "ClusterIP" .Values.pushgateway.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091
{{- end }}
{{- end }}
{{- end }}
For more information on running Prometheus, visit:
https://prometheus.io/
charts/prometheus/v9.1.0/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "prometheus.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create unified labels for prometheus components
*/}}
{{- define "prometheus.common.matchLabels" -}}
app: {{ template "prometheus.name" . }}
release: {{ .Release.Name }}
{{- end -}}
{{- define "prometheus.common.metaLabels" -}}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
{{- end -}}
{{- define "prometheus.alertmanager.labels" -}}
{{ include "prometheus.alertmanager.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.alertmanager.matchLabels" -}}
component: {{ .Values.alertmanager.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.kubeStateMetrics.labels" -}}
{{ include "prometheus.kubeStateMetrics.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.kubeStateMetrics.matchLabels" -}}
component: {{ .Values.kubeStateMetrics.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.nodeExporter.labels" -}}
{{ include "prometheus.nodeExporter.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.nodeExporter.matchLabels" -}}
component: {{ .Values.nodeExporter.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.pushgateway.labels" -}}
{{ include "prometheus.pushgateway.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.pushgateway.matchLabels" -}}
component: {{ .Values.pushgateway.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.server.labels" -}}
{{ include "prometheus.server.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.server.matchLabels" -}}
component: {{ .Values.server.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified alertmanager name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.alertmanager.fullname" -}}
{{- if .Values.alertmanager.fullnameOverride -}}
{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified kube-state-metrics name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.kubeStateMetrics.fullname" -}}
{{- if .Values.kubeStateMetrics.fullnameOverride -}}
{{- .Values.kubeStateMetrics.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified node-exporter name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.nodeExporter.fullname" -}}
{{- if .Values.nodeExporter.fullnameOverride -}}
{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified Prometheus server name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.server.fullname" -}}
{{- if .Values.server.fullnameOverride -}}
{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified pushgateway name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.pushgateway.fullname" -}}
{{- if .Values.pushgateway.fullnameOverride -}}
{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "prometheus.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the alertmanager component
*/}}
{{- define "prometheus.serviceAccountName.alertmanager" -}}
{{- if .Values.serviceAccounts.alertmanager.create -}}
{{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.alertmanager.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the kubeStateMetrics component
*/}}
{{- define "prometheus.serviceAccountName.kubeStateMetrics" -}}
{{- if .Values.serviceAccounts.kubeStateMetrics.create -}}
{{ default (include "prometheus.kubeStateMetrics.fullname" .) .Values.serviceAccounts.kubeStateMetrics.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.kubeStateMetrics.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the nodeExporter component
*/}}
{{- define "prometheus.serviceAccountName.nodeExporter" -}}
{{- if .Values.serviceAccounts.nodeExporter.create -}}
{{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.nodeExporter.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the pushgateway component
*/}}
{{- define "prometheus.serviceAccountName.pushgateway" -}}
{{- if .Values.serviceAccounts.pushgateway.create -}}
{{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.pushgateway.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the server component
*/}}
{{- define "prometheus.serviceAccountName.server" -}}
{{- if .Values.serviceAccounts.server.create -}}
{{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.server.name }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-clusterrole.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.alertmanager.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-clusterrolebinding.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.alertmanager.fullname" . }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-configmap.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
data:
{{- $root := . -}}
{{- range $key, $value := .Values.alertmanagerFiles }}
{{ $key }}: |
{{ toYaml $value | default "{}" | indent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-deployment.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
replicas: {{ .Values.alertmanager.replicaCount }}
{{- if .Values.server.strategy }}
strategy:
{{ toYaml .Values.server.strategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.alertmanager.podAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
spec:
{{- if .Values.alertmanager.schedulerName }}
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
args:
- --config.file=/etc/config/{{ .Values.alertmanager.configFileName }}
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
- --cluster.advertise-address=$(POD_IP):6783
{{- range $key, $value := .Values.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.alertmanager.baseURL }}
- --web.external-url={{ .Values.alertmanager.baseURL }}
{{- end }}
ports:
- containerPort: 9093
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.prefixURL }}/#/status
port: 9093
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.affinity }}
affinity:
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
{{- end }}
volumes:
- name: config-volume
{{- if empty .Values.alertmanager.configFromSecret }}
configMap:
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
secret:
secretName: {{ .Values.alertmanager.configFromSecret }}
{{- end }}
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
- name: storage-volume
{{- if .Values.alertmanager.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-ingress.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.alertmanager.fullname" . }}
{{- $servicePort := .Values.alertmanager.service.servicePort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.alertmanager.ingress.annotations }}
annotations:
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }}
{{ $key }}: {{ $value }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
rules:
{{- range .Values.alertmanager.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
- path: /{{ rest $url | join "/" }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.alertmanager.ingress.tls }}
tls:
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-networkpolicy.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
- ports:
- port: 9093
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
annotations:
{{- if .Values.alertmanager.podSecurityPolicy.annotations }}
{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'secret'
allowedHostPaths:
- pathPrefix: /etc
readOnly: true
- pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-pvc.yaml 0 → 100644
{{- if not .Values.alertmanager.statefulSet.enabled -}}
{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}}
{{- if not .Values.alertmanager.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.alertmanager.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
accessModes:
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }}
{{- if .Values.alertmanager.persistentVolume.storageClass }}
{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-service-headless.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.alertmanager.statefulSet.headless.annotations }}
annotations:
{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.statefulSet.headless.labels }}
{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}-headless
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.alertmanager.statefulSet.headless.servicePort }}
protocol: TCP
targetPort: 9093
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- name: meshpeer
port: 6783
protocol: TCP
targetPort: 6783
{{- end }}
selector:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-service.yaml 0 → 100644
{{- if .Values.alertmanager.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.alertmanager.service.annotations }}
annotations:
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.service.labels }}
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
{{- if .Values.alertmanager.service.clusterIP }}
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
{{- end }}
{{- if .Values.alertmanager.service.externalIPs }}
externalIPs:
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.alertmanager.service.servicePort }}
protocol: TCP
targetPort: 9093
{{- if .Values.alertmanager.service.nodePort }}
nodePort: {{ .Values.alertmanager.service.nodePort }}
{{- end }}
{{- if .Values.alertmanager.service.enableMeshPeer }}
- name: meshpeer
port: 6783
protocol: TCP
targetPort: 6783
{{- end }}
selector:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
type: "{{ .Values.alertmanager.service.type }}"
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-serviceaccount.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-statefulset.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless
selector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
replicas: {{ .Values.alertmanager.replicaCount }}
podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }}
template:
metadata:
{{- if .Values.alertmanager.podAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
spec:
{{- if .Values.alertmanager.affinity }}
affinity:
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.schedulerName }}
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
args:
- --config.file=/etc/config/alertmanager.yml
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
- --cluster.advertise-address=$(POD_IP):6783
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- --cluster.listen-address=0.0.0.0:6783
{{- range $n := until (.Values.alertmanager.replicaCount | int) }}
- --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.alertmanager.baseURL }}
- --web.external-url={{ .Values.alertmanager.baseURL }}
{{- end }}
ports:
- containerPort: 9093
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.prefixURL }}/#/status
port: 9093
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-volume
{{- if .Values.alertmanager.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }}
resources:
requests:
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- else }}
- name: storage-volume
emptyDir: {}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-clusterrole.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.kubeStateMetrics.fullname" . }}
{{- end }}
- apiGroups:
- ""
resources:
- namespaces
- nodes
- persistentvolumeclaims
- pods
- services
- resourcequotas
- replicationcontrollers
- limitranges
- persistentvolumeclaims
- persistentvolumes
- endpoints
- secrets
- configmaps
verbs:
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- ingresses
- replicasets
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- list
- watch
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-clusterrolebinding.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.kubeStateMetrics" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-deployment.yaml 0 → 100644
{{- if .Values.kubeStateMetrics.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- if .Values.kubeStateMetrics.deploymentAnnotations }}
annotations:
{{ toYaml .Values.kubeStateMetrics.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.kubeStateMetrics.matchLabels" . | nindent 6 }}
replicas: {{ .Values.kubeStateMetrics.replicaCount }}
