Skip to content

C
charts
Unverified Commit cde39abc by Denise Committed by GitHub
Options

Merge pull request #224 from guangbochen/prome2.3

Bump prometheus chart to v9.1.0
parents 4a42de3b c52c8d54
Showing with 6556 additions and 0 deletions
charts/prometheus/v9.1.0/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
OWNERS
charts/prometheus/v9.1.0/Chart.yaml 0 → 100755
apiVersion: v1
name: prometheus
version: 9.1.0
appVersion: 2.11.1
description: Prometheus is a monitoring system and time series database.
home: https://prometheus.io/
icon: files://../logo.png
sources:
- https://github.com/prometheus/alertmanager
- https://github.com/prometheus/prometheus
- https://github.com/prometheus/pushgateway
- https://github.com/prometheus/node_exporter
- https://github.com/kubernetes/kube-state-metrics
maintainers:
- name: mgoodness
email: mgoodness@gmail.com
- name: gianrubio
email: gianrubio@gmail.com
engine: gotpl
tillerVersion: ">=2.8.0"
charts/prometheus/v9.1.0/OWNERS 0 → 100644
approvers:
- mgoodness
- gianrubio
reviewers:
- mgoodness
- gianrubio
charts/prometheus/v9.1.0/README.md 0 → 100644
# Prometheus
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
## Prometheus 2.x
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/)
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
## Upgrading from previous chart versions.
Version 9.0 adds a new option to enable or disable the Prometheus Server.
This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment.
To install the server `server.enabled` must be set to `true`.
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
### Example migration
Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following:
1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below:
```
alertmanager:
enabled: false
alertmanagerFiles:
alertmanager.yml: ""
kubeStateMetrics:
enabled: false
nodeExporter:
enabled: false
pushgateway:
enabled: false
server:
extraArgs:
storage.local.retention: 720h
serverFiles:
alerts: ""
prometheus.yml: ""
rules: ""
```
1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target.
```
prometheus.yml:
...
remote_read:
- url: http://prometheus-old/api/v1/read
...
```
Old data will be available when you query the new prometheus instance.
## Configuration
The following table lists the configurable parameters of the Prometheus chart and their default values.
Parameter | Description | Default
--------- | ----------- | -------
`alertmanager.enabled` | If true, create alertmanager | `true`
`alertmanager.name` | alertmanager container name | `alertmanager`
`alertmanager.image.repository` | alertmanager container image repository | `prom/alertmanager`
`alertmanager.image.tag` | alertmanager container image tag | `v0.18.0`
`alertmanager.image.pullPolicy` | alertmanager container image pull policy | `IfNotPresent`
`alertmanager.prefixURL` | The prefix slug at which the server can be accessed | ``
`alertmanager.baseURL` | The external url at which the server can be accessed | `/`
`alertmanager.extraArgs` | Additional alertmanager container arguments | `{}`
`alertmanager.extraSecretMounts` | Additional alertmanager Secret mounts | `[]`
`alertmanager.configMapOverrideName` | Prometheus alertmanager ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}` and setting this value will prevent the default alertmanager ConfigMap from being generated | `""`
`alertmanager.configFromSecret` | The name of a secret in the same kubernetes namespace which contains the Alertmanager config, setting this value will prevent the default alertmanager ConfigMap from being generated | `""`
`alertmanager.configFileName` | The configuration file name to be loaded to alertmanager. Must match the key within configuration loaded from ConfigMap/Secret. | `alertmanager.yml`
`alertmanager.ingress.enabled` | If true, alertmanager Ingress will be created | `false`
`alertmanager.ingress.annotations` | alertmanager Ingress annotations | `{}`
`alertmanager.ingress.extraLabels` | alertmanager Ingress additional labels | `{}`
`alertmanager.ingress.hosts` | alertmanager Ingress hostnames | `[]`
`alertmanager.ingress.tls` | alertmanager Ingress TLS configuration (YAML) | `[]`
`alertmanager.nodeSelector` | node labels for alertmanager pod assignment | `{}`
`alertmanager.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`alertmanager.affinity` | pod affinity | `{}`
`alertmanager.schedulerName` | alertmanager alternate scheduler name | `nil`
`alertmanager.persistentVolume.enabled` | If true, alertmanager will create a Persistent Volume Claim | `true`
`alertmanager.persistentVolume.accessModes` | alertmanager data Persistent Volume access modes | `[ReadWriteOnce]`
`alertmanager.persistentVolume.annotations` | Annotations for alertmanager Persistent Volume Claim | `{}`
`alertmanager.persistentVolume.existingClaim` | alertmanager data Persistent Volume existing claim name | `""`
`alertmanager.persistentVolume.mountPath` | alertmanager data Persistent Volume mount root path | `/data`
`alertmanager.persistentVolume.size` | alertmanager data Persistent Volume size | `2Gi`
`alertmanager.persistentVolume.storageClass` | alertmanager data Persistent Volume Storage Class | `unset`
`alertmanager.persistentVolume.subPath` | Subdirectory of alertmanager data Persistent Volume to mount | `""`
`alertmanager.podAnnotations` | annotations to be added to alertmanager pods | `{}`
`alertmanager.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
`alertmanager.replicaCount` | desired number of alertmanager pods | `1`
`alertmanager.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false`
`alertmanager.statefulSet.podManagementPolicy` | podManagementPolicy of alertmanager pods | `OrderedReady`
`alertmanager.statefulSet.headless.annotations` | annotations for alertmanager headless service | `{}`
`alertmanager.statefulSet.headless.labels` | labels for alertmanager headless service | `{}`
`alertmanager.statefulSet.headless.enableMeshPeer` | If true, enable the mesh peer endpoint for the headless service | `{}`
`alertmanager.statefulSet.headless.servicePort` | alertmanager headless service port | `80`
`alertmanager.priorityClassName` | alertmanager priorityClassName | `nil`
`alertmanager.resources` | alertmanager pod resource requests & limits | `{}`
`alertmanager.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for Alert Manager containers | `{}`
`alertmanager.service.annotations` | annotations for alertmanager service | `{}`
`alertmanager.service.clusterIP` | internal alertmanager cluster service IP | `""`
`alertmanager.service.externalIPs` | alertmanager service external IP addresses | `[]`
`alertmanager.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`alertmanager.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`alertmanager.service.servicePort` | alertmanager service port | `80`
`alertmanager.service.type` | type of alertmanager service to create | `ClusterIP`
`alertmanagerFiles.alertmanager.yml` | Prometheus alertmanager configuration | example configuration
`configmapReload.name` | configmap-reload container name | `configmap-reload`
`configmapReload.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload`
`configmapReload.image.tag` | configmap-reload container image tag | `v0.2.2`
`configmapReload.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent`
`configmapReload.extraArgs` | Additional configmap-reload container arguments | `{}`
`configmapReload.extraVolumeDirs` | Additional configmap-reload volume directories | `{}`
`configmapReload.extraConfigmapMounts` | Additional configmap-reload configMap mounts | `[]`
`configmapReload.resources` | configmap-reload pod resource requests & limits | `{}`
`initChownData.enabled` | If false, don't reset data ownership at startup | true
`initChownData.name` | init-chown-data container name | `init-chown-data`
`initChownData.image.repository` | init-chown-data container image repository | `busybox`
`initChownData.image.tag` | init-chown-data container image tag | `latest`
`initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent`
`initChownData.resources` | init-chown-data pod resource requests & limits | `{}`
`kubeStateMetrics.enabled` | If true, create kube-state-metrics | `true`
`kubeStateMetrics.name` | kube-state-metrics container name | `kube-state-metrics`
`kubeStateMetrics.image.repository` | kube-state-metrics container image repository| `quay.io/coreos/kube-state-metrics`
`kubeStateMetrics.image.tag` | kube-state-metrics container image tag | `v1.5.0`
`kubeStateMetrics.image.pullPolicy` | kube-state-metrics container image pull policy | `IfNotPresent`
`kubeStateMetrics.args` | kube-state-metrics container arguments | `{}`
`kubeStateMetrics.nodeSelector` | node labels for kube-state-metrics pod assignment | `{}`
`kubeStateMetrics.podAnnotations` | annotations to be added to kube-state-metrics pods | `{}`
`kubeStateMetrics.deploymentAnnotations` | annotations to be added to kube-state-metrics deployment | `{}`
`kubeStateMetrics.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
`kubeStateMetrics.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`kubeStateMetrics.replicaCount` | desired number of kube-state-metrics pods | `1`
`kubeStateMetrics.priorityClassName` | kube-state-metrics priorityClassName | `nil`
`kubeStateMetrics.resources` | kube-state-metrics resource requests and limits (YAML) | `{}`
`kubeStateMetrics.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for kube-state-metrics containers | `{}`
`kubeStateMetrics.service.annotations` | annotations for kube-state-metrics service | `{prometheus.io/scrape: "true"}`
`kubeStateMetrics.service.clusterIP` | internal kube-state-metrics cluster service IP | `None`
`kubeStateMetrics.service.externalIPs` | kube-state-metrics service external IP addresses | `[]`
`kubeStateMetrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`kubeStateMetrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`kubeStateMetrics.service.servicePort` | kube-state-metrics service port | `80`
`kubeStateMetrics.service.type` | type of kube-state-metrics service to create | `ClusterIP`
`nodeExporter.enabled` | If true, create node-exporter | `true`
`nodeExporter.name` | node-exporter container name | `node-exporter`
`nodeExporter.image.repository` | node-exporter container image repository| `prom/node-exporter`
`nodeExporter.image.tag` | node-exporter container image tag | `v0.18.0`
`nodeExporter.image.pullPolicy` | node-exporter container image pull policy | `IfNotPresent`
`nodeExporter.extraArgs` | Additional node-exporter container arguments | `{}`
`nodeExporter.extraHostPathMounts` | Additional node-exporter hostPath mounts | `[]`
`nodeExporter.extraConfigmapMounts` | Additional node-exporter configMap mounts | `[]`
`nodeExporter.hostNetwork` | If true, node-exporter pods share the host network namespace | `true`
`nodeExporter.hostPID` | If true, node-exporter pods share the host PID namespace | `true`
`nodeExporter.nodeSelector` | node labels for node-exporter pod assignment | `{}`
`nodeExporter.podAnnotations` | annotations to be added to node-exporter pods | `{}`
`nodeExporter.pod.labels` | labels to be added to node-exporter pods | `{}`
`nodeExporter.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
`nodeExporter.podSecurityPolicy.enabled` | Specify if a Pod Security Policy for node-exporter must be created | `false`
`nodeExporter.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`nodeExporter.priorityClassName` | node-exporter priorityClassName | `nil`
`nodeExporter.resources` | node-exporter resource requests and limits (YAML) | `{}`
`nodeExporter.securityContext` | securityContext for containers in pod | `{}`
`nodeExporter.service.annotations` | annotations for node-exporter service | `{prometheus.io/scrape: "true"}`
`nodeExporter.service.clusterIP` | internal node-exporter cluster service IP | `None`
`nodeExporter.service.externalIPs` | node-exporter service external IP addresses | `[]`
`nodeExporter.service.hostPort` | node-exporter service host port | `9100`
`nodeExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`nodeExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`nodeExporter.service.servicePort` | node-exporter service port | `9100`
`nodeExporter.service.type` | type of node-exporter service to create | `ClusterIP`
`podSecurityPolicy.enabled` | If true, create & use pod security policies resources | `false`
`pushgateway.enabled` | If true, create pushgateway | `true`
`pushgateway.name` | pushgateway container name | `pushgateway`
`pushgateway.image.repository` | pushgateway container image repository | `prom/pushgateway`
`pushgateway.image.tag` | pushgateway container image tag | `v0.8.0`
`pushgateway.image.pullPolicy` | pushgateway container image pull policy | `IfNotPresent`
`pushgateway.extraArgs` | Additional pushgateway container arguments | `{}`
`pushgateway.ingress.enabled` | If true, pushgateway Ingress will be created | `false`
`pushgateway.ingress.annotations` | pushgateway Ingress annotations | `{}`
`pushgateway.ingress.hosts` | pushgateway Ingress hostnames | `[]`
`pushgateway.ingress.tls` | pushgateway Ingress TLS configuration (YAML) | `[]`
`pushgateway.nodeSelector` | node labels for pushgateway pod assignment | `{}`
`pushgateway.podAnnotations` | annotations to be added to pushgateway pods | `{}`
`pushgateway.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
`pushgateway.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`pushgateway.replicaCount` | desired number of pushgateway pods | `1`
`pushgateway.schedulerName` | pushgateway alternate scheduler name | `nil`
`pushgateway.persistentVolume.enabled` | If true, Prometheus pushgateway will create a Persistent Volume Claim | `false`
`pushgateway.persistentVolume.accessModes` | Prometheus pushgateway data Persistent Volume access modes | `[ReadWriteOnce]`
`pushgateway.persistentVolume.annotations` | Prometheus pushgateway data Persistent Volume annotations | `{}`
`pushgateway.persistentVolume.existingClaim` | Prometheus pushgateway data Persistent Volume existing claim name | `""`
`pushgateway.persistentVolume.mountPath` | Prometheus pushgateway data Persistent Volume mount root path | `/data`
`pushgateway.persistentVolume.size` | Prometheus pushgateway data Persistent Volume size | `2Gi`
`pushgateway.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset`
`pushgateway.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""`
`pushgateway.priorityClassName` | pushgateway priorityClassName | `nil`
`pushgateway.resources` | pushgateway pod resource requests & limits | `{}`
`pushgateway.service.annotations` | annotations for pushgateway service | `{}`
`pushgateway.service.clusterIP` | internal pushgateway cluster service IP | `""`
`pushgateway.service.externalIPs` | pushgateway service external IP addresses | `[]`
`pushgateway.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`pushgateway.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`pushgateway.service.servicePort` | pushgateway service port | `9091`
`pushgateway.service.type` | type of pushgateway service to create | `ClusterIP`
`rbac.create` | If true, create & use RBAC resources | `true`
`server.enabled` | If false, Prometheus server will not be created | `true`
`server.name` | Prometheus server container name | `server`
`server.image.repository` | Prometheus server container image repository | `prom/prometheus`
`server.image.tag` | Prometheus server container image tag | `v2.11.1`
`server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent`
`server.enableAdminApi` | If true, Prometheus administrative HTTP API will be enabled. Please note, that you should take care of administrative API access protection (ingress or some frontend Nginx with auth) before enabling it. | `false`
`server.skipTSDBLock` | If true, Prometheus skip TSDB locking. | `false`
`server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml`
`server.global.scrape_interval` | How frequently to scrape targets by default | `1m`
`server.global.scrape_timeout` | How long until a scrape request times out | `10s`
`server.global.evaluation_interval` | How frequently to evaluate rules | `1m`
`server.extraArgs` | Additional Prometheus server container arguments | `{}`
`server.prefixURL` | The prefix slug at which the server can be accessed | ``
`server.baseURL` | The external url at which the server can be accessed | ``
`server.env` | Prometheus server environment variables | `[]`
`server.extraHostPathMounts` | Additional Prometheus server hostPath mounts | `[]`
`server.extraConfigmapMounts` | Additional Prometheus server configMap mounts | `[]`
`server.extraSecretMounts` | Additional Prometheus server Secret mounts | `[]`
`server.extraVolumeMounts` | Additional Prometheus server Volume mounts | `[]`
`server.extraVolumes` | Additional Prometheus server Volumes | `[]`
`server.configMapOverrideName` | Prometheus server ConfigMap override where full-name is `{{.Release.Name}}-{{.Values.server.configMapOverrideName}}` and setting this value will prevent the default server ConfigMap from being generated | `""`
`server.ingress.enabled` | If true, Prometheus server Ingress will be created | `false`
`server.ingress.annotations` | Prometheus server Ingress annotations | `[]`
`server.ingress.extraLabels` | Prometheus server Ingress additional labels | `{}`
`server.ingress.hosts` | Prometheus server Ingress hostnames | `[]`
`server.ingress.tls` | Prometheus server Ingress TLS configuration (YAML) | `[]`
`server.nodeSelector` | node labels for Prometheus server pod assignment | `{}`
`server.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]`
`server.affinity` | pod affinity | `{}`
`server.priorityClassName` | Prometheus server priorityClassName | `nil`
`server.schedulerName` | Prometheus server alternate scheduler name | `nil`
`server.persistentVolume.enabled` | If true, Prometheus server will create a Persistent Volume Claim | `true`
`server.persistentVolume.accessModes` | Prometheus server data Persistent Volume access modes | `[ReadWriteOnce]`
`server.persistentVolume.annotations` | Prometheus server data Persistent Volume annotations | `{}`
`server.persistentVolume.existingClaim` | Prometheus server data Persistent Volume existing claim name | `""`
`server.persistentVolume.mountPath` | Prometheus server data Persistent Volume mount root path | `/data`
`server.persistentVolume.size` | Prometheus server data Persistent Volume size | `8Gi`
`server.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset`
`server.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""`
`server.emptyDir.sizeLimit` | emptyDir sizeLimit if a Persistent Volume is not used | `""`
`server.podAnnotations` | annotations to be added to Prometheus server pods | `{}`
`server.podLabels` | labels to be added to Prometheus server pods | `{}`
`server.deploymentAnnotations` | annotations to be added to Prometheus server deployment | `{}`
`server.podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` |
`server.replicaCount` | desired number of Prometheus server pods | `1`
`server.statefulSet.enabled` | If true, use a statefulset instead of a deployment for pod management | `false`
`server.statefulSet.annotations` | annotations to be added to Prometheus server stateful set | `{}`
`server.statefulSet.labels` | labels to be added to Prometheus server stateful set | `{}`
`server.statefulSet.podManagementPolicy` | podManagementPolicy of server pods | `OrderedReady`
`server.statefulSet.headless.annotations` | annotations for Prometheus server headless service | `{}`
`server.statefulSet.headless.labels` | labels for Prometheus server headless service | `{}`
`server.statefulSet.headless.servicePort` | Prometheus server headless service port | `80`
`server.resources` | Prometheus server resource requests and limits | `{}`
`server.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for server containers | `{}`
`server.service.annotations` | annotations for Prometheus server service | `{}`
`server.service.clusterIP` | internal Prometheus server cluster service IP | `""`
`server.service.externalIPs` | Prometheus server service external IP addresses | `[]`
`server.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""`
`server.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]`
`server.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0`
`server.service.servicePort` | Prometheus server service port | `80`
`server.service.type` | type of Prometheus server service to create | `ClusterIP`
`server.sidecarContainers` | array of snippets with your sidecar containers for prometheus server | `""`
`serviceAccounts.alertmanager.create` | If true, create the alertmanager service account | `true`
`serviceAccounts.alertmanager.name` | name of the alertmanager service account to use or create | `{{ prometheus.alertmanager.fullname }}`
`serviceAccounts.kubeStateMetrics.create` | If true, create the kubeStateMetrics service account | `true`
`serviceAccounts.kubeStateMetrics.name` | name of the kubeStateMetrics service account to use or create | `{{ prometheus.kubeStateMetrics.fullname }}`
`serviceAccounts.nodeExporter.create` | If true, create the nodeExporter service account | `true`
`serviceAccounts.nodeExporter.name` | name of the nodeExporter service account to use or create | `{{ prometheus.nodeExporter.fullname }}`
`serviceAccounts.pushgateway.create` | If true, create the pushgateway service account | `true`
`serviceAccounts.pushgateway.name` | name of the pushgateway service account to use or create | `{{ prometheus.pushgateway.fullname }}`
`serviceAccounts.server.create` | If true, create the server service account | `true`
`serviceAccounts.server.name` | name of the server service account to use or create | `{{ prometheus.server.fullname }}`
`server.terminationGracePeriodSeconds` | Prometheus server Pod termination grace period | `300`
`server.retention` | (optional) Prometheus data retention | `"15d"`
`serverFiles.alerts` | Prometheus server alerts configuration | `{}`
`serverFiles.rules` | Prometheus server rules configuration | `{}`
`serverFiles.prometheus.yml` | Prometheus server scrape configuration | example configuration
`extraScrapeConfigs` | Prometheus server additional scrape configuration | ""
`networkPolicy.enabled` | Enable NetworkPolicy | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install stable/prometheus --name my-release \
--set server.terminationGracePeriodSeconds=360
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install stable/prometheus --name my-release -f values.yaml
```
> **Tip**: You can use the default [values.yaml](values.yaml)
### RBAC Configuration
Roles and RoleBindings resources will be created automatically for `server` and `kubeStateMetrics` services.
To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account.
> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
### ConfigMap Files
AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.
### Ingress TLS
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```console
kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file:
```yaml
server:
ingress:
## If true, Prometheus server Ingress will be created
##
enabled: true
## Prometheus server Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- prometheus.domain.com
## Prometheus server Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: prometheus-server-tls
hosts:
- prometheus.domain.com
```
### NetworkPolicy
Enabling Network Policy for Prometheus will secure connections to Alert Manager
and Kube State Metrics by only accepting connections from Prometheus Server.
All inbound connections to Prometheus Server are still allowed.
To enable network policy for Prometheus, install a networking plugin that
implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true.
If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need
to manually create a networkpolicy which allows it.
charts/prometheus/v9.1.0/app-readme.md 0 → 100644
# Prometheus
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
## Prometheus 2.x
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/)
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
## Upgrading from previous chart versions.
Version 9.0 adds a new option to enable or disable the Prometheus Server.
This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment.
To install the server `server.enabled` must be set to `true`.
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
charts/prometheus/v9.1.0/charts/grafana/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.vscode
.project
.idea/
*.tmproj
OWNERS
charts/prometheus/v9.1.0/charts/grafana/Chart.yaml 0 → 100644
apiVersion: v1
name: grafana
version: 3.8.6
appVersion: 6.3.4
kubeVersion: "^1.8.0-0"
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net
icon: files://../grafana-logo.png
sources:
- https://github.com/grafana/grafana
maintainers:
- name: zanhsieh
email: zanhsieh@gmail.com
- name: rtluckie
email: rluckie@cisco.com
- name: maorfr
email: maor.friedman@redhat.com
engine: gotpl
charts/prometheus/v9.1.0/charts/grafana/OWNERS 0 → 100644
approvers:
- zanhsieh
- rtluckie
- maorfr
reviewers:
- zanhsieh
- rtluckie
- maorfr
charts/prometheus/v9.1.0/charts/grafana/README.md 0 → 100644
## Configuration
| Parameter | Description | Default |
|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
| `replicas` | Number of nodes | `1` |
| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
| `readinessProbe` | Rediness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` |
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
| `image.repository` | Image repository | `grafana/grafana` |
| `image.tag` | Image tag. (`Must be >= 5.0.0`) | `6.3.4` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `{}` |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Kubernetes port where service is exposed | `80` |
| `service.targetPort` | internal service is port | `3000` |
| `service.annotations` | Service annotations | `{}` |
| `service.labels` | Custom labels | `{}` |
| `ingress.enabled` | Enables Ingress | `false` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.labels` | Custom labels | `{}` |
| `ingress.path` | Ingress accepted path | `/` |
| `ingress.hosts` | Ingress accepted hostnames | `[]` |
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
| `persistence.enabled` | Use persistent volume to store data | `false` |
| `persistence.size` | Size of persistent volume claim | `10Gi` |
| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` |
| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` |
| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
| `initChownData.image.tag` | init-chown-data container image tag | `latest` |
| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
| `schedulerName` | Alternate scheduler name | `nil` |
| `env` | Extra environment variables passed to pods | `{}` |
| `envFromSecret` | Name of a Kubenretes secret (must be manually created in the same namespace) containing values to be added to the environment | `""` |
| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` |
| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
| `plugins` | Plugins to be loaded along with Grafana | `[]` |
| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
| `notifiers` | Configure grafana notifiers | `{}` |
| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
| `dashboards` | Dashboards to import | `{}` |
| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
| `grafana.ini` | Grafana's primary configuration | `{}` |
| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
| `ldap.config ` | Grafana's LDAP configuration | `""` |
| `annotations` | Deployment annotations | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `sidecar.image` | Sidecar image | `kiwigrid/k8s-sidecar:0.1.20` |
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
| `sidecar.resources` | Sidecar resources | `{}` |
| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
| `sidecar.dashboards.provider.type` | Provider type | `file` |
| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` |
| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
| `serviceAccount.create` | Create service account | `true` |
| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
| `rbac.create` | Create and use RBAC resources | `true` |
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
| `command` | Define command to be executed by grafana container at startup | `nil` |
| `testFramework.image` | `test-framework` image repository. | `dduportal/bats` |
| `testFramework.tag` | `test-framework` image tag. | `0.4.0` |
| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
### Example of extraVolumeMounts
```yaml
- extraVolumeMounts:
- name: plugins
mountPath: /var/lib/grafana/plugins
subPath: configs/grafana/plugins
existingClaim: existing-grafana-claim
readOnly: false
```
## Import dashboards
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
```yaml
dashboards:
default:
some-dashboard:
json: |
{
"annotations":
...
# Complete json file here
...
"title": "Some Dashboard",
"uid": "abcd1234",
"version": 1
}
custom-dashboard:
# This is a path to a file inside the dashboards directory inside the chart directory
file: dashboards/custom-dashboard.json
prometheus-stats:
# Ref: https://grafana.com/dashboards/2
gnetId: 2
revision: 2
datasource: Prometheus
local-dashboard:
url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
```
## BASE64 dashboards
Dashboards could be storaged in a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
### Gerrit use case:
Gerrit API for download files has the following schema: https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content where {project-name} and
{file-id} usualy has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
the url value is https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content
## Sidecar for dashboards
If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
dashboards are deleted/updated.
A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
one configmap is currently not properly mirrored in grafana.
Example dashboard config:
```
apiVersion: v1
kind: ConfigMap
metadata:
name: sample-grafana-dashboard
labels:
grafana_dashboard: 1
data:
k8s-dashboard.json: |-
[...]
```
## Sidecar for datasources
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
the data sources in grafana can be imported. The secrets must be created before `helm install` so
that the datasources init container can list the secrets.
Secrets are recommended over configmaps for this usecase because datasources usually contain private
data like usernames and passwords. Secrets are the more appropriate cluster ressource to manage those.
Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
```
apiVersion: v1
kind: Secret
metadata:
name: sample-grafana-datasource
labels:
grafana_datasource: 1
type: Opaque
stringData:
datasource.yaml: |-
# config file version
apiVersion: 1
# list of datasources that should be deleted from the database
deleteDatasources:
- name: Graphite
orgId: 1
# list of datasources to insert/update depending
# whats available in the database
datasources:
# <string, required> name of the datasource. Required
- name: Graphite
# <string, required> datasource type. Required
type: graphite
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
access: proxy
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string> url
url: http://localhost:8080
# <string> database password, if used
password:
# <string> database user, if used
user:
# <string> database name, if used
database:
# <bool> enable/disable basic auth
basicAuth:
# <string> basic auth username
basicAuthUser:
# <string> basic auth password
basicAuthPassword:
# <bool> enable/disable with credentials headers
withCredentials:
# <bool> mark as default datasource. Max one per org
isDefault:
# <map> fields that will be converted to json and stored in json_data
jsonData:
graphiteVersion: "1.1"
tlsAuth: true
tlsAuthWithCACert: true
# <string> json object of data that will be encrypted.
secureJsonData:
tlsCACert: "..."
tlsClientCert: "..."
tlsClientKey: "..."
version: 1
# <bool> allow users to edit datasources from the UI.
editable: false
```
charts/prometheus/v9.1.0/charts/grafana/app-readme.md 0 → 100644
# Grafana Helm Chart
* Installs the web dashboarding system [Grafana](http://grafana.org/)
charts/prometheus/v9.1.0/charts/grafana/questions.yml 0 → 100644
labels:
io.cattle.role: cluster # options are cluster/project
questions:
- variable: defaultImage
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: image.repository
default: "ranchercharts/grafana-grafana"
description: "Grafana image name"
type: string
label: Grafana Image Name
- variable: image.tag
default: "6.3.4"
description: "Grafana image tag"
type: string
label: Grafana Image Tag
- variable: sidecar.image
default: "ranchercharts/kiwigrid-k8s-sidecar:0.1.20"
description: "Sidecar image name"
type: string
label: Sidecar Image Name
- variable: downloadDashboardsImage.repository
default: "ranchercharts/appropriate-curl"
description: "Grafana Download Dashboard image name"
type: string
label: Grafana Download Dashboard Image Name
- variable: downloadDashboardsImage.tag
default: "latest"
description: "Grafana Download Dashboard image tag"
type: string
label: Grafana Download Dashboard Image Tag
# grafana configurations
- variable: admin.existingSecret
default: ""
description: "The name of an existing secret containing the admin credentials."
type: secret
group: "Grafana Settings"
label: Select Existing Admin Secret
- variable: adminUser
default: "admin"
description: "Grafana admin username"
type: string
group: "Grafana Settings"
label: Grafana Admin Username
required: true
show_if: "admin.existingSecret="
- variable: adminPassword
default: ""
description: "Grafana admin password"
type: password
group: "Grafana Settings"
label: Grafana Admin Password
show_if: "admin.existingSecret="
- variable: rbac.namespaced
default: true
description: "Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance."
type: boolean
group: "Grafana Settings"
label: Set Grafana RBAC to Namespaced
show_if: "admin.existingSecret="
- variable: persistence.enabled
default: false
description: "Enable persistent volume for Grafana"
type: boolean
required: true
label: Grafana Persistent Volume Enabled
show_subquestion_if: true
group: "Grafana Settings"
subquestions:
- variable: persistence.size
default: "8Gi"
description: "Grafana Persistent Volume Size"
type: string
label: Grafana Volume Size
required: true
- variable: persistence.storageClass
default: ""
description: "If undefined or set to null, using the default storageClass. Defaults to null."
type: storageclass
label: Storage Class for Grafana
- variable: persistence.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for Grafana
- variable: ingress.enabled
default: true
description: "Expose grafana using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose Grafana using Layer 7 Load Balancer
show_subquestion_if: true
group: "Service and Load Balancing"
required: true
subquestions:
- variable: ingress.hosts[0]
default: "xip.io"
description: "Hostname to your grafana installation"
type: hostname
required: true
label: Hostname
- variable: service.type
default: "NodePort"
description: "Grafana service type"
type: enum
group: "Service and Load Balancing"
options:
- "ClusterIP"
- "NodePort"
required: true
label: Grafana Service Type
show_subquestion_if: "NodePort"
subquestions:
- variable: service.nodePort
default: ""
description: "NodePort http port(to set explicitly, choose port between 30000-32767)"
type: int
min: 30000
max: 32767
show_if: "ingress.enabled=false"
label: Grafana NodePort Number
charts/prometheus/v9.1.0/charts/grafana/templates/NOTES.txt 0 → 100644
1. Get your '{{ .Values.adminUser }}' user password by running:
kubectl get secret --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ template "grafana.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.ingress.enabled }}
From outside the cluster, the server URL(s) are:
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
{{ else }}
Get the Grafana URL to visit by running these commands in the same shell:
{{ if contains "NodePort" .Values.service.type -}}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{ else if contains "LoadBalancer" .Values.service.type -}}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "grafana.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
http://$SERVICE_IP:{{ .Values.service.port -}}
{{ else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000
{{- end }}
{{- end }}
3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
{{- if not .Values.persistence.enabled }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Grafana pod is terminated. #####
#################################################################################
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "grafana.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "grafana.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "grafana.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account
*/}}
{{- define "grafana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "grafana.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "grafana.serviceAccountNameTest" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
{{- else -}}
{{ default "default" .Values.serviceAccount.nameTest }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/clusterrole.yaml 0 → 100644
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "grafana.fullname" . }}-clusterrole
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }}
rules:
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }}
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end}}
{{- with .Values.rbac.extraClusterRoleRules }}
{{ toYaml . | indent 0 }}
{{- end}}
{{- else }}
rules: []
{{- end}}
{{- end}}
charts/prometheus/v9.1.0/charts/grafana/templates/clusterrolebinding.yaml 0 → 100644
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "grafana.fullname" . }}-clusterrolebinding
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "grafana.fullname" . }}-clusterrole
apiGroup: rbac.authorization.k8s.io
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/configmap-dashboard-provider.yaml 0 → 100644
{{- if .Values.sidecar.dashboards.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "grafana.fullname" . }}-config-dashboards
namespace: {{ .Release.Namespace }}
data:
provider.yaml: |-
apiVersion: 1
providers:
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
type: {{ .Values.sidecar.dashboards.provider.type }}
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
options:
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
{{- end}}
charts/prometheus/v9.1.0/charts/grafana/templates/configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{- if .Values.plugins }}
plugins: {{ join "," .Values.plugins }}
{{- end }}
grafana.ini: |
{{- range $key, $value := index .Values "grafana.ini" }}
[{{ $key }}]
{{- range $elem, $elemVal := $value }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- if .Values.datasources }}
{{ $root := . }}
{{- range $key, $value := .Values.datasources }}
{{ $key }}: |
{{ tpl (toYaml $value | indent 4) $root }}
{{- end -}}
{{- end -}}
{{- if .Values.notifiers }}
{{- range $key, $value := .Values.notifiers }}
{{ $key }}: |
{{ toYaml $value | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{ $key }}: |
{{ toYaml $value | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.dashboards }}
download_dashboards.sh: |
#!/usr/bin/env sh
set -euf
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{- range $value.providers }}
mkdir -p {{ .options.path }}
{{- end }}
{{- end }}
{{- end }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
curl -sk \
--connect-timeout 60 \
--max-time 60 \
{{- if not $value.b64content }}
-H "Accept: application/json" \
-H "Content-Type: application/json;charset=UTF-8" \
{{- end }}
{{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \
> /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json
{{- end -}}
{{- end }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/dashboards-json-configmap.yaml 0 → 100644
{{- if .Values.dashboards }}
{{ $files := .Files }}
{{- range $provider, $dashboards := .Values.dashboards }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }}
namespace: {{ $.Release.Namespace }}
labels:
app: {{ template "grafana.name" $ }}
chart: {{ template "grafana.chart" $ }}
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
dashboard-provider: {{ $provider }}
data:
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
{{ print $key | indent 2 }}.json:
{{- if hasKey $value "json" }}
|-
{{ $value.json | indent 6 }}
{{- end }}
{{- if hasKey $value "file" }}
{{ toYaml ( $files.Get $value.file ) | indent 4}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/deployment.yaml 0 → 100644
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: {{ template "grafana.name" . }}
release: {{ .Release.Name }}
{{- with .Values.deploymentStrategy }}
strategy:
{{ toYaml . | trim | indent 4 }}
{{- end }}
template:
metadata:
labels:
app: {{ template "grafana.name" . }}
release: {{ .Release.Name }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
{{- if not .Values.admin.existingSecret }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "grafana.serviceAccountName" . }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.extraInitContainers) }}
initContainers:
{{- end }}
{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }}
- name: init-chown-data
image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}"
imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }}
securityContext:
runAsUser: 0
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsUser }}", "/var/lib/grafana"]
resources:
{{ toYaml .Values.initChownData.resources | indent 12 }}
volumeMounts:
- name: storage
mountPath: "/var/lib/grafana"
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- end }}
{{- if .Values.dashboards }}
- name: download-dashboards
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
command: ["/bin/sh"]
args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ]
env:
{{- range $key, $value := .Values.downloadDashboards.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: "/etc/grafana/download_dashboards.sh"
subPath: download_dashboards.sh
- name: storage
mountPath: "/var/lib/grafana"
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
{{- if .Values.sidecar.datasources.enabled }}
- name: {{ template "grafana.name" . }}-sc-datasources
image: "{{ .Values.sidecar.image }}"
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: METHOD
value: LIST
- name: LABEL
value: "{{ .Values.sidecar.datasources.label }}"
- name: FOLDER
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: "both"
{{- if .Values.sidecar.datasources.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.datasources.searchNamespace }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 12 }}
volumeMounts:
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
{{- end}}
{{- if .Values.extraInitContainers }}
{{ toYaml .Values.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end}}
{{- end }}
containers:
{{- if .Values.sidecar.dashboards.enabled }}
- name: {{ template "grafana.name" . }}-sc-dashboard
image: "{{ .Values.sidecar.image }}"
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: LABEL
value: "{{ .Values.sidecar.dashboards.label }}"
- name: FOLDER
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
- name: RESOURCE
value: "both"
{{- if .Values.sidecar.dashboards.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.dashboards.searchNamespace }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 12 }}
volumeMounts:
- name: sc-dashboard-volume
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
{{- end}}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.command }}
command:
{{- range .Values.command }}
- {{ . }}
{{- end }}
{{- end}}
volumeMounts:
- name: config
mountPath: "/etc/grafana/grafana.ini"
subPath: grafana.ini
{{- if not .Values.admin.existingSecret }}
- name: ldap
mountPath: "/etc/grafana/ldap.toml"
subPath: ldap.toml
{{- end }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
- name: storage
mountPath: "/var/lib/grafana"
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- if .Values.dashboards }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
- name: dashboards-{{ $provider }}
mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
subPath: "{{ $key }}.json"
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.dashboardsConfigMaps }}
{{- range keys .Values.dashboardsConfigMaps }}
- name: dashboards-{{ . }}
mountPath: "/var/lib/grafana/dashboards/{{ . }}"
{{- end }}
{{- end }}
{{- if .Values.datasources }}
- name: config
mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
subPath: datasources.yaml
{{- end }}
{{- if .Values.notifiers }}
- name: config
mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml"
subPath: notifiers.yaml
{{- end }}
{{- if .Values.dashboardProviders }}
- name: config
mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
subPath: dashboardproviders.yaml
{{- end }}
{{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-volume
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
- name: sc-dashboard-provider
mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
subPath: provider.yaml
{{- end}}
{{- if .Values.sidecar.datasources.enabled }}
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
{{- end}}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.extraVolumeMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.extraEmptyDirMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- end }}
ports:
- name: service
containerPort: {{ .Values.service.port }}
protocol: TCP
- name: grafana
containerPort: 3000
protocol: TCP
env:
{{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.userKey | default "admin-user" }}
{{- end }}
{{- if not .Values.env.GF_SECURITY_ADMIN_PASSWORD }}
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if .Values.plugins }}
- name: GF_INSTALL_PLUGINS
valueFrom:
configMapKeyRef:
name: {{ template "grafana.fullname" . }}
key: plugins
{{- end }}
{{- if .Values.smtp.existingSecret }}
- name: GF_SMTP_USER
valueFrom:
secretKeyRef:
name: {{ .Values.smtp.existingSecret }}
key: {{ .Values.smtp.userKey | default "user" }}
- name: GF_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.smtp.existingSecret }}
key: {{ .Values.smtp.passwordKey | default "password" }}
{{- end }}
{{- range $key, $value := .Values.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- if .Values.envFromSecret }}
envFrom:
- secretRef:
name: {{ .Values.envFromSecret }}
{{- end }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 12 }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.extraContainers }}
{{ toYaml .Values.extraContainers | indent 8}}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "grafana.fullname" . }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- if .Values.dashboards }}
{{- range keys .Values.dashboards }}
- name: dashboards-{{ . }}
configMap:
name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }}
{{- end }}
{{- end }}
{{- if .Values.dashboardsConfigMaps }}
{{ $root := . }}
{{- range $provider, $name := .Values.dashboardsConfigMaps }}
- name: dashboards-{{ $provider }}
configMap:
name: {{ tpl $name $root }}
{{- end }}
{{- end }}
{{- if not .Values.admin.existingSecret }}
- name: ldap
secret:
{{- if .Values.ldap.existingSecret }}
secretName: {{ .Values.ldap.existingSecret }}
{{- else }}
secretName: {{ template "grafana.fullname" . }}
{{- end }}
items:
- key: ldap-toml
path: ldap.toml
{{- end }}
- name: storage
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-volume
emptyDir: {}
{{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-provider
configMap:
name: {{ template "grafana.fullname" . }}-config-dashboards
{{- end }}
{{- end }}
{{- if .Values.sidecar.datasources.enabled }}
- name: sc-datasources-volume
emptyDir: {}
{{- end -}}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
defaultMode: {{ .defaultMode }}
{{- end }}
{{- range .Values.extraVolumeMounts }}
- name: {{ .name }}
persistentVolumeClaim:
claimName: {{ .existingClaim }}
{{- end }}
{{- range .Values.extraEmptyDirMounts }}
- name: {{ .name }}
emptyDir: {}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/ingress.yaml 0 → 100644
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "grafana.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels | indent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/podsecuritypolicy.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
{{- if .Values.rbac.pspUseAppArmor }}
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
# Default set from Docker, without DAC_OVERRIDE or CHOWN
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_RAW
- SYS_CHROOT
- MKNOD
- AUDIT_WRITE
- SETFCAP
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
readOnlyRootFilesystem: false
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/pvc.yaml 0 → 100644
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/role.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }}
rules:
{{- if .Values.rbac.pspEnabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "grafana.fullname" . }}]
{{- end }}
{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }}
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end }}
{{- with .Values.rbac.extraRoleRules }}
{{ toYaml . | indent 0 }}
{{- end}}
{{- else }}
rules: []
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/rolebinding.yaml 0 → 100644
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "grafana.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
roleRef:
kind: Role
name: {{ template "grafana.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}
charts/prometheus/v9.1.0/charts/grafana/templates/secret.yaml 0 → 100644
{{- if not .Values.admin.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- if .Values.adminPassword }}
admin-password: {{ .Values.adminPassword | b64enc | quote }}
{{- else }}
admin-password: {{ randAlphaNum 40 | b64enc | quote }}
{{- end }}
{{- if not .Values.ldap.existingSecret }}
ldap-toml: {{ .Values.ldap.config | b64enc | quote }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels | indent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
type: ClusterIP
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
ports:
- name: service
port: {{ .Values.service.port }}
protocol: TCP
targetPort: {{ .Values.service.targetPort }}
{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
nodePort: {{.Values.service.nodePort}}
{{ end }}
selector:
app: {{ template "grafana.name" . }}
release: {{ .Release.Name }}
charts/prometheus/v9.1.0/charts/grafana/templates/serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
data:
run.sh: |-
@test "Test Health" {
url="http://{{ template "grafana.fullname" . }}/api/health"
code=$(curl -s -o /dev/null -I -w "%{http_code}" $url)
[ "$code" == "200" ]
}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-podsecuritypolicy.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
allowPrivilegeEscalation: true
privileged: false
hostNetwork: false
hostIPC: false
hostPID: false
fsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- projected
- secret
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-role.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "grafana.fullname" . }}-test]
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-rolebinding.yaml 0 → 100644
{{- if .Values.rbac.pspEnabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "grafana.fullname" . }}-test
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountNameTest" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test-serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "grafana.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "grafana.serviceAccountNameTest" . }}
{{- end }}
charts/prometheus/v9.1.0/charts/grafana/templates/tests/test.yaml 0 → 100644
apiVersion: v1
kind: Pod
metadata:
name: {{ template "grafana.fullname" . }}-test
labels:
app: {{ template "grafana.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
annotations:
"helm.sh/hook": test-success
spec:
serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }}
{{- if .Values.testFramework.securityContext }}
securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }}
{{- end }}
initContainers:
- name: test-framework
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end}}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 4 }}
{{- end }}
containers:
- name: {{ .Release.Name }}-test
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: {{ template "grafana.fullname" . }}-test
- name: tools
emptyDir: {}
restartPolicy: Never
charts/prometheus/v9.1.0/charts/grafana/values.yaml 0 → 100644
rbac:
create: true
pspEnabled: true
pspUseAppArmor: true
namespaced: false
extraRoleRules: []
# - apiGroups: []
# resources: []
# verbs: []
extraClusterRoleRules: []
# - apiGroups: []
# resources: []
# verbs: []
serviceAccount:
create: true
name:
nameTest:
replicas: 1
## See `kubectl explain deployment.spec.strategy` for more
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
deploymentStrategy:
type: RollingUpdate
readinessProbe:
httpGet:
path: /api/health
port: 3000
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 60
timeoutSeconds: 30
failureThreshold: 10
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName: "default-scheduler"
image:
repository: ranchercharts/grafana-grafana
tag: 6.3.4
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistrKeySecretName
testFramework:
image: "dduportal/bats"
tag: "0.4.0"
securityContext: {}
securityContext:
runAsUser: 472
fsGroup: 472
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /etc/grafana/ssl/
# subPath: certificates.crt # (optional)
# configMap: certs-configmap
# readOnly: true
extraEmptyDirMounts: []
# - name: provisioning-notifiers
# mountPath: /etc/grafana/provisioning/notifiers
## Assign a PriorityClassName to pods if set
# priorityClassName:
downloadDashboardsImage:
repository: ranchercharts/appropriate-curl
tag: latest
pullPolicy: IfNotPresent
downloadDashboards:
env: {}
## Pod Annotations
# podAnnotations: {}
## Deployment annotations
# annotations: {}
## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
type: ClusterIP
port: 80
targetPort: 3000
# targetPort: 4181 To be used with a proxy extraContainer
annotations: {}
labels: {}
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
#
nodeSelector: {}
## Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
extraInitContainers: []
## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
extraContainers: |
# - name: proxy
# image: quay.io/gambol99/keycloak-proxy:latest
# args:
# - -provider=github
# - -client-id=
# - -client-secret=
# - -github-org=<ORG_NAME>
# - -email-domain=*
# - -cookie-secret=
# - -http-address=http://0.0.0.0:4181
# - -upstream-url=http://127.0.0.1:3000
# ports:
# - name: proxy-web
# containerPort: 4181
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: false
# storageClassName: default
accessModes:
- ReadWriteOnce
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim:
initChownData:
## If false, data ownership will not be reset at startup
## This allows the prometheus-server to be run with an arbitrary user
##
enabled: true
## initChownData container image
##
image:
repository: busybox
tag: "1.30"
pullPolicy: IfNotPresent
## initChownData resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Administrator credentials when not using an existing secret (see below)
adminUser: admin
# adminPassword: strongpassword
# Use an existing secret for the admin user.
admin:
existingSecret: ""
userKey: admin-user
passwordKey: admin-password
## Define command to be executed at startup by grafana container
## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/)
## Default is "run.sh" as defined in grafana's Dockerfile
# command:
# - "sh"
# - "/run.sh"
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Extra environment variables that will be pass onto deployment pods
env: {}
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
## This can be useful for auth tokens, etc
envFromSecret: ""
## Additional grafana server secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts: []
# - name: secret-files
# mountPath: /etc/secrets
# secretName: grafana-secret-files
# readOnly: true
## Additional grafana server volume mounts
# Defines additional volume mounts.
extraVolumeMounts: []
# - name: extra-volume
# mountPath: /mnt/volume
# readOnly: true
# existingClaim: volume-claim
## Pass the plugins you want installed as a list.
##
plugins: []
# - digrich-bubblechart-panel
# - grafana-clock-panel
## Configure grafana datasources
## ref: http://docs.grafana.org/administration/provisioning/#datasources
##
datasources: {}
# datasources.yaml:
# apiVersion: 1
# datasources:
# - name: Prometheus
# type: prometheus
# url: http://prometheus-prometheus-server
# access: proxy
# isDefault: true
## Configure notifiers
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels
##
notifiers: {}
# notifiers.yaml:
# notifiers:
# - name: email-notifier
# type: email
# uid: email1
# # either:
# org_id: 1
# # or
# org_name: Main Org.
# is_default: true
# settings:
# addresses: an_email_address@example.com
# delete_notifiers:
## Configure grafana dashboard providers
## ref: http://docs.grafana.org/administration/provisioning/#dashboards
##
## `path` must be /var/lib/grafana/dashboards/<provider_name>
##
dashboardProviders: {}
# dashboardproviders.yaml:
# apiVersion: 1
# providers:
# - name: 'default'
# orgId: 1
# folder: ''
# type: file
# disableDeletion: false
# editable: true
# options:
# path: /var/lib/grafana/dashboards/default
## Configure grafana dashboard to import
## NOTE: To use dashboards you must also enable/configure dashboardProviders
## ref: https://grafana.com/dashboards
##
## dashboards per provider, use provider name as key.
##
dashboards: {}
# default:
# some-dashboard:
# json: |
# $RAW_JSON
# custom-dashboard:
# file: dashboards/custom-dashboard.json
# prometheus-stats:
# gnetId: 2
# revision: 2
# datasource: Prometheus
# local-dashboard:
# url: https://example.com/repository/test.json
# local-dashboard-base64:
# url: https://example.com/repository/test-b64.json
# b64content: true
## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value.
## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both.
## ConfigMap data example:
##
## data:
## example-dashboard.json: |
## RAW_JSON
##
dashboardsConfigMaps: {}
# default: ""
## Grafana's primary configuration
## NOTE: values in map will be converted to ini format
## ref: http://docs.grafana.org/installation/configuration/
##
grafana.ini:
paths:
data: /var/lib/grafana/data
logs: /var/log/grafana
plugins: /var/lib/grafana/plugins
provisioning: /etc/grafana/provisioning
analytics:
check_for_updates: true
log:
mode: console
grafana_net:
url: https://grafana.net
## LDAP Authentication can be enabled with the following values on grafana.ini
## NOTE: Grafana will fail to start if the value for ldap.toml is invalid
# auth.ldap:
# enabled: true
# allow_sign_up: true
# config_file: /etc/grafana/ldap.toml
## Grafana's LDAP configuration
## Templated by the template in _helpers.tpl
## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled
## ref: http://docs.grafana.org/installation/configuration/#auth-ldap
## ref: http://docs.grafana.org/installation/ldap/#configuration
ldap:
# `existingSecret` is a reference to an existing secret containing the ldap configuration
# for Grafana in a key `ldap-toml`.
existingSecret: ""
# `config` is the content of `ldap.toml` that will be stored in the created secret
config: ""
# config: |-
# verbose_logging = true
# [[servers]]
# host = "my-ldap-server"
# port = 636
# use_ssl = true
# start_tls = false
# ssl_skip_verify = false
# bind_dn = "uid=%s,ou=users,dc=myorg,dc=com"
## Grafana's SMTP configuration
## NOTE: To enable, grafana.ini must be configured with smtp.enabled
## ref: http://docs.grafana.org/installation/configuration/#smtp
smtp:
# `existingSecret` is a reference to an existing secret containing the smtp configuration
# for Grafana.
existingSecret: ""
userKey: "user"
passwordKey: "password"
## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders
## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards
sidecar:
image: ranchercharts/kiwigrid-k8s-sidecar:0.1.20
imagePullPolicy: IfNotPresent
resources: {}
# limits:
# cpu: 100m
# memory: 100Mi
# requests:
# cpu: 50m
# memory: 50Mi
# skipTlsVerify Set to true to skip tls verification for kube api calls
# skipTlsVerify: true
dashboards:
enabled: false
# label that the configmaps with dashboards are marked with
label: grafana_dashboard
# folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set)
folder: /tmp/dashboards
# The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead
defaultFolderName: null
# If specified, the sidecar will search for dashboard config-maps inside this namespace.
# Otherwise the namespace in which the sidecar is running will be used.
# It's also possible to specify ALL to search in all namespaces
searchNamespace: null
# provider configuration that lets grafana manage the dashboards
provider:
# name of the provider, should be unique
name: sidecarProvider
# orgid as configured in grafana
orgid: 1
# folder in which the dashboards should be imported in grafana
folder: ''
# type of the provider
type: file
# disableDelete to activate a import-only behaviour
disableDelete: false
datasources:
enabled: false
# label that the configmaps with datasources are marked with
label: grafana_datasource
# If specified, the sidecar will search for datasource config-maps inside this namespace.
# Otherwise the namespace in which the sidecar is running will be used.
# It's also possible to specify ALL to search in all namespaces
searchNamespace: null
charts/prometheus/v9.1.0/questions.yml 0 → 100644
categories:
- Monitoring
labels:
io.cattle.role: cluster # options are cluster/project
questions:
# Docker image configurations
- variable: defaultImage
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: server.image.repository
default: "ranchercharts/prom-prometheus"
description: "Prometheus image name"
type: string
label: Prometheus Image Name
- variable: server.image.tag
default: "v2.11.1"
description: "Prometheus image tag"
type: string
label: Prometheus Image Tag
- variable: alertmanager.image.repository
default: "ranchercharts/prom-alertmanager"
description: "Alertmanager image name"
type: string
label: Alertmanager Image Name
show_if: "alertmanager.enabled=true"
- variable: alertmanager.image.tag
default: "v0.18.0"
description: "Alertmanager image tag"
type: string
label: Alertmanager Image Tag
show_if: "alertmanager.enabled=true"
- variable: nodeExporter.image.repository
default: "ranchercharts/prom-node-exporter"
description: "Node exporter image name"
type: string
label: NodeExporter Image Name
- variable: nodeExporter.image.tag
default: "v0.18.0"
description: "Node exporter image tag"
type: string
label: NodeExporter Image Tag
- variable: pushgateway.image.repository
default: "ranchercharts/prom-pushgateway"
description: "Pushgateway image name"
type: string
label: Pushgateway Image Name
- variable: pushgateway.image.tag
default: "v0.8.0"
description: "Pushgateway image tag"
type: string
label: Pushgateway Image Tag
- variable: kubeStateMetrics.image.repository
default: "ranchercharts/coreos-kube-state-metrics"
description: "Kube-state-metrics image name"
type: string
label: KubeStateMetrics Image Name
- variable: kubeStateMetrics.image.tag
default: "v1.7.2"
description: "Kube-state-metrics image tag"
type: string
label: KubeStateMetrics Image Tag
- variable: grafana.image.repository
default: "ranchercharts/grafana-grafana"
description: "Grafana image name"
type: string
label: Grafana Image Name
- variable: grafana.image.tag
default: "6.3.4"
description: "Grafana image tag"
type: string
label: Grafana Image Tag
- variable: grafana.sidecar.image
default: "ranchercharts/kiwigrid-k8s-sidecar:0.1.20"
description: "Sidecar image name"
type: string
label: Sidecar Image Name
- variable: grafana.downloadDashboardsImage.repository
default: "ranchercharts/appropriate-curl"
description: "Grafana Download Dashboard image name"
type: string
label: Grafana Download Dashboard Image Name
- variable: grafana.downloadDashboardsImage.tag
default: "latest"
description: "Grafana Download Dashboard image tag"
type: string
label: Grafana Download Dashboard Image Tag
# server configurations
- variable: server.ingress.enabled
default: false
description: "Expose prometheus using Layer 7 Load Balancer - ingress"
type: boolean
group: "Prometheus Server"
label: Expose Prometheus using Layer 7 Load Balancer
show_subquestion_if: true
required: true
subquestions:
- variable: server.ingress.hosts[0]
default: "xip.io"
description: "Prometheus server ingress hostname"
type: hostname
required: true
label: Hostname
- variable: server.service.type
default: "NodePort"
description: "Server service type"
group: "Prometheus Server"
type: enum
options:
- "ClusterIP"
- "NodePort"
required: true
label: Prometheus Service Type
show_subquestion_if: "NodePort"
subquestions:
- variable: server.service.nodePort
default: ""
description: "NodePort http port(to set explicitly, choose port between 30000-32767)"
type: int
min: 30000
max: 32767
label: Prometheus NodePort Http Port
show_if: "server.ingress.enabled=false&&server.service.type=NodePort"
- variable: server.persistentVolume.enabled
default: false
description: "If true, prometheus will create a persistent volume claim"
type: boolean
group: "Prometheus Server"
required: true
label: Create Persistent Volume for Prometheus
show_subquestion_if: true
subquestions:
- variable: server.persistentVolume.size
default: "8Gi"
description: "Prometheus data persistent volume size"
type: string
label: Prometheus Persistent Volume Size
- variable: server.persistentVolume.storageClass
default: ""
description: "Prometheus data persistent volume storageClass, if not set use default StorageClass"
type: storageclass
label: Prometheus Persistent Volume StorageClass
- variable: server.persistentVolume.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for Prometheus
# alertmanager configurations
- variable: alertmanager.enabled
default: true
description: "Select to create alertmanager"
type: boolean
group: "Alertmanager"
label: Enable Alertmanager
- variable: alertmanager.ingress.enabled
default: false
description: "Expose alertmanager using Layer 7 Load Balancer - ingress"
type: boolean
group: "Alertmanager"
label: Expose Alertmanager using Layer 7 Load Balancer
show_if: "alertmanager.enabled=true"
show_subquestion_if: true
required: true
subquestions:
- variable: alertmanager.ingress.hosts[0]
default: "xip.io"
description: "Hostname to your alertmanager installation"
type: hostname
required: true
label: Hostname
show_if: "alertmanager.enabled=true"
- variable: alertmanager.service.type
default: "NodePort"
description: "Alertmanager service type"
type: enum
show_if: "alertmanager.ingress.enabled=false&&alertmanager.enabled=true"
group: "Alertmanager"
options:
- "ClusterIP"
- "NodePort"
required: true
label: Alertmanager Service Type
show_subquestion_if: "NodePort"
subquestions:
- variable: alertmanager.service.nodePort
default: ""
description: "NodePort http port(to set explicitly, choose port between 30000-32767)"
type: int
min: 30000
max: 32767
label: Alertmanager NodePort Http Port
show_if: "alertmanager.enabled=true&&alertmanager.ingress.enabled=false"
- variable: alertmanager.persistentVolume.enabled
default: false
description: "If true, alertmanager will create a persistent volume claim"
type: boolean
required: true
group: "Alertmanager"
label: Create Persistent Volume for Alertmanager
show_if: "alertmanager.enabled=true"
show_subquestion_if: true
subquestions:
- variable: alertmanager.persistentVolume.size
default: "2Gi"
description: "Alertmanager data persistent volume size"
type: string
label: Alertmanager Persistent Volume Size
show_if: "alertmanager.enabled=true"
- variable: alertmanager.persistentVolume.storageClass
default: ""
description: "Alertmanager data persistent volume storageClass, if not set use default StorageClass"
type: storageclass
label: Alertmanager Persistent Volume StorageClass
show_if: "alertmanager.enabled=true"
- variable: alertmanager.persistentVolume.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for AlertManager
# Grafana configurations
- variable: grafana.enabled
default: false
description: "Create Grafana Dashboard"
type: boolean
group: "Grafana Settings"
label: Enable Grafana Dashboard
show_subquestion_if: "true"
subquestions:
- variable: grafana.admin.existingSecret
default: ""
description: "The name of an existing secret containing the admin credentials."
type: secret
group: "Grafana Settings"
label: Select Existing Admin Secret
- variable: grafana.adminUser
default: "admin"
description: "Grafana admin username"
type: string
group: "Grafana Settings"
label: Grafana Admin Username
required: true
show_if: "grafana.admin.existingSecret="
- variable: grafana.adminPassword
default: ""
description: "Grafana admin password"
type: password
group: "Grafana Settings"
label: Grafana Admin Password
show_if: "grafana.admin.existingSecret="
- variable: rbac.namespaced
default: true
description: "Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance."
type: boolean
group: "Grafana Settings"
label: Set Grafana RBAC to Namespaced
show_if: "grafana.admin.existingSecret="
- variable: grafana.persistence.enabled
default: false
description: "Enable persistent volume for Grafana"
type: boolean
required: true
label: Grafana Persistent Volume Enabled
show_if: "grafana.enabled=true"
show_subquestion_if: true
group: "Grafana Settings"
subquestions:
- variable: grafana.persistence.size
default: "8Gi"
description: "Grafana Persistent Volume Size"
type: string
label: Grafana Volume Size
required: true
- variable: grafana.persistence.storageClass
default: ""
description: "If undefined or set to null, using the default storageClass. Defaults to null."
type: storageclass
label: Storage Class for Grafana
- variable: grafana.persistence.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for Grafana
- variable: grafana.ingress.enabled
default: false
description: "Expose grafana using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose Grafana using Layer 7 Load Balancer
show_if: "grafana.enabled=true"
show_subquestion_if: true
group: "Grafana Settings"
required: true
subquestions:
- variable: grafana.ingress.hosts[0]
default: "xip.io"
description: "Hostname to your grafana installation"
type: hostname
required: true
label: Hostname
- variable: grafana.service.type
default: "NodePort"
description: "Grafana service type"
type: enum
show_if: "grafana.enabled=true"
group: "Grafana Settings"
options:
- "ClusterIP"
- "NodePort"
required: true
label: Grafana Service Type
show_subquestion_if: "NodePort"
subquestions:
- variable: grafana.service.nodePort
default: ""
description: "NodePort http port(to set explicitly, choose port between 30000-32767)"
type: int
min: 30000
max: 32767
show_if: "grafana.ingress.enabled=false&&grafana.enabled=true"
label: Grafana NodePort Number
# push-gateway configs
- variable: pushgateway.enabled
default: true
description: "Select whether to create pushgateway"
type: boolean
group: "Pushgateway"
label: Enable Pushgateway
- variable: pushgateway.persistentVolume.enabled
default: false
description: "If true, pushgateway will create a persistent volume claim"
type: boolean
required: true
group: "Pushgateway"
label: Create Persistent Volume for Pushgateway
show_if: "pushgateway.enabled=true"
show_subquestion_if: true
subquestions:
- variable: pushgateway.persistentVolume.size
default: "2Gi"
description: "Pushgateway data persistent volume size"
type: string
label: Pushgateway Persistent Volume Size
show_if: "pushgateway.enabled=true"
- variable: pushgateway.persistentVolume.storageClass
default: ""
description: "Pushgateway data persistent volume storageClass, if not set use default StorageClass"
type: storageclass
label: Pushgateway Persistent Volume StorageClass
show_if: "pushgateway.enabled=true"
- variable: pushgateway.persistentVolume.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume Claim for AlertManager
charts/prometheus/v9.1.0/requirements.yaml 0 → 100644
dependencies:
- name: grafana
version: 0.0.30
condition: grafana.enabled
repository: "files://./charts/grafana"
charts/prometheus/v9.1.0/templates/NOTES.txt 0 → 100644
{{- if .Values.server.enabled -}}
The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.server.ingress.enabled -}}
From outside the cluster, the server URL(s) are:
{{- range .Values.server.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the Prometheus server URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.server.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.server.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }}
{{- else if contains "ClusterIP" .Values.server.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090
{{- end }}
{{- end }}
{{- if .Values.server.persistentVolume.enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Server pod is terminated. #####
#################################################################################
{{- end }}
{{- end }}
{{ if .Values.alertmanager.enabled }}
The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.alertmanager.ingress.enabled -}}
From outside the cluster, the alertmanager URL(s) are:
{{- range .Values.alertmanager.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the Alertmanager URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.alertmanager.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }}
{{- else if contains "ClusterIP" .Values.alertmanager.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093
{{- end }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the AlertManager pod is terminated. #####
#################################################################################
{{- end }}
{{- end }}
{{- if .Values.nodeExporter.podSecurityPolicy.enabled }}
{{- else }}
#################################################################################
###### WARNING: Pod Security Policy has been moved to a global property. #####
###### use .Values.podSecurityPolicy.enabled with pod-based #####
###### annotations #####
###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
#################################################################################
{{- end }}
{{ if .Values.pushgateway.enabled }}
The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.pushgateway.ingress.enabled -}}
From outside the cluster, the pushgateway URL(s) are:
{{- range .Values.pushgateway.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the PushGateway URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.pushgateway.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }}
{{- else if contains "ClusterIP" .Values.pushgateway.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091
{{- end }}
{{- end }}
{{- end }}
For more information on running Prometheus, visit:
https://prometheus.io/
charts/prometheus/v9.1.0/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "prometheus.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create unified labels for prometheus components
*/}}
{{- define "prometheus.common.matchLabels" -}}
app: {{ template "prometheus.name" . }}
release: {{ .Release.Name }}
{{- end -}}
{{- define "prometheus.common.metaLabels" -}}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
{{- end -}}
{{- define "prometheus.alertmanager.labels" -}}
{{ include "prometheus.alertmanager.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.alertmanager.matchLabels" -}}
component: {{ .Values.alertmanager.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.kubeStateMetrics.labels" -}}
{{ include "prometheus.kubeStateMetrics.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.kubeStateMetrics.matchLabels" -}}
component: {{ .Values.kubeStateMetrics.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.nodeExporter.labels" -}}
{{ include "prometheus.nodeExporter.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.nodeExporter.matchLabels" -}}
component: {{ .Values.nodeExporter.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.pushgateway.labels" -}}
{{ include "prometheus.pushgateway.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.pushgateway.matchLabels" -}}
component: {{ .Values.pushgateway.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.server.labels" -}}
{{ include "prometheus.server.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.server.matchLabels" -}}
component: {{ .Values.server.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified alertmanager name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.alertmanager.fullname" -}}
{{- if .Values.alertmanager.fullnameOverride -}}
{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified kube-state-metrics name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.kubeStateMetrics.fullname" -}}
{{- if .Values.kubeStateMetrics.fullnameOverride -}}
{{- .Values.kubeStateMetrics.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.kubeStateMetrics.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified node-exporter name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.nodeExporter.fullname" -}}
{{- if .Values.nodeExporter.fullnameOverride -}}
{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified Prometheus server name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.server.fullname" -}}
{{- if .Values.server.fullnameOverride -}}
{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified pushgateway name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.pushgateway.fullname" -}}
{{- if .Values.pushgateway.fullnameOverride -}}
{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "prometheus.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the alertmanager component
*/}}
{{- define "prometheus.serviceAccountName.alertmanager" -}}
{{- if .Values.serviceAccounts.alertmanager.create -}}
{{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.alertmanager.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the kubeStateMetrics component
*/}}
{{- define "prometheus.serviceAccountName.kubeStateMetrics" -}}
{{- if .Values.serviceAccounts.kubeStateMetrics.create -}}
{{ default (include "prometheus.kubeStateMetrics.fullname" .) .Values.serviceAccounts.kubeStateMetrics.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.kubeStateMetrics.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the nodeExporter component
*/}}
{{- define "prometheus.serviceAccountName.nodeExporter" -}}
{{- if .Values.serviceAccounts.nodeExporter.create -}}
{{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.nodeExporter.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the pushgateway component
*/}}
{{- define "prometheus.serviceAccountName.pushgateway" -}}
{{- if .Values.serviceAccounts.pushgateway.create -}}
{{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.pushgateway.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the server component
*/}}
{{- define "prometheus.serviceAccountName.server" -}}
{{- if .Values.serviceAccounts.server.create -}}
{{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.server.name }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-clusterrole.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.alertmanager.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-clusterrolebinding.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.alertmanager.fullname" . }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-configmap.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
data:
{{- $root := . -}}
{{- range $key, $value := .Values.alertmanagerFiles }}
{{ $key }}: |
{{ toYaml $value | default "{}" | indent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-deployment.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
replicas: {{ .Values.alertmanager.replicaCount }}
{{- if .Values.server.strategy }}
strategy:
{{ toYaml .Values.server.strategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.alertmanager.podAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
spec:
{{- if .Values.alertmanager.schedulerName }}
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
args:
- --config.file=/etc/config/{{ .Values.alertmanager.configFileName }}
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
- --cluster.advertise-address=$(POD_IP):6783
{{- range $key, $value := .Values.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.alertmanager.baseURL }}
- --web.external-url={{ .Values.alertmanager.baseURL }}
{{- end }}
ports:
- containerPort: 9093
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.prefixURL }}/#/status
port: 9093
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.affinity }}
affinity:
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
{{- end }}
volumes:
- name: config-volume
{{- if empty .Values.alertmanager.configFromSecret }}
configMap:
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
secret:
secretName: {{ .Values.alertmanager.configFromSecret }}
{{- end }}
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
- name: storage-volume
{{- if .Values.alertmanager.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-ingress.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.alertmanager.fullname" . }}
{{- $servicePort := .Values.alertmanager.service.servicePort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.alertmanager.ingress.annotations }}
annotations:
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }}
{{ $key }}: {{ $value }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
rules:
{{- range .Values.alertmanager.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
- path: /{{ rest $url | join "/" }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.alertmanager.ingress.tls }}
tls:
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-networkpolicy.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
- ports:
- port: 9093
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
annotations:
{{- if .Values.alertmanager.podSecurityPolicy.annotations }}
{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'secret'
allowedHostPaths:
- pathPrefix: /etc
readOnly: true
- pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-pvc.yaml 0 → 100644
{{- if not .Values.alertmanager.statefulSet.enabled -}}
{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}}
{{- if not .Values.alertmanager.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.alertmanager.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
accessModes:
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }}
{{- if .Values.alertmanager.persistentVolume.storageClass }}
{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-service-headless.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.alertmanager.statefulSet.headless.annotations }}
annotations:
{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.statefulSet.headless.labels }}
{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}-headless
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.alertmanager.statefulSet.headless.servicePort }}
protocol: TCP
targetPort: 9093
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- name: meshpeer
port: 6783
protocol: TCP
targetPort: 6783
{{- end }}
selector:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-service.yaml 0 → 100644
{{- if .Values.alertmanager.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.alertmanager.service.annotations }}
annotations:
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.service.labels }}
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
{{- if .Values.alertmanager.service.clusterIP }}
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
{{- end }}
{{- if .Values.alertmanager.service.externalIPs }}
externalIPs:
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.alertmanager.service.servicePort }}
protocol: TCP
targetPort: 9093
{{- if .Values.alertmanager.service.nodePort }}
nodePort: {{ .Values.alertmanager.service.nodePort }}
{{- end }}
{{- if .Values.alertmanager.service.enableMeshPeer }}
- name: meshpeer
port: 6783
protocol: TCP
targetPort: 6783
{{- end }}
selector:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
type: "{{ .Values.alertmanager.service.type }}"
{{- end }}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-serviceaccount.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/alertmanager/alertmanager-statefulset.yaml 0 → 100644
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
spec:
serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless
selector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
replicas: {{ .Values.alertmanager.replicaCount }}
podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }}
template:
metadata:
{{- if .Values.alertmanager.podAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
spec:
{{- if .Values.alertmanager.affinity }}
affinity:
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.schedulerName }}
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
args:
- --config.file=/etc/config/alertmanager.yml
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
- --cluster.advertise-address=$(POD_IP):6783
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- --cluster.listen-address=0.0.0.0:6783
{{- range $n := until (.Values.alertmanager.replicaCount | int) }}
- --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.alertmanager.baseURL }}
- --web.external-url={{ .Values.alertmanager.baseURL }}
{{- end }}
ports:
- containerPort: 9093
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.prefixURL }}/#/status
port: 9093
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-volume
{{- if .Values.alertmanager.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }}
resources:
requests:
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- else }}
- name: storage-volume
emptyDir: {}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-clusterrole.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.kubeStateMetrics.fullname" . }}
{{- end }}
- apiGroups:
- ""
resources:
- namespaces
- nodes
- persistentvolumeclaims
- pods
- services
- resourcequotas
- replicationcontrollers
- limitranges
- persistentvolumeclaims
- persistentvolumes
- endpoints
- secrets
- configmaps
verbs:
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- ingresses
- replicasets
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- list
- watch
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-clusterrolebinding.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.kubeStateMetrics" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-deployment.yaml 0 → 100644
{{- if .Values.kubeStateMetrics.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- if .Values.kubeStateMetrics.deploymentAnnotations }}
annotations:
{{ toYaml .Values.kubeStateMetrics.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.kubeStateMetrics.matchLabels" . | nindent 6 }}
replicas: {{ .Values.kubeStateMetrics.replicaCount }}
template:
metadata:
{{- if .Values.kubeStateMetrics.podAnnotations }}
annotations:
{{ toYaml .Values.kubeStateMetrics.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 8 }}
{{- if .Values.kubeStateMetrics.pod.labels }}
{{ toYaml .Values.kubeStateMetrics.pod.labels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.kubeStateMetrics" . }}
{{- if .Values.kubeStateMetrics.priorityClassName }}
priorityClassName: "{{ .Values.kubeStateMetrics.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.kubeStateMetrics.name }}
image: "{{ .Values.kubeStateMetrics.image.repository }}:{{ .Values.kubeStateMetrics.image.tag }}"
imagePullPolicy: "{{ .Values.kubeStateMetrics.image.pullPolicy }}"
{{- if .Values.kubeStateMetrics.args }}
args:
{{- range $key, $value := .Values.kubeStateMetrics.args }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
ports:
- name: metrics
containerPort: 8080
resources:
{{ toYaml .Values.kubeStateMetrics.resources | indent 12 }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.kubeStateMetrics.nodeSelector }}
nodeSelector:
{{ toYaml .Values.kubeStateMetrics.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.kubeStateMetrics.securityContext }}
securityContext:
{{ toYaml .Values.kubeStateMetrics.securityContext | indent 8 }}
{{- end }}
{{- if .Values.kubeStateMetrics.tolerations }}
tolerations:
{{ toYaml .Values.kubeStateMetrics.tolerations | indent 8 }}
{{- end }}
{{- if .Values.kubeStateMetrics.affinity }}
affinity:
{{ toYaml .Values.kubeStateMetrics.affinity | indent 8 }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-networkpolicy.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.kubeStateMetrics.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 10 }}
- ports:
- port: 8080
{{- end -}}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
annotations:
{{- if .Values.kubeStateMetrics.podSecurityPolicy.annotations }}
{{ toYaml .Values.kubeStateMetrics.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'secret'
allowedHostPaths: []
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-serviceaccount.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.serviceAccounts.kubeStateMetrics.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.kubeStateMetrics" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/kube-state/kube-state-metrics-svc.yaml 0 → 100644
{{- if and .Values.kubeStateMetrics.enabled .Values.kubeStateMetrics.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.kubeStateMetrics.service.annotations }}
annotations:
{{ toYaml .Values.kubeStateMetrics.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.kubeStateMetrics.labels" . | nindent 4 }}
{{- if .Values.kubeStateMetrics.service.labels }}
{{ toYaml .Values.kubeStateMetrics.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.kubeStateMetrics.fullname" . }}
spec:
{{- if .Values.kubeStateMetrics.service.clusterIP }}
clusterIP: {{ .Values.kubeStateMetrics.service.clusterIP }}
{{- end }}
{{- if .Values.kubeStateMetrics.service.externalIPs }}
externalIPs:
{{ toYaml .Values.kubeStateMetrics.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.kubeStateMetrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.kubeStateMetrics.service.loadBalancerIP }}
{{- end }}
{{- if .Values.kubeStateMetrics.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.kubeStateMetrics.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.kubeStateMetrics.service.servicePort }}
protocol: TCP
targetPort: 8080
selector:
{{- include "prometheus.kubeStateMetrics.matchLabels" . | nindent 4 }}
type: "{{ .Values.kubeStateMetrics.service.type }}"
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-daemonset.yaml 0 → 100644
{{- if .Values.nodeExporter.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
{{- if .Values.nodeExporter.deploymentAnnotations }}
annotations:
{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
name: {{ template "prometheus.nodeExporter.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }}
{{- if .Values.nodeExporter.updateStrategy }}
updateStrategy:
{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.nodeExporter.podAnnotations }}
annotations:
{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 8 }}
{{- if .Values.nodeExporter.pod.labels }}
{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{- if .Values.nodeExporter.priorityClassName }}
priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }}
image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}"
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
{{- range $key, $value := .Values.nodeExporter.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
ports:
- name: metrics
containerPort: 9100
hostPort: {{ .Values.nodeExporter.service.hostPort }}
resources:
{{ toYaml .Values.nodeExporter.resources | indent 12 }}
volumeMounts:
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
{{- range .Values.nodeExporter.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- if .mountPropagation }}
mountPropagation: {{ .mountPropagation }}
{{- end }}
{{- end }}
{{- range .Values.nodeExporter.extraConfigmapMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.nodeExporter.hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.nodeExporter.hostPID }}
hostPID: true
{{- end }}
{{- if .Values.nodeExporter.tolerations }}
tolerations:
{{ toYaml .Values.nodeExporter.tolerations | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.securityContext }}
securityContext:
{{ toYaml .Values.nodeExporter.securityContext | indent 8 }}
{{- end }}
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
{{- range .Values.nodeExporter.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.nodeExporter.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- end -}}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-podsecuritypolicy.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
annotations:
{{- if .Values.nodeExporter.podSecurityPolicy.annotations }}
{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'hostPath'
- 'secret'
allowedHostPaths:
- pathPrefix: /proc
readOnly: true
- pathPrefix: /sys
readOnly: true
{{- range .Values.nodeExporter.extraHostPathMounts }}
- pathPrefix: {{ .hostPath }}
readOnly: {{ .readOnly }}
{{- end }}
hostNetwork: {{ .Values.nodeExporter.hostNetwork }}
hostPID: {{ .Values.nodeExporter.hostPID }}
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
hostPorts:
- min: 1
max: 65535
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-role.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "prometheus.nodeExporter.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-rolebinding.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ template "prometheus.nodeExporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-service.yaml 0 → 100644
{{- if .Values.nodeExporter.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.nodeExporter.service.annotations }}
annotations:
{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
{{- if .Values.nodeExporter.service.labels }}
{{ toYaml .Values.nodeExporter.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.nodeExporter.fullname" . }}
spec:
{{- if .Values.nodeExporter.service.clusterIP }}
clusterIP: {{ .Values.nodeExporter.service.clusterIP }}
{{- end }}
{{- if .Values.nodeExporter.service.externalIPs }}
externalIPs:
{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.nodeExporter.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }}
{{- end }}
{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: metrics
port: {{ .Values.nodeExporter.service.servicePort }}
protocol: TCP
targetPort: 9100
selector:
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }}
type: "{{ .Values.nodeExporter.service.type }}"
{{- end -}}
charts/prometheus/v9.1.0/templates/node-exporter/node-exporter-serviceaccount.yaml 0 → 100644
{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-clusterrole.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.server.fullname" . }}
{{- end }}
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
- ingresses
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses/status
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- get
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-clusterrolebinding.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.server" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.server.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-configmap.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if (empty .Values.server.configMapOverrideName) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
data:
{{- $root := . -}}
{{- range $key, $value := .Values.serverFiles }}
{{ $key }}: |
{{- if eq $key "prometheus.yml" }}
global:
{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }}
{{- end }}
{{ toYaml $value | default "{}" | indent 4 }}
{{- if eq $key "prometheus.yml" -}}
{{- if $root.Values.extraScrapeConfigs }}
{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }}
{{- end -}}
{{- if $root.Values.alertmanager.enabled }}
alerting:
alertmanagers:
- kubernetes_sd_configs:
- role: pod
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if $root.Values.alertmanager.prefixURL }}
path_prefix: {{ $root.Values.alertmanager.prefixURL }}
{{- end }}
relabel_configs:
- source_labels: [__meta_kubernetes_namespace]
regex: {{ $root.Release.Namespace }}
action: keep
- source_labels: [__meta_kubernetes_pod_label_app]
regex: {{ template "prometheus.name" $root }}
action: keep
- source_labels: [__meta_kubernetes_pod_label_component]
regex: alertmanager
action: keep
- source_labels: [__meta_kubernetes_pod_container_port_number]
regex:
action: drop
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-deployment.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if not .Values.server.statefulSet.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- if .Values.server.deploymentAnnotations }}
annotations:
{{ toYaml .Values.server.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
spec:
selector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
replicas: {{ .Values.server.replicaCount }}
{{- if .Values.server.strategy }}
strategy:
{{ toYaml .Values.server.strategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 8 }}
{{- if .Values.server.podLabels}}
{{ toYaml .Values.server.podLabels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"
{{- end }}
{{- if .Values.server.schedulerName }}
schedulerName: "{{ .Values.server.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
{{- if .Values.server.env }}
env:
{{ toYaml .Values.server.env | indent 12}}
{{- end }}
args:
{{- if .Values.server.retention }}
- --storage.tsdb.retention.time={{ .Values.server.retention }}
{{- end }}
- --config.file={{ .Values.server.configPath }}
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
- --web.console.libraries=/etc/prometheus/console_libraries
- --web.console.templates=/etc/prometheus/consoles
- --web.enable-lifecycle
{{- range $key, $value := .Values.server.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.server.baseURL }}
- --web.external-url={{ .Values.server.baseURL }}
{{- end }}
{{- if .Values.server.enableAdminApi }}
- --web.enable-admin-api
{{- end }}
{{- if .Values.server.skipTSDBLock }}
- --storage.tsdb.no-lockfile
{{- end }}
ports:
- containerPort: 9090
readinessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/ready
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
livenessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.server.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: {{ .Values.server.persistentVolume.mountPath }}
subPath: "{{ .Values.server.persistentVolume.subPath }}"
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.server.extraVolumeMounts }}
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.server.sidecarContainers }}
{{- toYaml .Values.server.sidecarContainers | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.server.securityContext }}
securityContext:
{{ toYaml .Values.server.securityContext | indent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
volumes:
- name: config-volume
configMap:
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
- name: storage-volume
{{- if .Values.server.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- else }}
emptyDir:
{{- if .Values.server.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end -}}
{{- if .Values.server.extraVolumes }}
{{ toYaml .Values.server.extraVolumes | indent 8}}
{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-ingress.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.server.ingress.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.server.fullname" . }}
{{- $servicePort := .Values.server.service.servicePort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{ toYaml .Values.server.ingress.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- range $key, $value := .Values.server.ingress.extraLabels }}
{{ $key }}: {{ $value }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
spec:
rules:
{{- range .Values.server.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
- path: /{{ rest $url | join "/" }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{ toYaml .Values.server.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-networkpolicy.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.networkPolicy.enabled }}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.server.fullname" . }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
ingress:
- ports:
- port: 9090
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.server.fullname" . }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
annotations:
{{- if .Values.server.podSecurityPolicy.annotations }}
{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
allowedCapabilities:
- 'CHOWN'
volumes:
- 'configMap'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'secret'
- 'hostPath'
allowedHostPaths:
- pathPrefix: /etc
readOnly: true
- pathPrefix: {{ .Values.server.persistentVolume.mountPath }}
{{- range .Values.server.extraHostPathMounts }}
- pathPrefix: {{ .hostPath }}
readOnly: {{ .readOnly }}
{{- end }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-pvc.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if not .Values.server.statefulSet.enabled -}}
{{- if .Values.server.persistentVolume.enabled -}}
{{- if not .Values.server.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.server.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
spec:
accessModes:
{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }}
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.server.persistentVolume.size }}"
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-service-headless.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.server.statefulSet.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.statefulSet.headless.annotations }}
annotations:
{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.statefulSet.headless.labels }}
{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}-headless
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.server.statefulSet.headless.servicePort }}
protocol: TCP
targetPort: 9090
selector:
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-service.yaml 0 → 100644
{{- if .Values.server.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
annotations:
{{ toYaml .Values.server.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.service.labels }}
{{ toYaml .Values.server.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
spec:
{{- if .Values.server.service.clusterIP }}
clusterIP: {{ .Values.server.service.clusterIP }}
{{- end }}
{{- if .Values.server.service.externalIPs }}
externalIPs:
{{ toYaml .Values.server.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.server.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.server.service.servicePort }}
protocol: TCP
targetPort: 9090
{{- if .Values.server.service.nodePort }}
nodePort: {{ .Values.server.service.nodePort }}
{{- end }}
selector:
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
type: "{{ .Values.server.service.type }}"
{{- end -}}
charts/prometheus/v9.1.0/templates/prometheus/server-serviceaccount.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.serviceAccounts.server.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.server" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/prometheus/server-statefulset.yaml 0 → 100644
{{- if .Values.server.enabled -}}
{{- if .Values.server.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- if .Values.server.statefulSet.annotations }}
annotations:
{{ toYaml .Values.server.statefulSet.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.statefulSet.labels}}
{{ toYaml .Values.server.statefulSet.labels | nindent 4 }}
{{- end}}
name: {{ template "prometheus.server.fullname" . }}
spec:
serviceName: {{ template "prometheus.server.fullname" . }}-headless
selector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
replicas: {{ .Values.server.replicaCount }}
podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 8 }}
{{- if .Values.server.statefulSet.labels}}
{{ toYaml .Values.server.statefulSet.labels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"
{{- end }}
{{- if .Values.server.schedulerName }}
schedulerName: "{{ .Values.server.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
args:
{{- if .Values.server.retention }}
- --storage.tsdb.retention.time={{ .Values.server.retention }}
{{- end }}
- --config.file={{ .Values.server.configPath }}
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
- --web.console.libraries=/etc/prometheus/console_libraries
- --web.console.templates=/etc/prometheus/consoles
- --web.enable-lifecycle
{{- range $key, $value := .Values.server.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.server.baseURL }}
- --web.external-url={{ .Values.server.baseURL }}
{{- end }}
{{- if .Values.server.enableAdminApi }}
- --web.enable-admin-api
{{- end }}
{{- if .Values.server.skipTSDBLock }}
- --storage.tsdb.no-lockfile
{{- end }}
ports:
- containerPort: 9090
readinessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/ready
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
livenessProbe:
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.server.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: {{ .Values.server.persistentVolume.mountPath }}
subPath: "{{ .Values.server.persistentVolume.subPath }}"
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.server.extraVolumeMounts }}
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.server.sidecarContainers }}
{{- toYaml .Values.server.sidecarContainers | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.server.securityContext }}
securityContext:
{{ toYaml .Values.server.securityContext | indent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
volumes:
- name: config-volume
configMap:
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- range .Values.configmapReload.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- if .Values.server.extraVolumes }}
{{ toYaml .Values.server.extraVolumes | indent 8}}
{{- end }}
{{- if .Values.server.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-volume
{{- if .Values.server.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }}
resources:
requests:
storage: "{{ .Values.server.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- else }}
- name: storage-volume
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-clusterrole.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.pushgateway.fullname" . }}
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-clusterrolebinding.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.pushgateway.fullname" . }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-deployment.yaml 0 → 100644
{{- if .Values.pushgateway.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
selector:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
matchLabels:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
replicas: {{ .Values.pushgateway.replicaCount }}
template:
metadata:
{{- if .Values.pushgateway.podAnnotations }}
annotations:
{{ toYaml .Values.pushgateway.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 8 }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{- if .Values.pushgateway.priorityClassName }}
priorityClassName: "{{ .Values.pushgateway.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }}
image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}"
args:
{{- range $key, $value := .Values.pushgateway.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
ports:
- containerPort: 9091
readinessProbe:
httpGet:
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/#/status
{{- else }}
path: /#/status
{{- end }}
port: 9091
initialDelaySeconds: 10
timeoutSeconds: 10
resources:
{{ toYaml .Values.pushgateway.resources | indent 12 }}
{{- if .Values.pushgateway.persistentVolume.enabled }}
volumeMounts:
- name: storage-volume
mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}"
subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
{{- end }}
{{- if .Values.pushgateway.nodeSelector }}
nodeSelector:
{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.securityContext }}
securityContext:
{{ toYaml .Values.pushgateway.securityContext | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.tolerations }}
tolerations:
{{ toYaml .Values.pushgateway.tolerations | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.affinity }}
affinity:
{{ toYaml .Values.pushgateway.affinity | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.persistentVolume.enabled }}
volumes:
- name: storage-volume
persistentVolumeClaim:
claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }}
{{- end -}}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-ingress.yaml 0 → 100644
{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.pushgateway.fullname" . }}
{{- $servicePort := .Values.pushgateway.service.servicePort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.pushgateway.ingress.annotations }}
annotations:
{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
rules:
{{- range .Values.pushgateway.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
- path: /{{ rest $url | join "/" }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.pushgateway.ingress.tls }}
tls:
{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-networkpolicy.yaml 0 → 100644
{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
- ports:
- port: 9091
{{- end -}}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-podsecuritypolicy.yaml 0 → 100755
{{- if .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
annotations:
{{- if .Values.pushgateway.podSecurityPolicy.annotations }}
{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'persistentVolumeClaim'
- 'secret'
allowedHostPaths:
- pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-pvc.yaml 0 → 100644
{{- if .Values.pushgateway.persistentVolume.enabled -}}
{{- if not .Values.pushgateway.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.pushgateway.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
accessModes:
{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }}
{{- if .Values.pushgateway.persistentVolume.storageClass }}
{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: "{{ .Values.pushgateway.persistentVolume.size }}"
{{- end -}}
{{- end -}}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-service.yaml 0 → 100644
{{- if .Values.pushgateway.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.pushgateway.service.annotations }}
annotations:
{{ toYaml .Values.pushgateway.service.annotations | indent 4}}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
{{- if .Values.pushgateway.service.labels }}
{{ toYaml .Values.pushgateway.service.labels | indent 4}}
{{- end }}
name: {{ template "prometheus.pushgateway.fullname" . }}
spec:
{{- if .Values.pushgateway.service.clusterIP }}
clusterIP: {{ .Values.pushgateway.service.clusterIP }}
{{- end }}
{{- if .Values.pushgateway.service.externalIPs }}
externalIPs:
{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.pushgateway.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }}
{{- end }}
{{- if .Values.pushgateway.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.pushgateway.service.servicePort }}
protocol: TCP
targetPort: 9091
selector:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }}
type: "{{ .Values.pushgateway.service.type }}"
{{- end }}
charts/prometheus/v9.1.0/templates/pushgateway/pushgateway-serviceaccount.yaml 0 → 100644
{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{- end -}}
charts/prometheus/v9.1.0/values.yaml 0 → 100644
rbac:
create: true
podSecurityPolicy:
enabled: false
imagePullSecrets:
# - name: "image-pull-secret"
## Define serviceAccount names for components. Defaults to component's fully qualified name.
##
serviceAccounts:
alertmanager:
create: true
name:
kubeStateMetrics:
create: true
name:
nodeExporter:
create: true
name:
pushgateway:
create: true
name:
server:
create: true
name:
alertmanager:
## If false, alertmanager will not be installed
##
enabled: true
## alertmanager container name
##
name: alertmanager
## alertmanager container image
##
image:
repository: ranchercharts/prom-alertmanager
tag: v0.18.0
pullPolicy: IfNotPresent
## alertmanager priorityClassName
##
priorityClassName: ""
## Additional alertmanager container arguments
##
extraArgs: {}
## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
## so that the various internal URLs are still able to access as they are in the default case.
## (Optional)
prefixURL: ""
## External URL which can access alertmanager
## Maybe same with Ingress host name
baseURL: "/"
## Additional alertmanager container environment variable
## For instance to add a http_proxy
##
extraEnv: {}
## Additional alertmanager Secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts: []
# - name: secret-files
# mountPath: /etc/secrets
# subPath: ""
# secretName: alertmanager-secret-files
# readOnly: true
## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}
## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml
## to NOT generate a ConfigMap resource
##
configMapOverrideName: ""
## The name of a secret in the same kubernetes namespace which contains the Alertmanager config
## Defining configFromSecret will cause templates/alertmanager-configmap.yaml
## to NOT generate a ConfigMap resource
##
configFromSecret: ""
## The configuration file name to be loaded to alertmanager
## Must match the key within configuration loaded from ConfigMap/Secret
##
configFileName: alertmanager.yml
ingress:
## If true, alertmanager Ingress will be created
##
enabled: false
## alertmanager Ingress annotations
##
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
## alertmanager Ingress additional labels
##
extraLabels: {}
## alertmanager Ingress hostnames with optional path
## Must be provided if Ingress is enabled
##
hosts: []
# - alertmanager.domain.com
# - domain.com/alertmanager
## alertmanager Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls: []
# - secretName: prometheus-alerts-tls
# hosts:
# - alertmanager.domain.com
## Alertmanager Deployment Strategy type
# strategy:
# type: Recreate
## Node tolerations for alertmanager scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for alertmanager pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Pod affinity
##
affinity: {}
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
persistentVolume:
## If true, alertmanager will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: true
## alertmanager data Persistent Volume access modes
## Must match those of existing PV or dynamic provisioner
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
accessModes:
- ReadWriteOnce
## alertmanager data Persistent Volume Claim annotations
##
annotations: {}
## alertmanager data Persistent Volume existing claim name
## Requires alertmanager.persistentVolume.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: ""
## alertmanager data Persistent Volume mount root path
##
mountPath: /data
## alertmanager data Persistent Volume size
##
size: 2Gi
## alertmanager data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Subdirectory of alertmanager data Persistent Volume to mount
## Useful if the volume's root directory is not empty
##
subPath: ""
## Annotations to be added to alertmanager pods
##
podAnnotations: {}
## Specify if a Pod Security Policy for node-exporter must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
##
replicaCount: 1
statefulSet:
## If true, use a statefulset instead of a deployment for pod management.
## This allows to scale replicas to more than 1 pod
##
enabled: false
podManagementPolicy: OrderedReady
## Alertmanager headless service to use for the statefulset
##
headless:
annotations: {}
labels: {}
## Enabling peer mesh service end points for enabling the HA alert manager
## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
# enableMeshPeer : true
servicePort: 80
## alertmanager resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 10m
# memory: 32Mi
# requests:
# cpu: 10m
# memory: 32Mi
## Security context to be added to alertmanager pods
##
securityContext:
runAsUser: 65534
runAsNonRoot: true
runAsGroup: 65534
fsGroup: 65534
service:
annotations: {}
labels: {}
clusterIP: ""
## Enabling peer mesh service end points for enabling the HA alert manager
## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
# enableMeshPeer : true
## List of IP addresses at which the alertmanager service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 80
# nodePort: 30000
type: ClusterIP
## Monitors ConfigMap changes and POSTs to a URL
## Ref: https://github.com/jimmidyson/configmap-reload
##
configmapReload:
## configmap-reload container name
##
name: configmap-reload
## configmap-reload container image
##
image:
repository: ranchercharts/jimmidyson-configmap-reload
tag: v0.2.2
pullPolicy: IfNotPresent
## Additional configmap-reload container arguments
##
extraArgs: {}
## Additional configmap-reload volume directories
##
extraVolumeDirs: []
## Additional configmap-reload mounts
##
extraConfigmapMounts: []
# - name: prometheus-alerts
# mountPath: /etc/alerts.d
# subPath: ""
# configMap: prometheus-alerts
# readOnly: true
## configmap-reload resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
kubeStateMetrics:
## If false, kube-state-metrics will not be installed
##
enabled: true
## kube-state-metrics container name
##
name: kube-state-metrics
## kube-state-metrics container image
##
image:
repository: ranchercharts/coreos-kube-state-metrics
tag: v1.7.2
pullPolicy: IfNotPresent
## kube-state-metrics priorityClassName
##
priorityClassName: ""
## kube-state-metrics container arguments
##
args: {}
## Node tolerations for kube-state-metrics scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for kube-state-metrics pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to kube-state-metrics pods
##
podAnnotations: {}
## Specify if a Pod Security Policy for node-exporter must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
pod:
labels: {}
replicaCount: 1
## kube-state-metrics resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 10m
# memory: 16Mi
# requests:
# cpu: 10m
# memory: 16Mi
## Security context to be added to kube-state-metrics pods
##
securityContext:
runAsUser: 65534
runAsNonRoot: true
service:
annotations:
prometheus.io/scrape: "true"
labels: {}
# Exposed as a headless service:
# https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
clusterIP: None
## List of IP addresses at which the kube-state-metrics service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
nodeExporter:
## If false, node-exporter will not be installed
##
enabled: true
## If true, node-exporter pods share the host network namespace
##
hostNetwork: true
## If true, node-exporter pods share the host PID namespace
##
hostPID: true
## node-exporter container name
##
name: node-exporter
## node-exporter container image
##
image:
repository: ranchercharts/prom-node-exporter
tag: v0.18.0
pullPolicy: IfNotPresent
## Specify if a Pod Security Policy for node-exporter must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
## node-exporter priorityClassName
##
priorityClassName: ""
## Custom Update Strategy
##
updateStrategy:
type: RollingUpdate
## Additional node-exporter container arguments
##
extraArgs: {}
## Additional node-exporter hostPath mounts
##
extraHostPathMounts: []
# - name: textfile-dir
# mountPath: /srv/txt_collector
# hostPath: /var/lib/node-exporter
# readOnly: true
# mountPropagation: HostToContainer
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /prometheus
# configMap: certs-configmap
# readOnly: true
## Node tolerations for node-exporter scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for node-exporter pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to node-exporter pods
##
podAnnotations: {}
## Labels to be added to node-exporter pods
##
pod:
labels: {}
## node-exporter resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 200m
# memory: 50Mi
# requests:
# cpu: 100m
# memory: 30Mi
## Security context to be added to node-exporter pods
##
securityContext: {}
# runAsUser: 0
service:
annotations:
prometheus.io/scrape: "true"
labels: {}
# Exposed as a headless service:
# https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
clusterIP: None
## List of IP addresses at which the node-exporter service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
hostPort: 9100
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 9100
type: ClusterIP
server:
## Prometheus server container name
##
enabled: true
name: server
sidecarContainers:
## Prometheus server container image
##
image:
repository: ranchercharts/prom-prometheus
tag: v2.11.1
pullPolicy: IfNotPresent
## prometheus server priorityClassName
##
priorityClassName: ""
## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
## so that the various internal URLs are still able to access as they are in the default case.
## (Optional)
prefixURL: ""
## External URL which can access alertmanager
## Maybe same with Ingress host name
baseURL: ""
## Additional server container environment variables
##
## You specify this manually like you would a raw deployment manifest.
## This means you can bind in environment variables from secrets.
##
## e.g. static environment variable:
## - name: DEMO_GREETING
## value: "Hello from the environment"
##
## e.g. secret environment variable:
## - name: USERNAME
## valueFrom:
## secretKeyRef:
## name: mysecret
## key: username
env: {}
## This flag controls access to the administrative HTTP API which includes functionality such as deleting time
## series. This is disabled by default.
enableAdminApi: false
## This flag controls BD locking
skipTSDBLock: false
## Path to a configuration file on prometheus server container FS
configPath: /etc/config/prometheus.yml
global:
## How frequently to scrape targets by default
##
scrape_interval: 1m
## How long until a scrape request times out
##
scrape_timeout: 10s
## How frequently to evaluate rules
##
evaluation_interval: 1m
## Additional Prometheus server container arguments
##
extraArgs: {}
## Additional Prometheus server Volume mounts
##
extraVolumeMounts: []
## Additional Prometheus server Volumes
##
extraVolumes: []
## Additional Prometheus server hostPath mounts
##
extraHostPathMounts: []
# - name: certs-dir
# mountPath: /etc/kubernetes/certs
# subPath: ""
# hostPath: /etc/kubernetes/certs
# readOnly: true
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /prometheus
# subPath: ""
# configMap: certs-configmap
# readOnly: true
## Additional Prometheus server Secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts: []
# - name: secret-files
# mountPath: /etc/secrets
# subPath: ""
# secretName: prom-secret-files
# readOnly: true
## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}}
## Defining configMapOverrideName will cause templates/server-configmap.yaml
## to NOT generate a ConfigMap resource
##
configMapOverrideName: ""
ingress:
## If true, Prometheus server Ingress will be created
##
enabled: false
## Prometheus server Ingress annotations
##
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
## Prometheus server Ingress additional labels
##
extraLabels: {}
## Prometheus server Ingress hostnames with optional path
## Must be provided if Ingress is enabled
##
hosts: []
# - prometheus.domain.com
# - domain.com/prometheus
## Prometheus server Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls: []
# - secretName: prometheus-server-tls
# hosts:
# - prometheus.domain.com
## Server Deployment Strategy type
# strategy:
# type: Recreate
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for Prometheus server pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Pod affinity
##
affinity: {}
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
persistentVolume:
## If true, Prometheus server will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: true
## Prometheus server data Persistent Volume access modes
## Must match those of existing PV or dynamic provisioner
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
accessModes:
- ReadWriteOnce
## Prometheus server data Persistent Volume annotations
##
annotations: {}
## Prometheus server data Persistent Volume existing claim name
## Requires server.persistentVolume.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: ""
## Prometheus server data Persistent Volume mount root path
##
mountPath: /data
## Prometheus server data Persistent Volume size
##
size: 8Gi
## Prometheus server data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Subdirectory of Prometheus server data Persistent Volume to mount
## Useful if the volume's root directory is not empty
##
subPath: ""
emptyDir:
sizeLimit: ""
## Annotations to be added to Prometheus server pods
##
podAnnotations: {}
# iam.amazonaws.com/role: prometheus
## Labels to be added to Prometheus server pods
##
podLabels: {}
## Specify if a Pod Security Policy for node-exporter must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
##
replicaCount: 1
statefulSet:
## If true, use a statefulset instead of a deployment for pod management.
## This allows to scale replicas to more than 1 pod
##
enabled: false
annotations: {}
labels: {}
podManagementPolicy: OrderedReady
## Alertmanager headless service to use for the statefulset
##
headless:
annotations: {}
labels: {}
servicePort: 80
## Prometheus server resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 500m
# memory: 512Mi
## Security context to be added to server pods
##
securityContext:
runAsUser: 65534
runAsNonRoot: true
runAsGroup: 65534
fsGroup: 65534
service:
annotations: {}
labels: {}
clusterIP: ""
## List of IP addresses at which the Prometheus server service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
## Prometheus server pod termination grace period
##
terminationGracePeriodSeconds: 300
## Prometheus data retention period (default if not specified is 15 days)
##
retention: "15d"
pushgateway:
## If false, pushgateway will not be installed
##
enabled: true
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## pushgateway container name
##
name: pushgateway
## pushgateway container image
##
image:
repository: ranchercharts/prom-pushgateway
tag: v0.8.0
pullPolicy: IfNotPresent
## pushgateway priorityClassName
##
priorityClassName: ""
## Additional pushgateway container arguments
##
## for example: persistence.file: /data/pushgateway.data
extraArgs: {}
ingress:
## If true, pushgateway Ingress will be created
##
enabled: false
## pushgateway Ingress annotations
##
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
## pushgateway Ingress hostnames with optional path
## Must be provided if Ingress is enabled
##
hosts: []
# - pushgateway.domain.com
# - domain.com/pushgateway
## pushgateway Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls: []
# - secretName: prometheus-alerts-tls
# hosts:
# - pushgateway.domain.com
## Node tolerations for pushgateway scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node labels for pushgateway pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to pushgateway pods
##
podAnnotations: {}
## Specify if a Pod Security Policy for node-exporter must be created
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
replicaCount: 1
## pushgateway resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# limits:
# cpu: 10m
# memory: 32Mi
# requests:
# cpu: 10m
# memory: 32Mi
## Security context to be added to push-gateway pods
##
securityContext:
runAsUser: 65534
runAsNonRoot: true
service:
annotations:
prometheus.io/probe: pushgateway
labels: {}
clusterIP: ""
## List of IP addresses at which the pushgateway service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
servicePort: 9091
type: ClusterIP
persistentVolume:
## If true, pushgateway will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: false
## pushgateway data Persistent Volume access modes
## Must match those of existing PV or dynamic provisioner
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
accessModes:
- ReadWriteOnce
## pushgateway data Persistent Volume Claim annotations
##
annotations: {}
## pushgateway data Persistent Volume existing claim name
## Requires pushgateway.persistentVolume.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: ""
## pushgateway data Persistent Volume mount root path
##
mountPath: /data
## pushgateway data Persistent Volume size
##
size: 2Gi
## alertmanager data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Subdirectory of alertmanager data Persistent Volume to mount
## Useful if the volume's root directory is not empty
##
subPath: ""
## alertmanager ConfigMap entries
##
alertmanagerFiles:
alertmanager.yml:
global: {}
# slack_api_url: ''
receivers:
- name: default-receiver
# slack_configs:
# - channel: '@you'
# send_resolved: true
route:
group_wait: 10s
group_interval: 5m
receiver: default-receiver
repeat_interval: 3h
## Prometheus server ConfigMap entries
##
serverFiles:
## Alerts configuration
## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
alerts: {}
# groups:
# - name: Instances
# rules:
# - alert: InstanceDown
# expr: up == 0
# for: 5m
# labels:
# severity: page
# annotations:
# description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.'
# summary: 'Instance {{ $labels.instance }} down'
rules: {}
prometheus.yml:
rule_files:
- /etc/config/rules
- /etc/config/alerts
scrape_configs:
- job_name: prometheus
static_configs:
- targets:
- localhost:9090
# A scrape configuration for running Prometheus on a Kubernetes cluster.
# This uses separate scrape configs for cluster components (i.e. API server, node)
# and services to allow each to use different authentication configs.
#
# Kubernetes labels will be added as Prometheus labels on metrics via the
# `labelmap` relabeling action.
# Scrape config for API servers.
#
# Kubernetes exposes API servers as endpoints to the default/kubernetes
# service so this uses `endpoints` role and uses relabelling to only keep
# the endpoints associated with the default/kubernetes service using the
# default named port `https`. This works for single API server deployments as
# well as HA API server deployments.
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
# Default to scraping over https. If required, just disable this or change to
# `http`.
scheme: https
# This TLS & bearer token file config is used to connect to the actual scrape
# endpoints for cluster components. This is separate to discovery auth
# configuration because discovery & scraping are two separate concerns in
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
# the cluster. Otherwise, more config options have to be provided within the
# <kubernetes_sd_config>.
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# If your node certificates are self-signed or use a different CA to the
# master CA, then disable certificate verification below. Note that
# certificate verification is an integral part of a secure infrastructure
# so this should only be disabled in a controlled environment. You can
# disable certificate verification by uncommenting the line below.
#
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
# Keep only the default/kubernetes service endpoints for the https port. This
# will add targets for each API server which Kubernetes adds an endpoint to
# the default/kubernetes service.
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
- job_name: 'kubernetes-nodes'
# Default to scraping over https. If required, just disable this or change to
# `http`.
scheme: https
# This TLS & bearer token file config is used to connect to the actual scrape
# endpoints for cluster components. This is separate to discovery auth
# configuration because discovery & scraping are two separate concerns in
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
# the cluster. Otherwise, more config options have to be provided within the
# <kubernetes_sd_config>.
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# If your node certificates are self-signed or use a different CA to the
# master CA, then disable certificate verification below. Note that
# certificate verification is an integral part of a secure infrastructure
# so this should only be disabled in a controlled environment. You can
# disable certificate verification by uncommenting the line below.
#
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/$1/proxy/metrics
- job_name: 'kubernetes-nodes-cadvisor'
# Default to scraping over https. If required, just disable this or change to
# `http`.
scheme: https
# This TLS & bearer token file config is used to connect to the actual scrape
# endpoints for cluster components. This is separate to discovery auth
# configuration because discovery & scraping are two separate concerns in
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
# the cluster. Otherwise, more config options have to be provided within the
# <kubernetes_sd_config>.
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
# If your node certificates are self-signed or use a different CA to the
# master CA, then disable certificate verification below. Note that
# certificate verification is an integral part of a secure infrastructure
# so this should only be disabled in a controlled environment. You can
# disable certificate verification by uncommenting the line below.
#
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
# This configuration will work only on kubelet 1.7.3+
# As the scrape endpoints for cAdvisor have changed
# if you are using older version you need to change the replacement to
# replacement: /api/v1/nodes/$1:4194/proxy/metrics
# more info here https://github.com/coreos/prometheus-operator/issues/633
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
# Scrape config for service endpoints.
#
# The relabeling allows the actual service scrape endpoint to be configured
# via the following annotations:
#
# * `prometheus.io/scrape`: Only scrape services that have a value of `true`
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
# to set this to `https` & most likely set the `tls_config` of the scrape config.
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
# * `prometheus.io/port`: If the metrics are exposed on a different port to the
# service then set this appropriately.
- job_name: 'kubernetes-service-endpoints'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
action: replace
target_label: kubernetes_name
- source_labels: [__meta_kubernetes_pod_node_name]
action: replace
target_label: kubernetes_node
- job_name: 'prometheus-pushgateway'
honor_labels: true
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: pushgateway
# Example scrape config for probing services via the Blackbox Exporter.
#
# The relabeling allows the actual service scrape endpoint to be configured
# via the following annotations:
#
# * `prometheus.io/probe`: Only probe services that have a value of `true`
- job_name: 'kubernetes-services'
metrics_path: /probe
params:
module: [http_2xx]
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
action: keep
regex: true
- source_labels: [__address__]
target_label: __param_target
- target_label: __address__
replacement: blackbox
- source_labels: [__param_target]
target_label: instance
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
# Example scrape config for pods
#
# The relabeling allows the actual pod scrape endpoint to be configured via the
# following annotations:
#
# * `prometheus.io/scrape`: Only scrape pods that have a value of `true`
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: kubernetes_pod_name
# adds additional scrape configs to prometheus.yml
# must be a string so you have to add a | after extraScrapeConfigs:
# example adds prometheus-blackbox-exporter scrape config
extraScrapeConfigs:
# - job_name: 'prometheus-blackbox-exporter'
# metrics_path: /probe
# params:
# module: [http_2xx]
# static_configs:
# - targets:
# - https://example.com
# relabel_configs:
# - source_labels: [__address__]
# target_label: __param_target
# - source_labels: [__param_target]
# target_label: instance
# - target_label: __address__
# replacement: prometheus-blackbox-exporter:9115
networkPolicy:
## Enable creation of NetworkPolicy resources.
##
enabled: false
grafana:
enabled: true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment