Deploy Prometheus into Project level

charts/rancher-monitoring/v0.0.2/Chart.yaml

@@ -7,8 +7,8 @@ maintainers:
 name: rancher-monitoring
 sources:
 - https://github.com/coreos/prometheus-operator
-version: 0.0.1
-appVersion: "0.23.2"
+version: 0.0.2
+appVersion: 0.0.2
 home: https://github.com/coreos/prometheus-operator
 keywords:
 - operator

charts/rancher-monitoring/v0.0.2/README.md

@@ -4,13 +4,5 @@ Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to
 
 > **Tip**: Only use for Rancher Monitoring!!!
 
-## Introduction
-
-This chart bootstraps a [prometheus-operator](https://github.com/coreos/prometheus-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-### Security
-
-Alertmanager, Node exporter, Kube-state exporter, Grafana and Prometheus in same [Namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) will use the same [ServiceAccount](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) as Prometheus, which named like `prometheus-{{ .Release.Name }}`. Operator uses another one.
-
 ## Prerequisites
-  - Rancher 2.1+
+  - Rancher 2.2+

charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/alertmanager.yaml

@@ -11,6 +11,10 @@ metadata:
 {{- end }}
   name: {{ .Release.Name }}
 spec:
+{{- if .Values.securityContext }}
+  securityContext:
+{{ toYaml .Values.securityContext | indent 4 }}
+{{- end }}
   podMetadata:
     labels:
 {{- if .Values.labels }}
@@ -31,8 +35,10 @@ spec:
   paused: {{ .Values.paused }}
   replicas: {{ .Values.replicaCount }}
   logLevel:  {{ .Values.logLevel }}
+{{- if and .Values.resources .Values.resources.core }}
   resources:
-{{ toYaml .Values.resources | indent 4 }}
+{{ toYaml .Values.resources.core | indent 4 }}
+{{- end }}
   retention: "{{ .Values.retention }}"
 {{- if .Values.routePrefix }}
   routePrefix: "{{ .Values.routePrefix }}"
@@ -42,7 +48,7 @@ spec:
 {{ toYaml .Values.secrets | indent 4 }}
 {{- end }}
 {{- if .Values.enabledRBAC }}
-  serviceAccountName: {{ .Values.serviceAccountName }}
+  serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
 {{- end }}
 {{- if or .Values.storageSpec .Values.persistence.enabled }}
   storage:
@@ -76,8 +82,6 @@ spec:
   tolerations:
 {{ toYaml .Values.tolerations | indent 4 }}
 {{- end }}
-  imagePullSecrets:
-{{ toYaml .Values.image.pullSecrets | indent 4 }}
 {{- if .Values.sidecarsSpec }}
   containers:
 {{ toYaml .Values.sidecarsSpec | indent 4 }}

charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/metrics-service.yaml

@@ -7,9 +7,10 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-    monitoring.cattle.io: "true"
+    {{ .Values.apiGroup }}: "true"
 spec:
   type: ClusterIP
+  clusterIP: None
   selector:
 {{- if .Values.labels }}
 {{ toYaml .Values.labels | indent 4 }}

charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/nginx-configmap.yaml

@@ -10,41 +10,56 @@ metadata:
     component: nginx
 data:
   nginx.conf: |-
-    user  nginx;
-    worker_processes  auto;
-    error_log  /dev/null warn;
-    pid        /var/run/nginx.pid;
+    user                  nginx;
+    worker_processes      auto;
+    error_log             /dev/null warn;
+    pid                   /var/run/nginx.pid;
     
     events {
-       worker_connections  1024;
+       worker_connections 1024;
     }
 
     http {
-      include /etc/nginx/mime.types;
+      include       /etc/nginx/mime.types;
+      log_format    main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
 
-      log_format  main  '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
+      proxy_connect_timeout       10;
+      proxy_read_timeout          180;
+      proxy_send_timeout          5;
+      proxy_buffer_size           16k;
+      proxy_buffers               4 32k;
+      proxy_busy_buffers_size     64k;
+      proxy_temp_file_write_size  64k;
+      proxy_temp_path             /tmp/temp_dir;
+      proxy_cache_path            /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
 
       server {
-        listen 80;
+        listen          80;
+        access_log      off;
 
-        access_log off;
-
-        gzip on;
+        gzip            on;
         gzip_min_length 1k;
         gzip_comp_level 2;
-        gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
-        gzip_vary on;
-        gzip_disable "MSIE [1-6]\.";
+        gzip_types      text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
+        gzip_vary       on;
+        gzip_disable    "MSIE [1-6]\.";
 
         proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
 
         location / {
+          proxy_cache         my_zone;
+          proxy_cache_valid   200 302 1d;
+          proxy_cache_valid   301 30d;
+          proxy_cache_valid   any 5m;
+          proxy_cache_bypass  $http_cache_control;
+          add_header          X-Proxy-Cache $upstream_cache_status;
+          add_header          Cache-Control "public";
+
           proxy_pass     http://alertmanager-operated:9093/;
-        }
 
+          if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
+            expires             90d;
+          }
+        }
       }
-
-    }
\ No newline at end of file
+    }

charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/nginx-deployment.yaml

@@ -24,9 +24,12 @@ spec:
         release: {{ .Release.Name }}
         component: nginx
     spec:
+      {{- if .Values.enabledRBAC }}
+      serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
+      {{- end }}
       containers:
-      - name: nginx
-        image: nginx:1.15.2
+      - name: alertmanager-proxy
+        image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
         args:
         - nginx
         - -g
@@ -36,6 +39,10 @@ spec:
         volumeMounts:
         - mountPath: /nginx/
           name: alertmanager-nginx
+        {{- if and .Values.resources .Values.resources.proxy }}
+        resources:
+{{ toYaml .Values.resources.proxy | indent 10 }}
+        {{- end }}
         ports:
         - name: http
           containerPort: 80

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/secret.yaml → charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/rbac.yaml

+{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
 metadata:
   labels:
     app: {{ template "app.name" . }}
@@ -7,11 +8,6 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
   name: {{ template "app.fullname" . }}
-type: Opaque
-data:
-  user: {{ .Values.adminUser | b64enc | quote }}
-  {{- if .Values.adminPassword }}
-  password: {{ .Values.adminPassword | b64enc | quote }}
-  {{- else }}
-  password: {{ randAlphaNum 10 | b64enc | quote }}
-  {{- end }}
+imagePullSecrets: 
+{{ toYaml .Values.image.pullSecrets | indent 2 }}
+{{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/servicemonitor.yaml

@@ -7,21 +7,33 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: altermanager
   selector:
     matchLabels:
       app: {{ template "app.name" . }}
       chart: {{ template "app.version" . }}
       release: {{ .Release.Name }}
-      monitoring.cattle.io: "true"
+      {{ .Values.apiGroup }}: "true"
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace | quote }}
+    - {{ .Release.Namespace | quote }}
   endpoints:
   - port: http
     interval: 30s
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/alertmanager/values.yaml

@@ -60,16 +60,16 @@ templates: {}
 ##
 externalUrl: ""
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
 
 ## Alertmanager container image
 ##
 image:
   repository: quay.io/prometheus/alertmanager
   tag: v0.15.2
+  proxy:
+    repository: nginx
+    tag: 1.15.8-alpine
 
 ## Labels to be added to the Alertmanager
 ##
@@ -100,9 +100,21 @@ replicaCount: 1
 ## Resource limits & requests
 ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
 ##
-resources: {}
-  # requests:
-  #   memory: 400Mi
+resources:
+  core:
+    limits:
+      memory: 500Mi
+      cpu: 1000m
+    requests:
+      memory: 100Mi
+      cpu: 100m
+  proxy:
+    limits:
+      memory: 100Mi
+      cpu: 100m
+    requests:
+      memory: 50Mi
+      cpu: 50m
 
 ## How long to retain metrics
 ##
@@ -119,46 +131,6 @@ routePrefix: ""
 ##
 secrets: []
 
-service:
-  ## Maintains session affinity.  Should be set to ClientIP for HA setup
-  ## Only options are ClientIP and None.  Do not leave blank.
-  sessionAffinity: None
-
-  ## Annotations to be added to the Service
-  ##
-  annotations: {}
-
-  ## Cluster-internal IP address for Alertmanager Service
-  ##
-  clusterIP: ""
-
-  ## List of external IP addresses at which the Alertmanager Service will be available
-  ##
-  externalIPs: []
-
-  ## Labels to be added to the Service
-  ##
-  labels: {}
-
-  ## External IP address to assign to Alertmanager Service
-  ## Only used if service.type is 'LoadBalancer' and supported by cloud provider
-  ##
-  loadBalancerIP: ""
-
-  ## List of client IPs allowed to access Alertmanager Service
-  ## Only used if service.type is 'LoadBalancer' and supported by cloud provider
-  ##
-  loadBalancerSourceRanges: []
-
-  ## Port to expose on each node
-  ## Only used if service.type is 'NodePort'
-  ##
-  # nodePort: 30903
-
-  ## Service type
-  ##
-  type: ClusterIP
-
 logLevel: "info"
 
 ## Alertmanager StorageSpec for persistent data
@@ -183,3 +155,6 @@ persistence: {}
 sidecarsSpec: []
 # - name: sidecar
 #   image: registry/name:tag
+
+securityContext: {}
+

charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/templates/endpoints.yaml

 {{- if .Values.endpoints }}
 apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: {{ template "app.name" . }}
-    chart: {{ template "app.version" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    k8s-app: coredns
-  name: {{ template "app.dnsname" . }}
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-    - name: metrics
-      port: {{ .Values.ports.metrics.port }}
-      protocol: TCP
-      targetPort: {{ .Values.ports.metrics.port }}
----
-
-apiVersion: v1
 kind: Endpoints
 metadata:
   labels:
@@ -27,15 +7,14 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-  name: {{ template "app.dnsname" . }}
+  name: expose-coredns-metrics
 subsets:
-  - addresses:
-      {{- range .Values.endpoints }}
-      - ip: {{ . }}
-      {{- end }}
-    ports:
-      - name: metrics
-        port: {{ .Values.ports.metrics.port }}
-        protocol: TCP
+- addresses:
+  {{- range .Values.endpoints }}
+  - ip: {{ . }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
 {{- end }}
-

charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+  name: expose-coredns-metrics
+  namespace: {{ default .Release.Namespace .Values.componentNamespace }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
+    targetPort: {{ .Values.ports.metrics.port }}
+{{- if not .Values.endpoints }}
+  selector:
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+{{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/templates/servicemonitor.yaml

@@ -7,21 +7,44 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}  
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: coredns
   selector:
     matchLabels:
-      k8s-app: coredns
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
-    any: true
     matchNames:
-      - "kube-system"
-      - {{ .Release.Namespace | quote }}
+    {{- if not .Values.endpoints }}
+    - "kube-system"
+    {{- else }}
+    - {{ .Release.Namespace | quote }}
+    {{- end }}
   endpoints:
-  - port: metrics
+  - port: {{ .Values.ports.metrics.name }}
     interval: 15s
     bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.scheme }}
+    {{- if eq .Values.ports.metrics.scheme "https" }}
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if .Values.insecureSkipVerify }}
+      insecureSkipVerify: true
+      {{- end }}
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+

charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/values.yaml

+## 
+## For now, HELM cannot support deploy commponents into multiple namespaces
+##
+componentNamespace: ""
+
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
@@ -8,9 +13,17 @@ endpoints: []
 
 ports: 
   metrics:
+    scheme: http
+    name: metrics
     port: 9153
+    protocol: TCP
+
+serviceSelectorLabels:
+  k8s-app: kube-dns
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
+
+## Skip verification until we have resolved why the certificate validation
+## for the kubelet on API server nodes fail.
+##
+insecureSkipVerify: true
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-fluentd/templates/servicemonitor.yaml

@@ -7,19 +7,40 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: fluentd
   selector:
     matchLabels:
-      k8s-app: fluentd
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
     matchNames:
-      - cattle-logging
+    - cattle-logging
   endpoints:
-  - port: metrics
+  - port: {{ .Values.ports.metrics.name }}
     interval: 15s
     honorLabels: true
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.scheme }}
+    {{- if eq .Values.ports.metrics.scheme "https" }}
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if .Values.insecureSkipVerify }}
+      insecureSkipVerify: true
+      {{- end }}
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-fluentd/values.yaml

@@ -2,10 +2,17 @@
 ##
 apiGroup: "monitoring.coreos.com"
 
+ports: 
+  metrics:
+    scheme: http
+    name: metrics
+    
+serviceSelectorLabels:
+  k8s-app: fluentd
+
+serviceMonitorLabels: {}
+
 ## Skip verification until we have resolved why the certificate validation
 ## for the kubelet on API server nodes fail.
 ##
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+insecureSkipVerify: true

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/templates/endpoints.yaml

 {{- if .Values.endpoints }}
 apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: {{ template "app.name" . }}
-    chart: {{ template "app.version" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    k8s-app: kube-controller-manager
-  name: {{ template "app.dnsname" . }}
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-    - name: metrics
-      port: {{ .Values.ports.metrics.port }}
-      protocol: TCP
-      targetPort: {{ .Values.ports.metrics.port }}
----
-
-apiVersion: v1
 kind: Endpoints
 metadata:
   labels:
@@ -27,14 +7,14 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-  name: {{ template "app.dnsname" . }}
+  name: expose-kube-cm-metrics
 subsets:
-  - addresses:
-      {{- range .Values.endpoints }}
-      - ip: {{ . }}
-      {{- end }}
-    ports:
-      - name: metrics
-        port: {{ .Values.ports.metrics.port }}
-        protocol: TCP
+- addresses:
+  {{- range .Values.endpoints }}
+  - ip: {{ . }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
 {{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+  name: expose-kube-cm-metrics
+  namespace: {{ default .Release.Namespace .Values.componentNamespace }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
+    targetPort: {{ .Values.ports.metrics.port }}
+{{- if not .Values.endpoints }}
+  selector:
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+{{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/templates/servicemonitor.yaml

@@ -7,26 +7,43 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}  
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: kube-controller-manager
   selector:
     matchLabels:
-      k8s-app: kube-controller-manager
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
-    any: true
     matchNames:
-      - "kube-system"
-      - {{ .Release.Namespace | quote }}
+    {{- if not .Values.endpoints }}
+    - "kube-system"
+    {{- else }}
+    - {{ .Release.Namespace | quote }}
+    {{- end }}
   endpoints:
-  - port: metrics
+  - port: {{ .Values.ports.metrics.name }}
     interval: 15s
     bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.scheme }}
+    {{- if eq .Values.ports.metrics.scheme "https" }}
     tlsConfig:
       caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
       {{- if .Values.insecureSkipVerify }}
       insecureSkipVerify: true
       {{- end }}
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/values.yaml

-## CRD apiGroup
+## 
+## For now, HELM cannot support deploy commponents into multiple namespaces
 ##
-apiGroup: "monitoring.coreos.com"
+componentNamespace: ""
 
-## Skip verification until we have resolved why the certificate validation
-## for the kubelet on API server nodes fail.
+## CRD apiGroup
 ##
-insecureSkipVerify: true
+apiGroup: "monitoring.coreos.com"
 
 ## Custom endpoints
 ##
@@ -13,9 +13,17 @@ endpoints: []
 
 ports: 
   metrics:
+    scheme: http
+    name: metrics
     port: 10252
+    protocol: TCP
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceSelectorLabels:
+  k8s-app: kube-controller-manager
+
+serviceMonitorLabels: {}
+
+## Skip verification until we have resolved why the certificate validation
+## for the kubelet on API server nodes fail.
+##
+insecureSkipVerify: true

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/templates/endpoints.yaml

 {{- if .Values.endpoints }}
 apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: {{ template "app.name" . }}
-    chart: {{ template "app.version" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    k8s-app: coredns
-  name: {{ template "app.dnsname" . }}
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-    - name: dnsmasq-metrics
-      port: {{ .Values.ports.metrics.dnsmasq.port }}
-      protocol: TCP
-      targetPort: {{ .Values.ports.metrics.dnsmasq.port }}
-    - name: skydns-metrics
-      port: {{ .Values.ports.metrics.skydns.port }}
-      protocol: TCP
-      targetPort: {{ .Values.ports.metrics.skydns.port }}
----
-
-apiVersion: v1
 kind: Endpoints
 metadata:
   labels:
@@ -31,17 +7,17 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-  name: {{ template "app.dnsname" . }}
+  name: expose-kube-dns-metrics
 subsets:
-  - addresses:
-      {{- range .Values.endpoints }}
-      - ip: {{ . }}
-      {{- end }}
-    ports:
-      - name: dnsmasq-metrics
-        port: {{ .Values.ports.metrics.dnsmasq.port }}
-        protocol: TCP
-      - name: skydns-metrics
-        port: {{ .Values.ports.metrics.skydns.port }}
-        protocol: TCP
+- addresses:
+    {{- range .Values.endpoints }}
+    - ip: {{ . }}
+    {{- end }}
+  ports:
+  - name: {{ .Values.ports.metrics.dnsmasq.name }}
+    port: {{ .Values.ports.metrics.dnsmasq.port }}
+    protocol: {{ .Values.ports.metrics.dnsmasq.protocol }}
+  - name: {{ .Values.ports.metrics.skydns.name }}
+    port: {{ .Values.ports.metrics.skydns.port }}
+    protocol: {{ .Values.ports.metrics.skydns.protocol }}
 {{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+  name: expose-kube-dns-metrics
+  namespace: {{ default .Release.Namespace .Values.componentNamespace }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: {{ .Values.ports.metrics.dnsmasq.name }}
+    port: {{ .Values.ports.metrics.dnsmasq.port }}
+    protocol: {{ .Values.ports.metrics.dnsmasq.protocol }}
+    targetPort: {{ .Values.ports.metrics.dnsmasq.port }}
+  - name: {{ .Values.ports.metrics.skydns.name }}
+    port: {{ .Values.ports.metrics.skydns.port }}
+    protocol: {{ .Values.ports.metrics.skydns.protocol }}
+    targetPort: {{ .Values.ports.metrics.skydns.port }}
+{{- if not .Values.endpoints }}
+  selector:
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+{{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/templates/servicemonitor.yaml

@@ -7,24 +7,67 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}  
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: kube-dns
   selector:
     matchLabels:
-      k8s-app: coredns
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
-    any: true
     matchNames:
-      - "kube-system"
-      - {{ .Release.Namespace | quote }}
+    {{- if not .Values.endpoints }}
+    - "kube-system"
+    {{- else }}
+    - {{ .Release.Namespace | quote }}
+    {{- end }}
   endpoints:
-  - port: dnsmasq-metrics
+  - port: {{ .Values.ports.metrics.dnsmasq.name }}
     interval: 15s
     bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-  - port: skydns-metrics
+    scheme: {{ .Values.ports.metrics.dnsmasq.scheme }}
+    {{- if eq .Values.ports.metrics.dnsmasq.scheme "https" }}
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if .Values.insecureSkipVerify }}
+      insecureSkipVerify: true
+      {{- end }}
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  - port: {{ .Values.ports.metrics.skydns.name }}
     interval: 15s
     bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.skydns.scheme }}
+    {{- if eq .Values.ports.metrics.skydns.scheme "https" }}
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if .Values.insecureSkipVerify }}
+      insecureSkipVerify: true
+      {{- end }}
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/values.yaml

+## 
+## For now, HELM cannot support deploy commponents into multiple namespaces
+##
+componentNamespace: ""
+
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
@@ -9,11 +14,22 @@ endpoints: []
 ports: 
   metrics:
     dnsmasq:
+      scheme: http
+      name: dnsmasq-metrics
       port: 10054
-    skydns: 
+      protocol: TCP
+    skydns:
+      scheme: http
+      name: skydns-metrics
       port: 10055
+      protocol: TCP
+
+serviceSelectorLabels:
+  k8s-app: kube-dns
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
+
+## Skip verification until we have resolved why the certificate validation
+## for the kubelet on API server nodes fail.
+##
+insecureSkipVerify: true

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/templates/endpoints.yaml

 {{- if .Values.endpoints }}
 apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: {{ template "app.name" . }}
-    chart: {{ template "app.version" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    k8s-app: etcd-server
-  name: {{ template "app.dnsname" . }}
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-    - name: metrics
-      port: {{ .Values.ports.metrics.port }}
-      protocol: TCP
-      targetPort: {{ .Values.ports.metrics.port }}
----
-
-apiVersion: v1
 kind: Endpoints
 metadata:
   labels:
@@ -27,14 +7,14 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-  name: {{ template "app.dnsname" . }}
+  name: expose-kube-etcd-metrics
 subsets:
-  - addresses:
-      {{- range .Values.endpoints }}
-      - ip: {{ . }}
-      {{- end }}
-    ports:
-      - name: metrics
-        port: {{ .Values.ports.metrics.port }}
-        protocol: TCP
+- addresses:
+  {{- range .Values.endpoints }}
+  - ip: {{ . }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
 {{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+  name: expose-kube-etcd-metrics
+  namespace: {{ default .Release.Namespace .Values.componentNamespace }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
+    targetPort: {{ .Values.ports.metrics.port }}
+{{- if not .Values.endpoints }}
+  selector:
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+{{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/templates/servicemonitor.yaml

@@ -7,26 +7,27 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}  
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: kube-etcd
   selector:
     matchLabels:
-      k8s-app: etcd-server
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
-    any: true
     matchNames:
-      - "kube-system"
-      - {{ .Release.Namespace | quote }}
+    {{- if not .Values.endpoints }}
+    - "kube-system"
+    {{- else }}
+    - {{ .Release.Namespace | quote }}
+    {{- end }}
   endpoints:
-  - port: metrics
+  - port: {{ .Values.ports.metrics.name }}
     interval: 15s
     bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.scheme }}
     {{- if eq .Values.ports.metrics.scheme "https" }}
-    scheme: https
     tlsConfig:
       caFile: {{ .Values.caFile }}
       {{- if  .Values.certFile }}
@@ -39,3 +40,16 @@ spec:
       insecureSkipVerify: true
       {{- end }}
     {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/values.yaml

+## 
+## For now, HELM cannot support deploy commponents into multiple namespaces
+##
+componentNamespace: ""
+
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
 
+## Custom endpoints
+##
+endpoints: []
+
+ports: 
+  metrics:
+    scheme: https
+    name: metrics
+    port: 4001
+    protocol: TCP
+
+serviceSelectorLabels:
+  k8s-app: etcd-server
+
+serviceMonitorLabels: {}
+
 ## Skip verification until we have resolved why the certificate validation
 ## for the kubelet on API server nodes fail.
 ##
@@ -11,18 +32,4 @@ insecureSkipVerify: true
 ##
 caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
 certFile: ""
-keyFile: ""
-
-## Custom endpoints
-##
-endpoints: []
-
-ports: 
-  metrics:
-    scheme: "https"
-    port: 4001
-
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+keyFile: ""
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/endpoints.yaml

 {{- if .Values.endpoints }}
 apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: {{ template "app.name" . }}
-    chart: {{ template "app.version" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    k8s-app: kube-scheduler
-  name: {{ template "app.dnsname" . }}
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-    - name: metrics
-      port: {{ .Values.ports.metrics.port }}
-      protocol: TCP
-      targetPort: {{ .Values.ports.metrics.port }}
----
-
-apiVersion: v1
 kind: Endpoints
 metadata:
   labels:
@@ -27,14 +7,14 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-  name: {{ template "app.dnsname" . }}
+  name: expose-kube-scheduler-metrics
 subsets:
-  - addresses:
-      {{- range .Values.endpoints }}
-      - ip: {{ . }}
-      {{- end }}
-    ports:
-      - name: metrics
-        port: {{ .Values.ports.metrics.port }}
-        protocol: TCP
+- addresses:
+  {{- range .Values.endpoints }}
+  - ip: {{ . }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
 {{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/prometheusrule.yaml

@@ -7,8 +7,8 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.prometheusRule.labels }}
-{{ toYaml .Values.prometheusRule.labels | indent 4 }}
+    {{- if .Values.prometheusRuleLabels }}
+{{ toYaml .Values.prometheusRuleLabels | indent 4 }}
     {{- end }}   
   name: {{ template "app.fullname" . }}
 spec:
@@ -59,4 +59,4 @@ spec:
       expr: histogram_quantile(0.5, sum(scheduler_binding_latency_microseconds_bucket)
         BY (le, cluster)) / 1e+06
       labels:
-        quantile: "0.5"
+        quantile: "0.5"
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+  name: expose-kube-scheduler-metrics
+  namespace: {{ default .Release.Namespace .Values.componentNamespace }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: {{ .Values.ports.metrics.name }}
+    port: {{ .Values.ports.metrics.port }}
+    protocol: {{ .Values.ports.metrics.protocol }}
+    targetPort: {{ .Values.ports.metrics.port }}
+{{- if not .Values.endpoints }}
+  selector:
+{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
+{{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/servicemonitor.yaml

@@ -7,21 +7,43 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}  
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: kube-scheduler
   selector:
     matchLabels:
-      k8s-app: kube-scheduler
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
-    any: true
     matchNames:
-      - "kube-system"
-      - {{ .Release.Namespace | quote }}
+    {{- if not .Values.endpoints }}
+    - "kube-system"
+    {{- else }}
+    - {{ .Release.Namespace | quote }}
+    {{- end }}
   endpoints:
-  - port: metrics
+  - port: {{ .Values.ports.metrics.name }}
     interval: 15s
     bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.scheme }}
+    {{- if eq .Values.ports.metrics.scheme "https" }}
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if .Values.insecureSkipVerify }}
+      insecureSkipVerify: true
+      {{- end }}
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/values.yaml

+## 
+## For now, HELM cannot support deploy commponents into multiple namespaces
+##
+componentNamespace: ""
+
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
@@ -8,14 +13,19 @@ endpoints: []
 
 ports: 
   metrics:
+    scheme: http
+    name: http-metrics
     port: 10251
+    protocol: TCP
+
+serviceSelectorLabels:
+  component: kube-scheduler
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
 
-prometheusRule:
-  ## Custom Labels to be added to PrometheusRule
-  ##
-  labels: {}
+prometheusRuleLabels: {}
+
+## Skip verification until we have resolved why the certificate validation
+## for the kubelet on API server nodes fail.
+##
+insecureSkipVerify: true

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/deployment.yaml

@@ -21,17 +21,14 @@ spec:
         chart: {{ template "app.version" . }}
         release: {{ .Release.Name }}
     spec:
-      {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
-    {{- end }}
       containers:
       - name: kube-state
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         ports:
         - name: http
           containerPort: 8080
-          protocol: TCP
+        - name: http-metrics
+          containerPort: 8081
         livenessProbe:
           httpGet:
             path: /
@@ -45,16 +42,19 @@ spec:
           initialDelaySeconds: 30
           timeoutSeconds: 5
         resources:
-          limits:
-            cpu: 100m
-            memory: 200Mi
-          requests:
-            cpu: 100m
-            memory: 130Mi
-    {{- if .Values.enabledRBAC }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-    {{- end }}
-{{- if .Values.tolerations }}
+{{ toYaml .Values.resources | indent 10 }}
+      {{- if .Values.enabledRBAC }}
+      serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
+      {{- end }}
+      {{- if .Values.securityContext }}
+      securityContext:
+{{ toYaml .Values.securityContext | indent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
-    {{- end }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/rbac.yaml

+{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRole
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+rules:
+- apiGroups: 
+  - ""
+  resources:
+  - namespaces
+  - nodes
+  - pods
+  - services
+  - resourcequotas
+  - replicationcontrollers
+  - limitranges
+  - persistentvolumeclaims
+  - persistentvolumes
+  - endpoints
+  - configmaps
+  - secrets
+  verbs: 
+  - "list"
+  - "watch"
+- apiGroups: 
+  - "extensions"
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs: 
+  - "list"
+  - "watch"
+- apiGroups: 
+  - "apps"
+  resources:
+  - statefulsets
+  - deployments
+  verbs: 
+  - "list"
+  - "watch"
+- apiGroups: 
+  - "batch"
+  resources:
+  - cronjobs
+  - jobs
+  verbs: 
+  - "list"
+  - "watch"
+- apiGroups: 
+  - "autoscaling"
+  resources:
+  - horizontalpodautoscalers
+  verbs: 
+  - "list"
+  - "watch"
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+imagePullSecrets: 
+{{ toYaml .Values.image.pullSecrets | indent 2 }}
+
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "app.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "app.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/service.yaml

@@ -7,15 +7,19 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-    monitoring.cattle.io: "true"
+    k8s-app: kube-state
+    {{ .Values.apiGroup }}: "true"
 spec:
   type: ClusterIP
+  clusterIP: None
   selector:
     app: {{ template "app.name" . }}
     chart: {{ template "app.version" . }}
     release: {{ .Release.Name }}
   ports:
-  - name: metrics
-    port: {{ .Values.ports.metrics.port }}
-    targetPort: 8080
-    protocol: TCP
+  - name: http
+    port: 8080
+    targetPort: http
+  - name: http-metrics
+    port: 8081
+    targetPort: http-metrics

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/servicemonitor.yaml

@@ -7,22 +7,49 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: kube-state
   selector:
     matchLabels:
       app: {{ template "app.name" . }}
       chart: {{ template "app.version" . }}
       release: {{ .Release.Name }}
-      monitoring.cattle.io: "true"
+      {{ .Values.apiGroup }}: "true"
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace | quote }}
+    - {{ .Release.Namespace | quote }}
   endpoints:
-  - port: metrics
+  - port: http
     interval: 15s
     honorLabels: true
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  - port: http-metrics
+    interval: 30s
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/values.yaml

@@ -8,12 +8,6 @@ serviceAccountName: ""
 ##
 apiGroup: "monitoring.coreos.com"
 
-## Expertor listens on where and exports on host
-##
-ports: 
-  metrics:
-    port: 8080
-
 # Default values for kube-state-metrics.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
@@ -23,6 +17,14 @@ image:
   repository: quay.io/coreos/kube-state-metrics
   tag: v1.4.0
 
+resources:
+  limits:
+    cpu: 100m
+    memory: 200Mi
+  requests:
+    cpu: 100m
+    memory: 130Mi
+
 ## Node Selector to constrain pods to run on particular nodes
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 ##
@@ -37,7 +39,6 @@ tolerations: {}
   #    value: "value"
   #    effect: "NoSchedule"
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
+
+securityContext: {}

charts/rancher-monitoring/v0.0.2/charts/exporter-kubelets/templates/servicemonitor.yaml

@@ -7,43 +7,96 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}  
   name: {{ template "charts.exporter-kubelets.fullname" . }}
 spec:
-  jobLabel: kubelet
   selector:
     matchLabels:
-      k8s-app: kubelet
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
-    any: true
     matchNames:
-      - "kube-system"
-      - {{ .Release.Namespace | quote }}
+    - {{ .Release.Namespace | quote }}
   endpoints:
+  {{- if .Values.https }}
   - port: https-metrics
     scheme: https
     interval: 15s
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
     tlsConfig:
       caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
       {{- if .Values.insecureSkipVerify }}
       insecureSkipVerify: true
       {{- end }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
   - port: https-metrics
     scheme: https
     path: /metrics/cadvisor
     interval: 30s
     honorLabels: true
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
     tlsConfig:
       caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
       {{- if .Values.insecureSkipVerify }}
       insecureSkipVerify: true
       {{- end }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  {{- else }}
   - port: http-metrics
     interval: 15s
-  - port: cadvisor
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  - port: http-metrics
+    path: /metrics/cadvisor
     interval: 30s
     honorLabels: true
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  {{- end }}

charts/rancher-monitoring/v0.0.2/charts/exporter-kubelets/values.yaml

@@ -2,12 +2,16 @@
 ##
 apiGroup: "monitoring.coreos.com"
 
+serviceSelectorLabels:
+  k8s-app: kubelet
+
+serviceMonitorLabels: {}
+
 ## Skip verification until we have resolved why the certificate validation
 ## for the kubelet on API server nodes fail.
 ##
 insecureSkipVerify: true
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+## Set false when using GKE
+##
+https: true

charts/rancher-monitoring/v0.0.2/charts/exporter-kubernetes/templates/prometheusrule.yaml

@@ -7,8 +7,8 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.prometheusRule.labels }}
-{{ toYaml .Values.prometheusRule.labels | indent 4 }}
+    {{- if .Values.prometheusRuleLabels }}
+{{ toYaml .Values.prometheusRuleLabels | indent 4 }}
     {{- end }}
   name: {{ template "app.fullname" . }}
 spec:
@@ -55,4 +55,4 @@ spec:
       expr: histogram_quantile(0.5, rate(apiserver_request_latencies_bucket[5m])) /
         1e+06
       labels:
-        quantile: "0.5"
+        quantile: "0.5"
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-kubernetes/templates/servicemonitor.yaml

@@ -7,26 +7,39 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}   
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: kubernetes
   selector:
     matchLabels:
-      component: apiserver
-      provider: kubernetes
+{{ toYaml .Values.serviceSelectorLabels | indent 6 }}
   namespaceSelector:
     matchNames:
-      - "default"
+    - "default"
   endpoints:
-  - port: https
+  - port: {{ .Values.ports.metrics.name }}
     interval: 15s
-    scheme: https
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    scheme: {{ .Values.ports.metrics.scheme }}
+    {{- if eq .Values.ports.metrics.scheme "https" }}
     tlsConfig:
       caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
       {{- if .Values.insecureSkipVerify }}
       insecureSkipVerify: true
       {{- end }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- end }}
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      action: replace
+      targetLabel: host_ip
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      action: replace
+      targetLabel: node
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-kubernetes/values.yaml

@@ -2,17 +2,17 @@
 ##
 apiGroup: "monitoring.coreos.com"
 
-## Skip verification until we have resolved why the certificate validation
-## for the kubelet on API server nodes fail.
-##
-insecureSkipVerify: true
+ports: 
+  metrics:
+    scheme: https
+    name: https
+
+serviceSelectorLabels:
+  component: apiserver
+  provider: kubernetes
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
 
-prometheusRule:
-  ## Custom Labels to be added to PrometheusRule
-  ##
-  labels: {}
\ No newline at end of file
+prometheusRuleLabels: {}
+
+insecureSkipVerify: true

charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/daemonset.yaml

@@ -20,46 +20,83 @@ spec:
         chart: {{ template "app.version" . }}
         release: {{ .Release.Name }}
     spec:
-      tolerations:
-      - operator: "Exists"
-      - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
-      - key: "node-role.kubernetes.io/etcd"
-        operator: "Exists"
-      - key: "node-role.kubernetes.io/controlplane"
-        operator: "Exists"
       containers:
-        - name: exporter-node
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          args:
-          - --web.listen-address=0.0.0.0:{{ .Values.ports.metrics.port }}
-          {{- if and .Values.container .Values.container.args }}
-{{ toYaml .Values.container.args | indent 10 }}
-          {{- end }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.ports.metrics.port }}
-              hostPort: {{ .Values.ports.metrics.port }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-          {{- if and .Values.container .Values.container.volumeMounts }}
-          volumeMounts:
-{{ toYaml .Values.container.volumeMounts | indent 10 }}
+      - name: exporter-node
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        args:
+        - --web.listen-address=$(POD_IP):{{ .Values.ports.metrics.port }}
+        - --path.procfs=/host/proc
+        - --path.sysfs=/host/sys
+        - --path.rootfs=/host
+        {{- $usingCollectors := merge .Values.collectors .Values.defaultCollectorSettings }}
+        {{- range $collectorName, $collectorVal := $usingCollectors }}
+        {{- if and $collectorVal $collectorVal.enabled }}
+        - --collector.{{ $collectorName }}
+        {{- $_ := unset $collectorVal "enabled" -}}
+        {{- if $collectorVal }}
+        {{- range $collectorValKey, $collectorValVal := $collectorVal }}
+        {{- if $collectorValVal }}
+        - --collector.{{ $collectorName }}.{{ $collectorValKey }}={{ $collectorValVal }}
+        {{- else }}
+        - --collector.{{ $collectorName }}.{{ $collectorValKey }}
+        {{- end }}
+        {{- end }}
+        {{- end }}
+        {{- else }}
+        - --no-collector.{{$collectorName}}
+        {{- end }}
+        {{- end }}
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        ports:
+        - name: http
+          containerPort: {{ .Values.ports.metrics.port }}
+          {{- if .Values.enabledHostNetwork }}
+          hostPort: {{ .Values.ports.metrics.port }}
           {{- end }}
-    {{- if .Values.enabledRBAC }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-    {{- end }}
-    {{- if .Values.tolerations }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        volumeMounts:
+        - name: proc
+          mountPath: /host/proc
+          readOnly:  true
+        - name: sys
+          mountPath: /host/sys
+          readOnly: true
+        - name: host
+          mountPath: /host
+          readOnly: true
+      {{- if .Values.enabledRBAC }}
+      serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
+      {{- end }}
+      {{- if .Values.securityContext }}
+      securityContext:
+{{ toYaml .Values.securityContext | indent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
-    {{- end }}
-    {{- if .Values.nodeSelector }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
-    {{- end }}
+      {{- end }}
+      {{- if .Values.enabledHostNetwork }}
       hostNetwork: true
+      {{- end }}
+      {{- if .Values.enabledHostPID }}
       hostPID: true
-      {{- if and .Values.container .Values.container.volumes }}
+      {{- end }}
       volumes:
-{{ toYaml .Values.container.volumes | indent 6 }}
-      {{- end}}
+      - name: proc
+        hostPath:
+          path: /proc
+      - name: sys
+        hostPath:
+          path: /sys
+      - name: host
+        hostPath:
+          path: /

charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/prometheusrule.yaml

@@ -7,8 +7,8 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.prometheusRule.labels }}
-{{ toYaml .Values.prometheusRule.labels | indent 4 }}
+    {{- if .Values.prometheusRuleLabels }}
+{{ toYaml .Values.prometheusRuleLabels | indent 4 }}
     {{- end }}   
   name: {{ template "app.fullname" . }}
 spec:
@@ -16,19 +16,19 @@ spec:
   - name: node.rules
     rules:
     - record: instance:node_cpu:rate:sum
-      expr: sum(rate(node_cpu{mode!="idle",mode!="iowait"}[3m]))
+      expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[3m]))
         BY (instance)
     - record: instance:node_filesystem_usage:sum
-      expr: sum((node_filesystem_size{mountpoint="/"} - node_filesystem_free{mountpoint="/"}))
+      expr: sum((node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free{mountpoint="/"}))
         BY (instance)
     - record: instance:node_network_receive_bytes:rate:sum
-      expr: sum(rate(node_network_receive_bytes[3m])) BY (instance)
+      expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance)
     - record: instance:node_network_transmit_bytes:rate:sum
-      expr: sum(rate(node_network_transmit_bytes[3m])) BY (instance)
+      expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)
     - record: instance:node_cpu:ratio
-      expr: sum(rate(node_cpu{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance)
-        GROUP_LEFT() count(sum(node_cpu) BY (instance, cpu)) BY (instance)
+      expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance)
+        GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)
     - record: cluster:node_cpu:sum_rate5m
-      expr: sum(rate(node_cpu{mode!="idle",mode!="iowait"}[5m]))
+      expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m]))
     - record: cluster:node_cpu:ratio
-      expr: cluster:node_cpu:rate5m / count(sum(node_cpu) BY (instance, cpu))
+      expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu))
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/rbac.yaml

+{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRole
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - creat
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+imagePullSecrets: 
+{{ toYaml .Values.image.pullSecrets | indent 2 }}
+
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "app.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "app.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/service.yaml

@@ -7,9 +7,11 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-    monitoring.cattle.io: "true"
+    k8s-app: node
+    {{ .Values.apiGroup }}: "true"
 spec:
   type: ClusterIP
+  clusterIP: None
   selector:
     app: {{ template "app.name" . }}
     chart: {{ template "app.version" . }}

charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/servicemonitor.yaml

@@ -7,21 +7,33 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}    
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: node
   selector:
     matchLabels:
       app: {{ template "app.name" . }}
       chart: {{ template "app.version" . }}
       release: {{ .Release.Name }}
-      monitoring.cattle.io: "true"
+      {{ .Values.apiGroup }}: "true"
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace | quote }}
+    - {{ .Release.Namespace | quote }}
   endpoints:
   - port: metrics
     interval: 15s
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/exporter-node/values.yaml

@@ -4,6 +4,8 @@ enabledRBAC: true
 ##
 serviceAccountName: ""
 
+serviceAccountNameOverride: ""
+
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
@@ -14,13 +16,13 @@ ports:
   metrics:
     port: 9100
 
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-replicaCount: 1
+enabledHostNetwork: true
+
+enabledHostPID: true
 
 image:
   repository: quay.io/prometheus/node-exporter
-  tag: v0.16.0
+  tag: v0.17.0
 
 resources:
   limits:
@@ -30,46 +32,166 @@ resources:
     cpu: 100m
     memory: 30Mi
 
-container:
-  args:
-  - --path.procfs=/host/proc
-  - --path.sysfs=/host/sys
-
-  volumes:
-  - name: proc
-    hostPath:
-      path: /proc
-  - name: sys
-    hostPath:
-      path: /sys
-
-  volumeMounts:
-  - name: proc
-    mountPath: /host/proc
-    readOnly:  true
-  - name: sys
-    mountPath: /host/sys
-    readOnly: true
-
 ## Tolerations for use with node taints
 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 ##
 tolerations:
-- effect: NoSchedule
-  operator: Exists
+- operator: Exists
 
 ## Node Selector to constrain pods to run on particular nodes
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 ##
 nodeSelector: {}
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
+
+prometheusRuleLabels: {}
+
+collectors: {}
 
-prometheusRule:
-  ## Custom Labels to be added to PrometheusRule
-  ##
-  labels: {}
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 65534
 
+##
+# Default collector settings
+##
+defaultCollectorSettings:
+##
+# Enabled by default on Linux
+##
+  # Exposes ARP statistics from /proc/net/arp
+  arp:
+    enabled: true
+  # Exposes bcache statistics from /sys/fs/bcache/
+  bcache:
+    enabled: true
+  # Exposes the number of configured and active slaves of Linux bonding interfaces
+  bonding:
+    enabled: true
+  # Shows conntrack statistics (does nothing if no /proc/sys/net/netfilter/ present)
+  conntrack:
+    enabled: true
+  # Exposes CPU statistics
+  cpu:
+    enabled: true
+  # Exposes disk I/O statistics.
+  diskstats:
+    enabled: true
+  # Exposes error detection and correction statistics
+  edac:
+    enabled: true
+  # Exposes available entropy
+  entropy:
+    enabled: true
+  # Exposes file descriptor statistics from /proc/sys/fs/file-nr
+  filefd:
+    enabled: true
+  # Exposes filesystem statistics, such as disk space used
+  filesystem:
+    enabled: true
+  # Expose hardware monitoring and sensor data from /sys/class/hwmon/
+  hwmon:
+    enabled: true
+  # Exposes network statistics specific to InfiniBand and Intel OmniPath configurations
+  infiniband:
+    enabled: true
+  # Exposes IPVS status from /proc/net/ip_vs and stats from /proc/net/ip_vs_stats
+  ipvs:
+    enabled: true
+  # Exposes load average. Darwin, Dragonfly, FreeBSD, Linux, NetBSD, OpenBSD, Solaris
+  loadavg:
+    enabled: true
+  # Exposes statistics about devices in /proc/mdstat (does nothing if no /proc/mdstat present)
+  mdadm:
+    enabled: true
+  # Exposes memory statistics.
+  meminfo:
+    enabled: true
+  # Exposes network interface statistics such as bytes transferred
+  netdev:
+    enabled: true
+  # Exposes network statistics from /proc/net/netstat
+  netstat:
+    enabled: true
+  # Exposes NFS client statistics from /proc/net/rpc/nfs
+  nfs:
+    enabled: true
+  # Exposes NFS kernel server statistics from /proc/net/rpc/nfsd
+  nfsd:
+    enabled: true
+  # Exposes various statistics from /proc/net/sockstat
+  sockstat:
+    enabled: true
+  # Exposes various statistics from /proc/stat
+  stat:
+    enabled: true
+  # Exposes statistics read from local disk
+  textfile:
+    enabled: true
+  # Exposes the current system time
+  time:
+    enabled: true
+  # Exposes selected adjtimex(2) system call stats
+  timex:
+    enabled: true
+  # Exposes system information as provided by the uname system call
+  uname:
+    enabled: true
+  # Exposes statistics from /proc/vmstat
+  vmstat:
+    enabled: true
+  # Exposes XFS runtime statistics
+  xfs:
+    enabled: true
+  # Exposes ZFS performance statistics
+  zfs:
+    enabled: true
+##
+# Enabled by default on Linux
+##
+  # Exposes statistics of memory fragments as reported by /proc/buddyinfo
+  buddyinfo:
+    enabled: false
+  # Exposes Distributed Replicated Block Device statistics (to version 8.4)
+  drbd:
+    enabled: false
+  # Exposes detailed interrupts statistics
+  interrupts:
+    enabled: false
+  # Exposes kernel and system statistics from /sys/kernel/mm/ksm
+  ksmd:
+    enabled: false
+  # Exposes session counts from logind
+  logind:
+    enabled: false
+  # Exposes memory statistics from /proc/meminfo_numa
+  meminfo_numa:
+    enabled: false
+  # Exposes filesystem statistics from /proc/self/mountstats, exposes detailed NFS client statistics
+  mountstats:
+    enabled: false
+  # Exposes local NTP daemon health to check time
+  ntp:
+    enabled: false
+  # Exposes aggregate process statistics from /proc
+  processes:
+    enabled: false
+  # Exposes queuing discipline statistics
+  qdisc:
+    enabled: false
+  # Exposes service status from runit
+  runit:
+    enabled: false
+  # Exposes service status from supervisord
+  supervisord:
+    enabled: false
+  # Exposes service and system status from systemd
+  systemd:
+    enabled: false
+  # Exposes TCP connection status information from /proc/net/tcp and /proc/net/tcp6
+  tcpstat:
+    enabled: false
+  # Exposes WiFi device and station statistics
+  wifi:
+    enabled: false

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+
+{{- define "app.dashboards.fullname" -}}
+{{- $name := include "app.name" . -}}
+{{- printf "%s-%s-dashboards" $name .Release.Name -}}
+{{- end -}}
+
+
+{{- define "app.provisionings.fullname" -}}
+{{- $name := include "app.name" . -}}
+{{- printf "%s-%s-provisionings" $name .Release.Name -}}
+{{- end -}}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/dashboards-configmap.yaml

@@ -12,13 +12,3 @@ data:
 {{ (.Files.Glob "dashboards/c_*.json").AsConfig | indent 2 }}
 {{- end }}
 {{ (.Files.Glob "dashboards/w_*.json").AsConfig | indent 2 }}
-  prometheus-datasource.json: |+
-    {
-      "access": "proxy",
-      "basicAuth": false,
-      "editable": false,
-      "isDefault": true,
-      "name": "Rancher-Monitoring",
-      "type": "prometheus",
-      "url": "{{ .Values.prometheusDatasourceURL }}"
-    }

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/deployment.yaml

@@ -24,30 +24,30 @@ spec:
       initContainers:
       - name: grafana-init-plugin-json-copy
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        {{- if and .Values.resources .Values.resources.inits }}
+        resources:
+{{ toYaml .Values.resources.inits | indent 10 }}
+        {{- end }}
         volumeMounts:
         - name: grafana-static-hooks
           mountPath: /run.sh
           subPath: copy-datasource-plugin-json.sh
         - name: grafana-static-contents
           mountPath: /host
+      - name: grafana-init-plugin-json-modify
+        image: {{ .Values.image.tool.repository }}:{{ .Values.image.tool.tag }}
+        command:
+        - /usr/bin/modify-datasource-plugin-json.sh
         {{- if and .Values.resources .Values.resources.inits }}
         resources:
 {{ toYaml .Values.resources.inits | indent 10 }}
         {{- end }}
-      - name: grafana-init-plugin-json-modify
-        image: {{ .Values.image.inits.tools.repository }}:{{ .Values.image.inits.tools.tag }}
-        command:
-        - /usr/bin/modify-datasource-plugin-json.sh
         volumeMounts:
         - name: grafana-static-hooks
           mountPath: /usr/bin/modify-datasource-plugin-json.sh
           subPath: modify-datasource-plugin-json.sh
         - name: grafana-static-contents
           mountPath: /host
-        {{- if and .Values.resources .Values.resources.inits }}
-        resources:
-{{ toYaml .Values.resources.inits | indent 10 }}
-        {{- end }}
       containers:
       - name: grafana
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
@@ -56,16 +56,6 @@ spec:
           value: "true"
         - name: GF_AUTH_ANONYMOUS_ENABLED
           value: "true"
-        - name: GF_SECURITY_ADMIN_USER
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "app.fullname" . }}
-              key: user
-        - name: GF_SECURITY_ADMIN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "app.fullname" . }}
-              key: password
 {{- if .Values.extraVars }}
 {{ toYaml .Values.extraVars | indent 8 }}
 {{- end }}
@@ -75,10 +65,14 @@ spec:
         - name: grafana-static-contents
           mountPath: /usr/share/grafana/public/app/plugins/datasource/prometheus/plugin.json
           subPath: grafana/plugin.json
-      {{- if .Values.mountGrafanaConfig }}
-        - name: grafana-config
-          mountPath: /etc/grafana
-      {{- end }}
+        - name: grafana-dashboards
+          mountPath: /var/lib/grafana/rancher-dashboards
+        - name: grafana-provisionings
+          mountPath: /etc/grafana/provisioning/dashboards/all.yaml
+          subPath: dashboards.yaml
+        - name: grafana-provisionings
+          mountPath: /etc/grafana/provisioning/datasources/all.yaml
+          subPath: datasources.yaml
         ports:
         - name: web
           containerPort: 3000
@@ -95,38 +89,8 @@ spec:
         resources:
 {{ toYaml .Values.resources.core | indent 10 }}
         {{- end }}
-      - name: grafana-watcher
-        image: {{ .Values.grafanaWatcher.repository }}:{{ .Values.grafanaWatcher.tag }}
-        args:
-          - '--grafana-url=http://127.0.0.1:3000'
-          - '--watch-dir=/var/grafana-dashboards'
-          {{- range .Values.dashboardConfigmaps }}
-          - '--watch-dir=/var/additional-dashboards/{{ . }}'
-          {{- end }}
-        env:
-        - name: GRAFANA_USER
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "app.fullname" . }}
-              key: user
-        - name: GRAFANA_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "app.fullname" . }}
-              key: password
-        {{- if and .Values.resources .Values.resources.watcher }}
-        resources:
-{{ toYaml .Values.resources.watcher | indent 10 }}
-        {{- end }}
-        volumeMounts:
-          - name: grafana-dashboards
-            mountPath: /var/grafana-dashboards
-    {{- range .Values.dashboardConfigmaps }}
-          - name: {{ . }}
-            mountPath: /var/additional-dashboards/{{ . }}
-    {{- end }}
       - name: grafana-proxy
-        image: {{ .Values.grafanaProxy.repository }}:{{ .Values.grafanaProxy.tag }}
+        image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
         args:
         - nginx
         - -g
@@ -149,7 +113,7 @@ spec:
     {{ toYaml .Values.nodeSelector | indent 4 }}
     {{- end }}
     {{- if .Values.enabledRBAC }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
+      serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
     {{- end }}
     {{- if .Values.tolerations }}
       tolerations:
@@ -182,8 +146,6 @@ spec:
       - name: grafana-dashboards
         configMap:
           name: {{ template "app.dashboards.fullname" . }}
-      {{- range .Values.dashboardConfigmaps }}
-        - name: {{ . }}
-          configMap:
-            name: {{ . }}
-      {{- end }}
+      - name: grafana-provisionings
+        configMap:
+          name: {{ template "app.provisionings.fullname" . }}

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/metrics-service.yaml

@@ -7,14 +7,15 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-    monitoring.cattle.io: "true"
+    {{ .Values.apiGroup }}: "true"
 spec:
   type: ClusterIP
+  clusterIP: None
   selector:
     app: {{ template "app.name" . }}
     chart: {{ template "app.version" . }}
     release: {{ .Release.Name }}
   ports:
-    - name: web
+    - name: metrics
       port: 3000
       targetPort: web
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/nginx-configmap.yaml

@@ -10,36 +10,41 @@ metadata:
     component: nginx
 data:
   nginx.conf: |-
-    user  nginx;
-    worker_processes  auto;
-    error_log  /dev/null warn;
-    pid        /var/run/nginx.pid;
-    
+    user                  nginx;
+    worker_processes      auto;
+    error_log             /dev/null warn;
+    pid                   /var/run/nginx.pid;
+
     events {
-       worker_connections  1024;
+       worker_connections 1024;
     }
 
     http {
-      include /etc/nginx/mime.types;
+      include       /etc/nginx/mime.types;
+      log_format    main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
 
-      log_format  main  '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
+      proxy_connect_timeout       10;
+      proxy_read_timeout          180;
+      proxy_send_timeout          5;
+      proxy_buffer_size           16k;
+      proxy_buffers               4 32k;
+      proxy_busy_buffers_size     64k;
+      proxy_temp_file_write_size  64k;
+      proxy_temp_path             /tmp/temp_dir;
+      proxy_cache_path            /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
 
       server {
-        listen 80;
-
-        access_log off;
+        listen          80;
+        access_log      off;
 
-        gzip on;
+        gzip            on;
         gzip_min_length 1k;
         gzip_comp_level 2;
-        gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
-        gzip_vary on;
-        gzip_disable "MSIE [1-6]\.";
+        gzip_types      text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
+        gzip_vary       on;
+        gzip_disable    "MSIE [1-6]\.";
 
         proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
 
         location /api/dashboards {
           proxy_pass     http://localhost:3000;
@@ -54,6 +59,14 @@ data:
         }
 
         location / {
+          proxy_cache         my_zone;
+          proxy_cache_valid   200 302 1d;
+          proxy_cache_valid   301 30d;
+          proxy_cache_valid   any 5m;
+          proxy_cache_bypass  $http_cache_control;
+          add_header          X-Proxy-Cache $upstream_cache_status;
+          add_header          Cache-Control "public";
+          
           proxy_pass     http://localhost:3000/;
 
           sub_filter_types text/html;
@@ -61,8 +74,10 @@ data:
           sub_filter '"appSubUrl":""' '"appSubUrl":"."';
           sub_filter '"url":"/' '"url":"./';
           sub_filter ':"/avatar/' ':"avatar/';
-        }
 
+          if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
+            expires             90d;
+          }
+        }
       }
-
     }

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/provisionings-configmap.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.provisionings.fullname" . }}
+data:
+  dashboards.yaml: |+
+    - name: RANCHER_MONITORING
+      orgId: 1
+      folder: ''
+      type: file
+      disableDeletion: false
+      updateIntervalSeconds: 0 #never
+      options:
+        path: /var/lib/grafana/rancher-dashboards
+
+
+  datasources.yaml: |+
+    apiVersion: 1
+
+    datasources:
+    - name: RANCHER_MONITORING
+      type: prometheus
+      access: proxy
+      basicAuth: false
+      editable: false
+      isDefault: true
+      url: {{ .Values.prometheusDatasourceURL }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/rbac.yaml

+{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+imagePullSecrets: 
+{{ toYaml .Values.image.pullSecrets | indent 2 }}
+{{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/grafana/templates/servicemonitor.yaml

@@ -7,21 +7,33 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}    
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: grafana
   selector:
     matchLabels:
       app: {{ template "app.name" . }}
       chart: {{ template "app.version" . }}
       release: {{ .Release.Name }}
-      monitoring.cattle.io: "true"
+      {{ .Values.apiGroup }}: "true"
   namespaceSelector:
     matchNames:
       - {{ .Release.Namespace | quote }}
   endpoints:
-  - port: web
+  - port: metrics
     interval: 30s
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1

charts/rancher-monitoring/v0.0.2/charts/grafana/values.yaml

@@ -6,8 +6,6 @@ enabledRBAC: true
 ##
 serviceAccountName: ""
 
-enabledPSP: true
-
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
@@ -40,18 +38,17 @@ serviceMonitor:
 #   value: extra-var-value-2
 extraVars:
 
-adminUser: "admin"
-adminPassword: "admin"
-
 ## Grafana Docker image
 ##
 image:
   repository: grafana/grafana
   tag: 5.3.0
-  inits:
-    tools:
-      repository: maiwj/curl
-      tag: 7.56.1-r0
+  tool:
+    repository: rancher/prometheus-auth
+    tag: v0.1.0
+  proxy:
+    repository: nginx
+    tag: 1.15.8-alpine
 
 storageSpec: {}
 #   storageClassName: default
@@ -94,35 +91,5 @@ resources:
     requests:
       memory: 50Mi
       cpu: 50m
-  watcher:
-    limits:
-      memory: 50Mi
-      cpu: 50m
-    requests:
-      memory: 50Mi
-      cpu: 50m
-
-
-## A list of additional configmaps that contain -dashboard.json and/or -datasource.json files
-## that should be imported into grafana.
-dashboardConfigmaps: []
-
+      
 prometheusDatasourceURL: ""
-
-grafanaProxy:
-  repository: nginx
-  tag: 1.15.2
-
-grafanaWatcher:
-  repository: quay.io/coreos/grafana-watcher
-  tag: v0.0.8
-
-  ## Resource limits & requests
-  ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
-  resources: {}
-    #requests:
-    #  memory: "16Mi"
-    #  cpu: "50m"
-    #limits:
-    #  memory: "32Mi"
-    #  cpu: "100m"

charts/rancher-monitoring/v0.0.2/charts/prometheus/additionals/c-scrape_prometheus_io.yaml

+- job_name: 'prometheus-io-scrape'
+  kubernetes_sd_configs:
+  - role: pod
+    namespaces:
+      names:
+      - {{ .Release.Namespace }}
+      - ingress-nginx
+      - ingress-controller
+      - kube-system
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
+    action: keep
+    regex: true
+  - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
+    action: replace
+    target_label: __scheme__
+    regex: (https?)
+  - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
+    action: replace
+    target_label: __metrics_path__
+    regex: (.+)
+  - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
+    action: replace
+    target_label: __address__
+    regex: ([^:]+)(?::\d+)?;(\d+)
+    replacement: $1:$2
+  - source_labels: [__meta_kubernetes_pod_node_name]
+    action: replace
+    target_label: node
+    regex: (.+)
+    replacement: $1
+  - source_labels: [__meta_kubernetes_namespace]
+    action: replace
+    target_label: namespace
+    regex: (.+)
+    replacement: $1
+  - source_labels: [__meta_kubernetes_pod_name]
+    action: replace
+    target_label: pod
+    regex: (.+)
+    replacement: $1
+  - source_labels: [__meta_kubernetes_pod_ip]
+    action: replace
+    target_label: pod_ip
+    regex: (.+)
+    replacement: $1
+  - source_labels: [__meta_kubernetes_pod_host_ip]
+    action: replace
+    target_label: host_ip
+    regex: (.+)
+    replacement: $1
+  - source_labels: [__meta_kubernetes_pod_controller_kind]
+    action: replace
+    target_label: created_by_kind
+    regex: (.+)
+    replacement: $1
+  - source_labels: [__meta_kubernetes_pod_controller_name]
+    action: replace
+    target_label: created_by_kind
+    regex: (.+)
+    replacement: $1
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+
+{{- define "additional-scrape-configs.yaml" -}}
+{{- $root := . -}}
+{{- $yamls := dict -}}
+{{- if eq .Values.level "cluster" -}}
+  {{- range $path, $bytes := .Files.Glob "additionals/c-scrape_*.yaml" -}}
+    {{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
+  {{- end -}}
+{{- end -}}
+{{- range $path, $bytes := .Files.Glob "additionals/w-scrape_*.yaml" -}}
+  {{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
+{{- end -}}
+{{- if .Values.additionalScrapeConfigs -}}
+  {{- $_ := set $yamls (.Values.additionalScrapeConfigs | toYaml) "" -}}
+{{- end -}}
+{{- if $yamls -}}
+  {{- keys $yamls | join "\\n" | b64enc | quote -}}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "additional-alertmanager-configs.yaml" -}}
+{{- $root := . -}}
+{{- $yamls := dict -}}
+{{- if eq .Values.level "cluster" -}}
+  {{- range $path, $bytes := .Files.Glob "additionals/c-altermanager_*.yaml" -}}
+    {{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
+  {{- end -}}
+{{- end -}}
+{{- range $path, $bytes := .Files.Glob "additionals/w-altermanager_*.yaml" -}}
+  {{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
+{{- end -}}
+{{- if .Values.additionalAlertManagerConfigs -}}
+  {{- $_ := set $yamls (.Values.additionalAlertManagerConfigs | toYaml) "" -}}
+{{- end -}}
+{{- if $yamls -}}
+  {{- keys $yamls | join "\\n" | b64enc | quote -}}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "app.auth.fullname" -}}
+{{- $name := include "app.name" . -}}
+{{- printf "%s-auth-%s" $name .Release.Name -}}
+{{- end -}}

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/metrics-service.yaml

@@ -7,9 +7,10 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-    monitoring.cattle.io: "true"
+    {{ .Values.apiGroup }}: "true"
 spec:
   type: ClusterIP
+  clusterIP: None
   selector:
 {{- if .Values.labels }}
 {{ toYaml .Values.labels | indent 4 }}
@@ -19,6 +20,6 @@ spec:
     release: {{ .Release.Name }}
 {{- end }}
   ports:
-    - name: http
-      port: 9090
-      targetPort: web
\ No newline at end of file
+  - name: metrics
+    port: 9090
+    targetPort: web
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/nginx-comfigmap.yaml

@@ -10,47 +10,62 @@ metadata:
     component: nginx
 data:
   nginx.conf: |-
-    user  nginx;
-    worker_processes  auto;
-    error_log  /dev/null warn;
-    pid        /var/run/nginx.pid;
-    
+    user                  nginx;
+    worker_processes      auto;
+    error_log             /dev/null warn;
+    pid                   /var/run/nginx.pid;
+
     events {
-       worker_connections  1024;
+       worker_connections 1024;
     }
 
     http {
-      include /etc/nginx/mime.types;
+      include       /etc/nginx/mime.types;
+      log_format    main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
 
-      log_format  main  '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
+      proxy_connect_timeout       10;
+      proxy_read_timeout          180;
+      proxy_send_timeout          5;
+      proxy_buffer_size           16k;
+      proxy_buffers               4 32k;
+      proxy_busy_buffers_size     64k;
+      proxy_temp_file_write_size  64k;
+      proxy_temp_path             /tmp/temp_dir;
+      proxy_cache_path            /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
 
       server {
-        listen 80;
-
-        access_log off;
+        listen          80;
+        access_log      off;
 
-        gzip on;
+        gzip            on;
         gzip_min_length 1k;
         gzip_comp_level 2;
-        gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
-        gzip_vary on;
-        gzip_disable "MSIE [1-6]\.";
+        gzip_types      text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
+        gzip_vary       on;
+        gzip_disable    "MSIE [1-6]\.";
 
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Authorization "REPLACE_PARAM_AUTHORIZATION";
-        proxy_pass_header  Authorization;
+        proxy_set_header    Host $host;
+        proxy_set_header    Authorization "REPLACE_PARAM_AUTHORIZATION";
+        proxy_pass_header   Authorization;
 
         location / {
-          proxy_pass     http://prometheus-operated:9090/;
+          proxy_cache         my_zone;
+          proxy_cache_valid   200 302 1d;
+          proxy_cache_valid   301 30d;
+          proxy_cache_valid   any 5m;
+          proxy_cache_bypass  $http_cache_control;
+          add_header          X-Proxy-Cache $upstream_cache_status;
+          add_header          Cache-Control "public";
 
-          sub_filter_types text/html;
-          sub_filter_once off;
-          sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";';
-        }
+          proxy_pass          http://prometheus-operated:9090/;
 
-      }
+          sub_filter_types    text/html;
+          sub_filter_once     off;
+          sub_filter          'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";';
 
+          if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
+            expires             90d;
+          }
+        }
+      }
     }

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/nginx-deployment.yaml

@@ -24,12 +24,9 @@ spec:
         release: {{ .Release.Name }}
         component: nginx
     spec:
-      {{- if .Values.enabledRBAC }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-      {{- end }}
       initContainers:
       - name: nginx-init-auth-add
-        image: {{ .Values.image.inits.tools.repository }}:{{ .Values.image.inits.tools.tag }}
+        image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
         command:
         - /usr/bin/replace-config-by-auth.sh
         volumeMounts:
@@ -40,9 +37,13 @@ spec:
           mountPath: /host
         - name: prometheus-nginx-template
           mountPath: /template
+        {{- if and .Values.resources .Values.resources.inits }}
+        resources:
+{{ toYaml .Values.resources.inits | indent 10 }}
+        {{- end }}
       containers:
-      - name: nginx
-        image: nginx:1.15.2
+      - name: prometheus-proxy
+        image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
         args:
         - nginx
         - -g
@@ -52,10 +53,16 @@ spec:
         volumeMounts:
         - mountPath: /nginx
           name: prometheus-static-contents
+        {{- if and .Values.resources .Values.resources.proxy }}
+        resources:
+{{ toYaml .Values.resources.proxy | indent 10 }}
+        {{- end }}
         ports:
         - name: http
           containerPort: 80
-          protocol: TCP
+      {{- if .Values.enabledRBAC }}
+      serviceAccountName: {{ default (default (include "app.fullname" .) .Values.serviceAccountName) .Values.serviceAccountNameOverride }}
+      {{- end }}
       volumes:
       - name: prometheus-static-hooks
         configMap:

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/prometheus.yaml

@@ -11,8 +11,62 @@ metadata:
 {{- end }}
   name: {{ .Release.Name }}
 spec:
-{{- if .Values.listenLocal }}
+{{- if .Values.securityContext }}
+  securityContext:
+{{ toYaml .Values.securityContext | indent 4 }}
+{{- end }}
+{{- if eq .Values.level "cluster" }}
   listenLocal: true
+  containers:
+  - name: prometheus-agent
+    command:
+    - prometheus-auth
+    {{- if and .Values.auth .Values.auth.args }}
+    args:
+{{ toYaml .Values.auth.args | indent 6 }}
+    {{- end }}
+    {{- if and .Values.auth .Values.auth.env }}
+    env:
+{{ toYaml .Values.auth.env | indent 6 }}
+    {{- end }}
+    image: {{ .Values.image.auth.repository }}:{{ .Values.image.auth.tag }}
+    ports:
+    - containerPort: 9090
+      name: web
+      protocol: TCP
+    - containerPort: 9190
+      name: profile
+      protocol: TCP
+    livenessProbe:
+      failureThreshold: 6
+      httpGet:
+        path: /-/healthy
+        port: web
+        scheme: HTTP
+      periodSeconds: 5
+      successThreshold: 1
+      timeoutSeconds: 3
+    readinessProbe:
+      failureThreshold: 120
+      httpGet:
+        path: /-/ready
+        port: web
+        scheme: HTTP
+      periodSeconds: 5
+      successThreshold: 1
+      timeoutSeconds: 3
+    {{- if and .Values.resources .Values.resources.auth }}
+    resources:
+{{ toYaml .Values.resources.auth | indent 6 }}
+    {{- end }}
+{{- if .Values.sidecarsSpec }}
+{{ toYaml .Values.sidecarsSpec | indent 2 }}
+{{- end }}
+{{- else }} 
+  {{- if .Values.sidecarsSpec }}
+  containers:
+{{ toYaml .Values.sidecarsSpec | indent 2 }}
+  {{- end }}
 {{- end }}
   podMetadata:
     labels:
@@ -27,7 +81,7 @@ spec:
   alerting:
     alertmanagers:
 {{ toYaml .Values.alertingEndpoints | indent 6 }}
-{{- else }}
+{{- else if not (include "additional-alertmanager-configs.yaml" .) }}
   alerting:
     alertmanagers:
       - namespace: {{ .Release.Namespace }}
@@ -49,8 +103,10 @@ spec:
   paused: {{ .Values.paused }}
   replicas: {{ .Values.replicaCount }}
   logLevel:  {{ .Values.logLevel }}
+{{- if and .Values.resources .Values.resources.core }}
   resources:
-{{ toYaml .Values.resources | indent 4 }}
+{{ toYaml .Values.resources.core | indent 4 }}
+{{- end }}
   retention: "{{ .Values.retention }}"
 {{- if .Values.routePrefix }}
   routePrefix: "{{ .Values.routePrefix }}"
@@ -60,19 +116,15 @@ spec:
 {{ toYaml .Values.secrets | indent 4 }}
 {{- end }}
 {{- if .Values.enabledRBAC }}
-  serviceAccountName: {{ .Values.serviceAccountName }}
+  serviceAccountName: {{ default (default (include "app.fullname" .) .Values.serviceAccountName) .Values.serviceAccountNameOverride }}
 {{- end }}
 {{- if .Values.serviceMonitorNamespaceSelector }}
   serviceMonitorNamespaceSelector:
 {{ toYaml .Values.serviceMonitorNamespaceSelector | indent 4 }}
 {{- end }}
+{{- if .Values.serviceMonitorSelector }}
   serviceMonitorSelector:
-{{- if .Values.serviceMonitorsSelector }}
-{{ toYaml .Values.serviceMonitorsSelector | indent 4 }}
-{{- else }}
-    matchLabels:
-      source: rancher-monitoring
-      release: {{ .Release.Name }}
+{{ toYaml .Values.serviceMonitorSelector | indent 4 }}
 {{- end }}
 {{- if .Values.remoteRead }}
   remoteRead:
@@ -86,13 +138,9 @@ spec:
   ruleNamespaceSelector:
 {{ toYaml .Values.ruleNamespaceSelector | indent 4 }}
 {{- end }}
+{{- if .Values.ruleSelector }}
   ruleSelector:
-{{- if .Values.rulesSelector }}
-{{ toYaml .Values.rulesSelector | indent 4 }}
-{{- else }}
-    matchLabels:
-      source: rancher-monitoring
-      release: {{ .Release.Name }}
+{{ toYaml .Values.ruleSelector | indent 4 }}
 {{- end }}
 {{- if or .Values.storageSpec .Values.persistence.enabled }}
   storage:
@@ -126,19 +174,13 @@ spec:
   tolerations:
 {{ toYaml .Values.tolerations | indent 4 }}
 {{- end }}
-  imagePullSecrets: 
-{{ toYaml .Values.image.pullSecrets | indent 4 }}
-{{- if and .Values.additionalScrapeConfigsEnabled .Values.additionalScrapeConfigs  }}
+{{- if (include "additional-scrape-configs.yaml" .) }}
   additionalScrapeConfigs:
     name: {{ template "app.fullname" . }}-additional-scrape-configs
     key: additional-scrape-configs.yaml
 {{- end }}
-{{- if and .Values.additionalAlertManagerConfigsEnabled .Values.additionalAlertManagerConfigs }}
+{{- if (include "additional-alertmanager-configs.yaml" .) }}
   additionalAlertManagerConfigs:
     name: {{ template "app.fullname" . }}-additional-alertmanager-configs
     key: additional-alertmanager-configs.yaml
 {{- end }}
-{{- if .Values.sidecarsSpec }}
-  containers:
-{{ toYaml .Values.sidecarsSpec | indent 4 }}
-{{- end }}

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/rbac.yaml

+{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
+imagePullSecrets: 
+{{ toYaml .Values.image.pullSecrets | indent 2 }}
+
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRole
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ include "app.fullname" . }}-{{ .Release.Namespace }}
+rules:
+- nonResourceURLs: 
+  - "/metrics"
+  verbs:
+  - "get"
+- apiGroups:
+  - "extensions"
+  verbs: 
+  - "list"
+  - "watch"
+  resources:
+  - ingresses
+- apiGroups: 
+  - ""
+  verbs: 
+  - "list"
+  - "watch"
+  resources:
+  - services
+  - endpoints
+  - pods
+{{- if eq .Values.level "cluster" }}
+  - nodes
+- apiGroups:
+  - ""
+  resources:
+  - nodes/metrics
+  verbs:
+  - "get"
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - secrets
+  verbs:
+  - "list"
+  - "watch"
+  - "get"
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - "create"
+{{- end }}
+
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ include "app.fullname" . }}-{{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "app.fullname" . }}-{{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
+    namespace: {{ .Release.Namespace }}
+
+{{- if ne .Values.level "cluster" }}
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: Role
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ include "app.fullname" . }}
+rules:
+- apiGroups:
+  - "monitoring.cattle.io"
+  resources:
+  - prometheus
+  verbs:
+  - "view"
+
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: RoleBinding
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ include "app.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "app.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+
+{{- $rbacAPIVersion := include "rbac_api_version" .  }}
+{{- $appServiceAccountName := default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
+{{- $appName := include "app.name" . }}
+{{- $appVersion := include "app.version" . }}
+{{- $root := . -}}
+{{ range .Values.additionalBindingClusterRoles }}
+---
+apiVersion: {{ $rbacAPIVersion }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: {{ $appName }}
+    chart: {{ $appVersion }}
+    heritage: {{ $root.Release.Service }}
+    release: {{ $root.Release.Name }}
+  name: {{ . }}-additional-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $appServiceAccountName }}
+    namespace: {{ $root.Release.Namespace }}
+
+{{ end }}
+{{- end }}

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/secrets.yaml

-{{- if and .Values.additionalScrapeConfigsEnabled .Values.additionalScrapeConfigs  }}
+{{- if (include "additional-scrape-configs.yaml" .) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,10 +9,10 @@ metadata:
     release: {{ .Release.Name }}
   name: {{ template "app.fullname" . }}-additional-scrape-configs
 data:
-  additional-scrape-configs.yaml: {{ toYaml .Values.additionalScrapeConfigs | b64enc | quote }}
+  additional-scrape-configs.yaml: {{ template "additional-scrape-configs.yaml" . }}
 {{- end }}
 
-{{- if and .Values.additionalAlertManagerConfigsEnabled .Values.additionalAlertManagerConfigs }}
+{{- if (include "additional-alertmanager-configs.yaml" .) }}
 ---
 apiVersion: v1
 kind: Secret
@@ -24,5 +24,5 @@ metadata:
     release: {{ .Release.Name }}
   name: {{ template "app.fullname" . }}-additional-alertmanager-configs
 data:
-  additional-alertmanager-configs.yaml: {{ toYaml .Values.additionalAlertManagerConfigs | b64enc | quote }}
+  additional-alertmanager-configs.yaml: {{ template "additional-alertmanager-configs.yaml" . }}
 {{- end }}

charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/servicemonitor.yaml

@@ -7,21 +7,59 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: prometheus
   selector:
     matchLabels:
       app: {{ template "app.name" . }}
       chart: {{ template "app.version" . }}
       release: {{ .Release.Name }}
-      monitoring.cattle.io: "true"
+      {{ .Values.apiGroup }}: "true"
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace | quote }}
+    - {{ .Release.Namespace | quote }}
   endpoints:
-  - port: http
+  - port: metrics
     interval: 30s
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  {{- if eq .Values.level "cluster" }}
+  - port: metrics
+    interval: 15s
+    path: /_/metrics
+    metricRelabelings: 
+    - sourceLabels: 
+      - job
+      targetLabel: job
+      action: replace
+      regex: (.+)
+      replacement: expose-prometheus-auth-metrics
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      targetLabel: host_ip
+      action: replace
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: node
+      action: replace
+      regex: (.+)
+      replacement: $1
+  {{- end }}
+

charts/rancher-monitoring/v0.0.2/charts/prometheus/values.yaml

+level: cluster
+
 enabledRBAC: true
 
 ## Already exist ServiceAccount
 ##
 serviceAccountName: ""
 
+serviceAccountNameOverride: ""
+
 ## CRD apiGroup
 ##
 apiGroup: "monitoring.coreos.com"
@@ -25,10 +29,7 @@ externalLabels: {}
 ##
 externalUrl: ""
 
-serviceMonitor:
-  ## Custom Labels to be added to ServiceMonitor
-  ##
-  labels: {}
+serviceMonitorLabels: {}
 
 ##Custom Labels to be added to Prometheus Rules CRDs
 ##
@@ -37,15 +38,29 @@ additionalRulesLabels: {}
 ## Prometheus container image
 ##
 image:
-  ## Reference to one or more secrets to be used when pulling images
-  ##
-  pullSecrets: []
   repository: quay.io/prometheus/prometheus
   tag: v2.4.3
-  inits:
-    tools:
-      repository: maiwj/curl
-      tag: 7.56.1-r0
+  auth:
+    repository: rancher/prometheus-auth
+    tag: v0.1.0
+  proxy:
+    repository: nginx
+    tag: 1.15.8-alpine
+
+auth:
+  args:
+  - --log.debug
+  - agent
+  - start
+  - --agent.proxy-url
+  - http://localhost:9090
+  - --listen.address
+  - $(POD_IP):9090
+  env:
+  - name: POD_IP
+    valueFrom:
+      fieldRef:
+        fieldPath: status.podIP
 
 ## Labels to be added to the Prometheus
 ##
@@ -77,22 +92,45 @@ replicaCount: 1
 
 ## The remote_read spec configuration for Prometheus.
 ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
-remoteRead: {}
-  # remoteRead:
-  #   - url: http://remote1/read
+remoteRead: []
+# - url: http://remote1/read
 
 ## The remote_write spec configuriation for Prometheus.
 ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
-remoteWrite: {}
-  # remoteWrite:
-  #   - url: http://remote1/push
+remoteWrite: []
+# - url: http://remote1/push
 
 ## Resource limits & requests
 ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
-##
-resources: {}
-  # requests:
-  #   memory: 400Mi
+resources:
+  inits:
+    limits:
+      memory: 50Mi
+      cpu: 50m
+    requests:
+      memory: 50Mi
+      cpu: 50m
+  core:
+    limits:
+      memory: 500Mi
+      cpu: 1000m
+    requests:
+      memory: 100Mi
+      cpu: 100m
+  proxy:
+    limits:
+      memory: 100Mi
+      cpu: 100m
+    requests:
+      memory: 50Mi
+      cpu: 50m
+  auth:
+    limits:
+      memory: 200Mi
+      cpu: 500m
+    requests:
+      memory: 100Mi
+      cpu: 100m
 
 ## How long to retain metrics
 ##
@@ -106,20 +144,21 @@ routePrefix: ""
 ## Namespaces to be selected for PrometheusRules discovery.
 ## If unspecified, only the same namespace as the Prometheus object is in is used.
 ruleNamespaceSelector: {}
+
 ## Rules CRD selector
 ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md
 ##
-## 1. If `matchLabels` is used, `rules.additionalLabels` must contain all the labels from
+## 1. If `matchLabels` is used, `PrometheusRules` must contain all the labels from
 ##    `matchLabels` in order to be be matched by Prometheus
-## 2. If `matchExpressions` is used `rules.additionalLabels` must contain at least one label
+## 2. If `matchExpressions` is used `PrometheusRules` must contain at least one label
 ##    from `matchExpressions` in order to be matched by Prometheus
 ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
-rulesSelector: {}
- # rulesSelector: {
+ruleSelector: {}
+ # ruleSelector: {
  #   matchExpressions: [{key: prometheus, operator: In, values: [example-rules, example-rules-2]}]
  # }
  ### OR
- # rulesSelector: {
+ # ruleSelector: {
  #   matchLabels: {role: example-rules}
  # }
 
@@ -129,12 +168,19 @@ rulesSelector: {}
 ##
 secrets: []
 
+## Namespaces to be selected for ServiceMonitors discovery.
+## If unspecified, only the same namespace as the Prometheus object is in is used.
 serviceMonitorNamespaceSelector: {}
 
-## Service monitors selector
+## ServiceMonitor CRD selector
 ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md
 ##
-serviceMonitorsSelector: {}
+## 1. If `matchLabels` is used, `ServiceMonitors` must contain all the labels from
+##    `matchLabels` in order to be be matched by Prometheus
+## 2. If `matchExpressions` is used `ServiceMonitors` must contain at least one label
+##    from `matchExpressions` in order to be matched by Prometheus
+## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+serviceMonitorSelector: {}
 
 logLevel: "info"
 
@@ -160,7 +206,6 @@ persistence: {}
 ## Prometheus AdditionalScrapeConfigs
 ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
 ##
-additionalScrapeConfigsEnabled: false
 additionalScrapeConfigs: []
 # - job_name: "prometheus"
 #   static_configs:
@@ -170,14 +215,15 @@ additionalScrapeConfigs: []
 ## Prometheus AdditionalAlertManagerConfigs
 ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
 ##
-additionalAlertManagerConfigsEnabled: false
-additionalAlertManagerConfigs: {}
-# static_configs:
-# - targets:
-#   - "localhost:9093"
-
-listenLocal: false
+additionalAlertManagerConfigs: []
+# - static_configs:
+#   - targets:
+#     - "localhost:9093"
 
 sidecarsSpec: []
 # - name: sidecar
 #   image: registry/name:tag
+
+additionalBindingClusterRoles: []
+
+securityContext: {}

charts/rancher-monitoring/v0.0.2/templates/_helpers.tpl

@@ -45,12 +45,6 @@
 {{- end -}}
 
 
-{{- define "app.dashboards.fullname" -}}
-{{- $name := include "app.name" . -}}
-{{- printf "%s-%s-dashboards" $name .Release.Name -}}
-{{- end -}}
-
-
 {{- define "app.hooks.fullname" -}}
 {{- $name := include "app.name" . -}}
 {{- printf "%s-%s-hooks" $name .Release.Name -}}

charts/rancher-monitoring/v0.0.2/templates/deployment.yaml

@@ -31,25 +31,24 @@ spec:
             - --log-level={{ .Values.logLevel }}
             - --prometheus-config-reloader={{ .Values.image.prometheusConfigReloader.repository }}:{{ .Values.image.prometheusConfigReloader.tag }}
             - --config-reloader-image={{ .Values.image.configmapReload.repository }}:{{ .Values.image.configmapReload.tag }}
-            - --labels=monitoring.cattle.io=true
+            - --labels={{ .Values.apiGroup }}=true
             - --crd-apigroup={{ template "operator_api_group" . }}
             - --manage-crds={{ .Values.manageCRDs }}
             - --with-validation={{ .Values.withValidation }}
-            - --disable-auto-user-group={{ .Values.disableAutoUserGroup }}
           ports:
-            - containerPort: 8080
-              name: http
+          - containerPort: 8080
+            name: http
           resources:
 {{ toYaml .Values.resources | indent 12 }}
-    {{- if .Values.nodeSelector }}
+      {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
-    {{- end }}
-    {{- if .Values.enabledRBAC }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-    {{- end }}
-    {{- if .Values.tolerations }}
+      {{- end }}
+      {{- if .Values.enabledRBAC }}
+      serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
+      {{- end }}
+      {{- if .Values.tolerations }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
-    {{- end }}
+      {{- end }}
 {{- end }}

charts/rancher-monitoring/v0.0.2/templates/metrics-service.yaml

@@ -8,15 +8,16 @@ metadata:
     chart: {{ template "app.version" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-    monitoring.cattle.io: "true"
+    {{ .Values.apiGroup }}: "true"
 spec:
   type: ClusterIP
+  clusterIP: None
   selector:
     app: {{ template "app.name" . }}
     chart: {{ template "app.version" . }}
     release: {{ .Release.Name }}
   ports:
-    - name: http
+    - name: metrics
       port: 8080
       targetPort: http
 {{- end }}
\ No newline at end of file

charts/rancher-monitoring/v0.0.2/templates/rbac.yaml

+{{- if .Values.enabled }}
+{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRole
+metadata:
+  name: {{ template "app.fullname" . }}
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups: 
+  - {{ template "operator_api_group" . }}
+  resources: 
+  - alertmanager
+  - alertmanagers
+  - prometheus
+  - prometheuses
+  - service-monitor
+  - servicemonitors
+  - prometheusrules
+  - prometheuses/finalizers
+  - alertmanagers/finalizers
+  verbs: 
+  - "*"
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs: 
+  - "*"
+- apiGroups: [""]
+  resources:
+  - configmaps
+  - secrets
+  verbs: 
+  - "*"
+- apiGroups: [""]
+  resources:
+  - pods
+  verbs: 
+  - list
+  - delete
+- apiGroups: [""]
+  resources:
+  - services
+  - endpoints
+  verbs: 
+  - get
+  - create
+  - update
+- apiGroups: [""]
+  resources:
+  - nodes
+  - namespaces
+  verbs: 
+  - list
+  - watch
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "app.fullname" . }}
+imagePullSecrets: 
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+
+---
+apiVersion: {{ template "rbac_api_version" . }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "app.fullname" . }}
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.version" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "app.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "app.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}

charts/rancher-monitoring/v0.0.2/templates/servicemonitor.yaml

@@ -8,23 +8,35 @@ metadata:
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
     source: rancher-monitoring
-    {{- if .Values.serviceMonitor.labels }}
-{{ toYaml .Values.serviceMonitor.labels | indent 4 }}
+    {{- if .Values.serviceMonitorLabels }}
+{{ toYaml .Values.serviceMonitorLabels | indent 4 }}
     {{- end }}
   name: {{ template "app.fullname" . }}
 spec:
-  jobLabel: prometheus-operator
   selector:
     matchLabels:
       app: {{ template "app.name" . }}
       chart: {{ template "app.version" . }}
       release: {{ .Release.Name }}
-      monitoring.cattle.io: "true"
+      {{ .Values.apiGroup }}: "true"
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace | quote }}
+    - {{ .Release.Namespace | quote }}
   endpoints:
-  - port: http
+  - port: metrics
     interval: 30s
     honorLabels: true
+    relabelings:
+    - sourceLabels:
+      - __meta_kubernetes_pod_host_ip
+      action: replace
+      targetLabel: host_ip
+      regex: (.+)
+      replacement: $1
+    - sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      action: replace
+      targetLabel: node
+      regex: (.+)
+      replacement: $1
 {{- end }}