template:
metadata:
{{- if .Values.kubeStateMetrics.podAnnotations }}
annotations:
{{ toYaml .Values.kubeStateMetrics.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 8 }}
{{- if .Values.kubeStateMetrics.pod.labels }}
{{ toYaml .Values.kubeStateMetrics.pod.labels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.kubeStateMetrics" . }}
{{- if .Values.kubeStateMetrics.priorityClassName }}
priorityClassName: "{{ .Values.kubeStateMetrics.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.kubeStateMetrics.name }}
image: "{{ .Values.kubeStateMetrics.image.repository }}:{{ .Values.kubeStateMetrics.image.tag }}"
imagePullPolicy: "{{ .Values.kubeStateMetrics.image.pullPolicy }}"
{{- if .Values.kubeStateMetrics.args }}
args:
{{- range $key, $value := .Values.kubeStateMetrics.args }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
ports:
- name: metrics
containerPort: 8080
resources:
{{ toYaml .Values.kubeStateMetrics.resources | indent 12 }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.kubeStateMetrics.nodeSelector }}
nodeSelector:
{{ toYaml .Values.kubeStateMetrics.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.kubeStateMetrics.securityContext }}
securityContext:
{{ toYaml .Values.kubeStateMetrics.securityContext | indent 8 }}
{{- end }}
{{- if .Values.kubeStateMetrics.tolerations }}
tolerations:
{{ toYaml .Values.kubeStateMetrics.tolerations | indent 8 }}
{{- end }}
{{- if .Values.kubeStateMetrics.affinity }}
affinity:
{{ toYaml .Values.kubeStateMetrics.affinity | indent 8 }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-networkpolicy.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.kubeStateMetrics.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 10 }}
- ports:
- port: 8080
{{- end -}}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
annotations:
{{- if .Values.kubeStateMetrics.podSecurityPolicy.annotations }}
{{ toYaml .Values.kubeStateMetrics.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'secret'
allowedHostPaths: []
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-serviceaccount.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.serviceAccounts.kubeStateMetrics.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.kubeStateMetrics" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-svc.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.kubeStateMetrics.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.kubeStateMetrics.service.annotations }}
annotations:
{{ toYaml .Values.kubeStateMetrics.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
{{- if .Values.kubeStateMetrics.service.labels }}
{{ toYaml .Values.kubeStateMetrics.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
spec:
{{- if .Values.kubeStateMetrics.service.clusterIP }}
clusterIP: {{ .Values.kubeStateMetrics.service.clusterIP }}
{{- end }}
{{- if .Values.kubeStateMetrics.service.externalIPs }}
externalIPs:
{{ toYaml .Values.kubeStateMetrics.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.kubeStateMetrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.kubeStateMetrics.service.loadBalancerIP }}
{{- end }}
{{- if .Values.kubeStateMetrics.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.kubeStateMetrics.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.kubeStateMetrics.service.servicePort }}
protocol: TCP
targetPort: 8080
selector:
{{- include "prometheus.kubeStateMetrics.matchLabels" . | nindent 4 }}
type: "{{ .Values.kubeStateMetrics.service.type }}"
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-daemonset.yaml 0 → 100644
{{- if .Values.nodeExporter.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
{{- if .Values.nodeExporter.deploymentAnnotations }}
annotations:
{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
name: {{ template "prometheus.nodeExporter.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }}
{{- if .Values.nodeExporter.updateStrategy }}
updateStrategy:
{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.nodeExporter.podAnnotations }}
annotations:
{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 8 }}
{{- if .Values.nodeExporter.pod.labels }}
{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{- if .Values.nodeExporter.priorityClassName }}
priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }}
image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}"
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
{{- range $key, $value := .Values.nodeExporter.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
ports:
- name: metrics
containerPort: 9100
hostPort: {{ .Values.nodeExporter.service.hostPort }}
resources:
{{ toYaml .Values.nodeExporter.resources | indent 12 }}
volumeMounts:
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
{{- range .Values.nodeExporter.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- if .mountPropagation }}
mountPropagation: {{ .mountPropagation }}
{{- end }}
{{- end }}
{{- range .Values.nodeExporter.extraConfigmapMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.nodeExporter.hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.nodeExporter.hostPID }}
hostPID: true
{{- end }}
{{- if .Values.nodeExporter.tolerations }}
tolerations:
{{ toYaml .Values.nodeExporter.tolerations | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.securityContext }}
securityContext:
{{ toYaml .Values.nodeExporter.securityContext | indent 8 }}
{{- end }}
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
{{- range .Values.nodeExporter.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.nodeExporter.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- end -}}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-podsecuritypolicy.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
annotations:
{{- if .Values.nodeExporter.podSecurityPolicy.annotations }}
{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'hostPath'
- 'secret'
allowedHostPaths:
- pathPrefix: /proc
readOnly: true
- pathPrefix: /sys
readOnly: true
{{- range .Values.nodeExporter.extraHostPathMounts }}
- pathPrefix: {{ .hostPath }}
readOnly: {{ .readOnly }}
{{- end }}
hostNetwork: {{ .Values.nodeExporter.hostNetwork }}
hostPID: {{ .Values.nodeExporter.hostPID }}
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
hostPorts:
- min: 1
max: 65535
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-role.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "prometheus.nodeExporter.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-rolebinding.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ template "prometheus.nodeExporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-service.yaml 0 → 100644
{{- if .Values.nodeExporter.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.nodeExporter.service.annotations }}
annotations:
{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
{{- if .Values.nodeExporter.service.labels }}
{{ toYaml .Values.nodeExporter.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.nodeExporter.fullname" . }}
spec:
{{- if .Values.nodeExporter.service.clusterIP }}
clusterIP: {{ .Values.nodeExporter.service.clusterIP }}
{{- end }}
{{- if .Values.nodeExporter.service.externalIPs }}
externalIPs:
{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.nodeExporter.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }}
{{- end }}
{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: metrics
port: {{ .Values.nodeExporter.service.servicePort }}
protocol: TCP
targetPort: 9100
selector:
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }}
type: "{{ .Values.nodeExporter.service.type }}"
{{- end -}}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-serviceaccount.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-clusterrole.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.server.fullname" . }}
{{- end }}
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
- ingresses
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses/status
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- get
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-clusterrolebinding.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.server" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.server.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-configmap.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if (empty .Values.server.configMapOverrideName) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
data:
{{- $root := . -}}
{{- range $key, $value := .Values.serverFiles }}
{{ $key }}: |
{{- if eq $key "prometheus.yml" }}
global:
{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }}
{{- end }}
{{ toYaml $value | default "{}" | indent 4 }}
{{- if eq $key "prometheus.yml" -}}
{{- if $root.Values.extraScrapeConfigs }}
{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }}
{{- end -}}
{{- if $root.Values.alertmanager.enabled }}
alerting:
alertmanagers:
- kubernetes_sd_configs:
- role: pod
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if $root.Values.alertmanager.prefixURL }}
path_prefix: {{ $root.Values.alertmanager.prefixURL }}
{{- end }}
relabel_configs:
- source_labels: [__meta_kubernetes_namespace]
regex: {{ $root.Release.Namespace }}
action: keep
- source_labels: [__meta_kubernetes_pod_label_app]
regex: {{ template "prometheus.name" $root }}
action: keep
- source_labels: [__meta_kubernetes_pod_label_component]
regex: alertmanager
action: keep
- source_labels: [__meta_kubernetes_pod_container_port_number]
regex:
action: drop
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-deployment.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if not .Values.server.statefulSet.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- if .Values.server.deploymentAnnotations }}
annotations:
{{ toYaml .Values.server.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
replicas: {{ .Values.server.replicaCount }}
{{- if .Values.server.strategy }}
strategy:
{{ toYaml .Values.server.strategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 8 }}
{{- if .Values.server.podLabels}}
{{ toYaml .Values.server.podLabels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"
{{- end }}
{{- if .Values.server.schedulerName }}
schedulerName: "{{ .Values.server.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
{{- if .Values.server.env }}
env:
{{ toYaml .Values.server.env | indent 12}}
{{- end }}
args:
{{- if .Values.server.retention }}
- --storage.tsdb.retention.time={{ .Values.server.retention }}
{{- end }}
- --config.file={{ .Values.server.configPath }}
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
- --web.console.libraries=/etc/prometheus/console_libraries
- --web.console.templates=/etc/prometheus/consoles
- --web.enable-lifecycle
{{- range $key, $value := .Values.server.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.server.baseURL }}
- --web.external-url={{ .Values.server.baseURL }}
{{- end }}
{{- if .Values.server.enableAdminApi }}
- --web.enable-admin-api
{{- end }}
{{- if .Values.server.skipTSDBLock }}
- --storage.tsdb.no-lockfile
{{- end }}
ports:
- containerPort: 9090
readinessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/ready
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
livenessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.server.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: {{ .Values.server.persistentVolume.mountPath }}
subPath: "{{ .Values.server.persistentVolume.subPath }}"
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.server.extraVolumeMounts }}
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.server.sidecarContainers }}
{{- toYaml .Values.server.sidecarContainers | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.server.securityContext }}
securityContext:
{{ toYaml .Values.server.securityContext | indent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
volumes:
- name: config-volume
configMap:
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
- name: storage-volume
{{- if .Values.server.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- else }}
emptyDir:
{{- if .Values.server.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end -}}
{{- if .Values.server.extraVolumes }}
{{ toYaml .Values.server.extraVolumes | indent 8}}
{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-ingress.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.server.ingress.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.server.fullname" . }}
{{- $servicePort := .Values.server.service.servicePort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{ toYaml .Values.server.ingress.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- range $key, $value := .Values.server.ingress.extraLabels }}
{{ $key }}: {{ $value }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
spec:
rules:
{{- range .Values.server.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
- path: /{{ rest $url | join "/" }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{ toYaml .Values.server.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-networkpolicy.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.networkPolicy.enabled }}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.server.fullname" . }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
ingress:
- ports:
- port: 9090
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.server.fullname" . }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
annotations:
{{- if .Values.server.podSecurityPolicy.annotations }}
{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
allowedCapabilities:
- 'CHOWN'
volumes:
- 'configMap'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'secret'
- 'hostPath'
allowedHostPaths:
- pathPrefix: /etc
readOnly: true
- pathPrefix: {{ .Values.server.persistentVolume.mountPath }}
{{- range .Values.server.extraHostPathMounts }}
- pathPrefix: {{ .hostPath }}
readOnly: {{ .readOnly }}
{{- end }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-pvc.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if not .Values.server.statefulSet.enabled -}}
{{- if .Values.server.persistentVolume.enabled -}}
{{- if not .Values.server.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.server.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
spec:
accessModes:
{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }}
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.server.persistentVolume.size }}"
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-service-headless.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.server.statefulSet.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.statefulSet.headless.annotations }}
annotations:
{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.statefulSet.headless.labels }}
{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}-headless
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.server.statefulSet.headless.servicePort }}
protocol: TCP
targetPort: 9090
selector:
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-service.yaml 0 → 100644
{{- if .Values.server.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
annotations:
{{ toYaml .Values.server.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.service.labels }}
{{ toYaml .Values.server.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
spec:
{{- if .Values.server.service.clusterIP }}
clusterIP: {{ .Values.server.service.clusterIP }}
{{- end }}
{{- if .Values.server.service.externalIPs }}
externalIPs:
{{ toYaml .Values.server.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.server.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.server.service.servicePort }}
protocol: TCP
targetPort: 9090
{{- if .Values.server.service.nodePort }}
nodePort: {{ .Values.server.service.nodePort }}
{{- end }}
selector:
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
type: "{{ .Values.server.service.type }}"
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-serviceaccount.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.serviceAccounts.server.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.server" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-statefulset.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.server.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- if .Values.server.statefulSet.annotations }}
annotations:
{{ toYaml .Values.server.statefulSet.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.statefulSet.labels}}
{{ toYaml .Values.server.statefulSet.labels | nindent 4 }}
{{- end}}
name: {{ template "prometheus.server.fullname" . }}
spec:
serviceName: {{ template "prometheus.server.fullname" . }}-headless
selector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
replicas: {{ .Values.server.replicaCount }}
podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 8 }}
{{- if .Values.server.statefulSet.labels}}
{{ toYaml .Values.server.statefulSet.labels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"
{{- end }}
{{- if .Values.server.schedulerName }}
schedulerName: "{{ .Values.server.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
args:
{{- if .Values.server.retention }}
- --storage.tsdb.retention.time={{ .Values.server.retention }}
{{- end }}
- --config.file={{ .Values.server.configPath }}
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
- --web.console.libraries=/etc/prometheus/console_libraries
- --web.console.templates=/etc/prometheus/consoles
- --web.enable-lifecycle
{{- range $key, $value := .Values.server.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.server.baseURL }}
- --web.external-url={{ .Values.server.baseURL }}
{{- end }}
{{- if .Values.server.enableAdminApi }}
- --web.enable-admin-api
{{- end }}
{{- if .Values.server.skipTSDBLock }}
- --storage.tsdb.no-lockfile
{{- end }}
ports:
- containerPort: 9090
readinessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/ready
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
livenessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.server.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: {{ .Values.server.persistentVolume.mountPath }}
subPath: "{{ .Values.server.persistentVolume.subPath }}"
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.server.extraVolumeMounts }}
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.server.sidecarContainers }}
{{- toYaml .Values.server.sidecarContainers | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.server.securityContext }}
securityContext:
{{ toYaml .Values.server.securityContext | indent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
volumes:
- name: config-volume
configMap:
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- if .Values.server.extraVolumes }}
{{ toYaml .Values.server.extraVolumes | indent 8}}
{{- end }}
{{- if .Values.server.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-volume
{{- if .Values.server.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }}
resources:
requests:
storage: "{{ .Values.server.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- else }}
- name: storage-volume
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-clusterrole.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.pushgateway.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-clusterrolebinding.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.pushgateway.fullname" . }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-deployment.yaml 0 → 100644
{{- if .Values.pushgateway.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
selector:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
matchLabels:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
replicas: {{ .Values.pushgateway.replicaCount }}
template:
metadata:
{{- if .Values.pushgateway.podAnnotations }}
annotations:
{{ toYaml .Values.pushgateway.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 8 }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{- if .Values.pushgateway.priorityClassName }}
priorityClassName: "{{ .Values.pushgateway.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }}
image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}"
args:
{{- range $key, $value := .Values.pushgateway.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
ports:
- containerPort: 9091
readinessProbe:
httpGet:
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/#/status
{{- else }}
path: /#/status
{{- end }}
port: 9091
initialDelaySeconds: 10
timeoutSeconds: 10
resources:
{{ toYaml .Values.pushgateway.resources | indent 12 }}
{{- if .Values.pushgateway.persistentVolume.enabled }}
volumeMounts:
- name: storage-volume
mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}"
subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.pushgateway.nodeSelector }}
nodeSelector:
{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.securityContext }}
securityContext:
{{ toYaml .Values.pushgateway.securityContext | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.tolerations }}
tolerations:
{{ toYaml .Values.pushgateway.tolerations | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.affinity }}
affinity:
{{ toYaml .Values.pushgateway.affinity | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.persistentVolume.enabled }}
volumes:
- name: storage-volume
persistentVolumeClaim:
claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }}
{{- end -}}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-ingress.yaml 0 → 100644
{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.pushgateway.fullname" . }}
{{- $servicePort := .Values.pushgateway.service.servicePort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.pushgateway.ingress.annotations }}
annotations:
{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
rules:
{{- range .Values.pushgateway.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
- path: /{{ rest $url | join "/" }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.pushgateway.ingress.tls }}
tls:
{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-networkpolicy.yaml 0 → 100644
{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
- ports:
- port: 9091
{{- end -}}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
annotations:
{{- if .Values.pushgateway.podSecurityPolicy.annotations }}
{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'persistentVolumeClaim'
- 'secret'
allowedHostPaths:
- pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-pvc.yaml 0 → 100644
{{- if .Values.pushgateway.persistentVolume.enabled -}}
{{- if not .Values.pushgateway.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.pushgateway.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
accessModes:
{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }}
{{- if .Values.pushgateway.persistentVolume.storageClass }}
{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.pushgateway.persistentVolume.size }}"
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-service.yaml 0 → 100644
{{- if .Values.pushgateway.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.pushgateway.service.annotations }}
annotations:
{{ toYaml .Values.pushgateway.service.annotations | indent 4}}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
{{- if .Values.pushgateway.service.labels }}
{{ toYaml .Values.pushgateway.service.labels | indent 4}}
{{- end }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
{{- if .Values.pushgateway.service.clusterIP }}
clusterIP: {{ .Values.pushgateway.service.clusterIP }}
{{- end }}
{{- if .Values.pushgateway.service.externalIPs }}
externalIPs:
{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.pushgateway.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }}
{{- end }}
{{- if .Values.pushgateway.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.pushgateway.service.servicePort }}
protocol: TCP
targetPort: 9091
selector:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }}
type: "{{ .Values.pushgateway.service.type }}"
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-serviceaccount.yaml 0 → 100644
{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{- end -}}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment