kube-prometheus-stack

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# Default values for kube-prometheus-stack.

# This is a YAML-formatted file.

# Declare variables to be passed into your templates.

## Provide a name in place of kube-prometheus-stack for `app:` labels

nameOverride: ""

## Override the deployment namespace

namespaceOverride: ""

## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6

kubeTargetVersionOverride: ""

## Allow kubeVersion to be overridden while creating the ingress

kubeVersionOverride: ""

## Provide a name to substitute for the full names of resources

fullnameOverride: ""

## Labels to apply to all resources

commonLabels: {}

# scmhash: abc123

# myLabel: aakkmd

## Install Prometheus Operator CRDs

crds:

enabled: true

## The CRD upgrade job mitigates the limitation of helm not being able to upgrade CRDs.

## The job will apply the CRDs to the cluster before the operator is deployed, using helm hooks.

## It deploys a corresponding clusterrole, clusterrolebinding and serviceaccount to apply the CRDs.

## This feature is in preview, off by default and may change in the future.

upgradeJob:

enabled: false

forceConflicts: false

image:

busybox:

registry: cgr.dev

repository: chainguard-private/busybox

tag: latest@sha256:acad249c0a9cb8a50a17e453f590e9d95c2d35001ed5dcba37a4020740b671a9

sha: ""

pullPolicy: IfNotPresent

kubectl:

registry: cgr.dev

repository: chainguard-private/kubectl

tag: latest

sha: sha256:db9b26e5737932ff3b6e09f6b2069d7bf224b9f4499839b712cca61de1b36756

pullPolicy: IfNotPresent

env: {}

## Define resources requests and limits for single Pods.

## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

resources: {}

## Additional volumes

extraVolumes: []

## Additional volume mounts

extraVolumeMounts: []

## Define which Nodes the Pods are scheduled on.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

nodeSelector: {}

## Assign custom affinity rules to the upgrade-crd job

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

affinity: {}

# nodeAffinity:

# requiredDuringSchedulingIgnoredDuringExecution:

# nodeSelectorTerms:

# - matchExpressions:

# - key: kubernetes.io/e2e-az-name

# operator: In

# values:

# - e2e-az1

# - e2e-az2

## If specified, the pod's tolerations.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

tolerations: []

# - key: "key"

# operator: "Equal"

# value: "value"

# effect: "NoSchedule"

## If specified, the pod's topology spread constraints.

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/

topologySpreadConstraints: []

# - maxSkew: 1

# topologyKey: topology.kubernetes.io/zone

# whenUnsatisfiable: DoNotSchedule

# labelSelector:

# matchLabels:

# app: alertmanager

# ## Labels to add to the upgrade-crd job

100

# ##

101

labels: {}

102

## Annotations to add to the upgrade-crd job

103

104

annotations: {}

105

## Labels to add to the upgrade-crd pod

106

107

podLabels: {}

108

## Annotations to add to the upgrade-crd pod

109

110

podAnnotations: {}

111

## Service account for upgrade crd job to use.

112

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

113

114

serviceAccount:

115

create: true

116

117

annotations: {}

118

labels: {}

119

automountServiceAccountToken: true

120

## Automounting API credentials for upgrade crd job pod.

121

122

automountServiceAccountToken: true

123

## Container-specific security context configuration

124

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

125

126

containerSecurityContext:

127

allowPrivilegeEscalation: false

128

readOnlyRootFilesystem: true

129

capabilities:

130

drop:

131

- ALL

132

## SecurityContext holds pod-level security attributes and common container settings.

133

## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false

134

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

135

136

podSecurityContext:

137

fsGroup: 65534

138

runAsGroup: 65534

139

runAsNonRoot: true

140

runAsUser: 65534

141

seccompProfile:

142

type: RuntimeDefault

143

## Custom rules to override "for" and "severity" in defaultRules

144

145

customRules: {}

146

# AlertmanagerFailedReload:

147

# for: 3m

148

# AlertmanagerMembersInconsistent:

149

# for: 5m

150

# severity: "warning"

151

152

## Create default rules for monitoring the cluster

153

154

defaultRules:

155

create: true

156

rules:

157

alertmanager: true

158

etcd: true

159

configReloaders: true

160

general: true

161

k8sContainerCpuUsageSecondsTotal: true

162

k8sContainerMemoryCache: true

163

k8sContainerMemoryRss: true

164

k8sContainerMemorySwap: true

165

k8sContainerResource: true

166

k8sContainerMemoryWorkingSetBytes: true

167

k8sPodOwner: true

168

kubeApiserverAvailability: true

169

kubeApiserverBurnrate: true

170

kubeApiserverHistogram: true

171

kubeApiserverSlos: true

172

kubeControllerManager: true

173

kubelet: true

174

kubeProxy: true

175

kubePrometheusGeneral: true

176

kubePrometheusNodeRecording: true

177

kubernetesApps: true

178

kubernetesResources: true

179

kubernetesStorage: true

180

kubernetesSystem: true

181

kubeSchedulerAlerting: true

182

kubeSchedulerRecording: true

183

kubeStateMetrics: true

184

network: true

185

node: true

186

nodeExporterAlerting: true

187

nodeExporterRecording: true

188

prometheus: true

189

prometheusOperator: true

190

windows: true

191

# Defines the operator for namespace selection in rules

192

# Use "=~" to include namespaces matching the pattern (default)

193

# Use "!~" to exclude namespaces matching the pattern

194

appNamespacesOperator: "=~"

195

## Reduce app namespace alert scope

196

appNamespacesTarget: ".*"

197

## Set keep_firing_for for all alerts

198

keepFiringFor: ""

199

## Labels for default rules

200

labels: {}

201

## Annotations for default rules

202

annotations: {}

203

## Additional labels for PrometheusRule alerts

204

additionalRuleLabels: {}

205

## Additional annotations for PrometheusRule alerts

206

additionalRuleAnnotations: {}

207

## Additional labels for specific PrometheusRule alert groups

208

additionalRuleGroupLabels:

209

alertmanager: {}

210

etcd: {}

211

configReloaders: {}

212

general: {}

213

k8sContainerCpuUsageSecondsTotal: {}

214

k8sContainerMemoryCache: {}

215

k8sContainerMemoryRss: {}

216

k8sContainerMemorySwap: {}

217

k8sContainerResource: {}

218

k8sPodOwner: {}

219

kubeApiserverAvailability: {}

220

kubeApiserverBurnrate: {}

221

kubeApiserverHistogram: {}

222

kubeApiserverSlos: {}

223

kubeControllerManager: {}

224

kubelet: {}

225

kubeProxy: {}

226

kubePrometheusGeneral: {}

227

kubePrometheusNodeRecording: {}

228

kubernetesApps: {}

229

kubernetesResources: {}

230

kubernetesStorage: {}

231

kubernetesSystem: {}

232

kubeSchedulerAlerting: {}

233

kubeSchedulerRecording: {}

234

kubeStateMetrics: {}

235

network: {}

236

node: {}

237

nodeExporterAlerting: {}

238

nodeExporterRecording: {}

239

prometheus: {}

240

prometheusOperator: {}

241

## Additional annotations for specific PrometheusRule alert groups

242

additionalRuleGroupAnnotations:

243

alertmanager: {}

244

etcd: {}

245

configReloaders: {}

246

general: {}

247

k8sContainerCpuUsageSecondsTotal: {}

248

k8sContainerMemoryCache: {}

249

k8sContainerMemoryRss: {}

250

k8sContainerMemorySwap: {}

251

k8sContainerResource: {}

252

k8sPodOwner: {}

253

kubeApiserverAvailability: {}

254

kubeApiserverBurnrate: {}

255

kubeApiserverHistogram: {}

256

kubeApiserverSlos: {}

257

kubeControllerManager: {}

258

kubelet: {}

259

kubeProxy: {}

260

kubePrometheusGeneral: {}

261

kubePrometheusNodeRecording: {}

262

kubernetesApps: {}

263

kubernetesResources: {}

264

kubernetesStorage: {}

265

kubernetesSystem: {}

266

kubeSchedulerAlerting: {}

267

kubeSchedulerRecording: {}

268

kubeStateMetrics: {}

269

network: {}

270

node: {}

271

nodeExporterAlerting: {}

272

nodeExporterRecording: {}

273

prometheus: {}

274

prometheusOperator: {}

275

additionalAggregationLabels: []

276

## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules.

277

runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks"

278

## Thresholds for kubelet certificate expiration alerts (in seconds)

279

kubeletServerCertificateExpiration:

280

warning: 604800 # 7 days

281

critical: 86400 # 1 day

282

kubeletClientCertificateExpiration:

283

warning: 604800 # 7 days

284

critical: 86400 # 1 day

285

node:

286

fsSelector: 'fstype!=""'

287

# fsSelector: 'fstype=~"ext[234]|btrfs|xfs|zfs"'

288

## Disabled PrometheusRule alerts

289

disabled: {}

290

# KubeAPIDown: true

291

# NodeRAIDDegraded: true

292

## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster.

293

294

# additionalPrometheusRules: []

295

# - name: my-rule-file

296

# groups:

297

# - name: my_group

298

# rules:

299

# - record: my_record

300

# expr: 100 * my_record

301

302

## Provide custom recording or alerting rules to be deployed into the cluster.

303

304

additionalPrometheusRulesMap: {}

305

# rule-name:

306

# groups:

307

# - name: my_group

308

# rules:

309

# - record: my_record

310

# expr: 100 * my_record

311

312

313

global:

314

rbac:

315

create: true

316

## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs

317

## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles

318

createAggregateClusterRoles: false

319

## Global image registry to use if it needs to be overridden for some specific use cases (e.g. local registries, custom images, ...)

320

321

imageRegistry: ""

322

## Reference to one or more secrets to be used when pulling images

323

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

324

325

imagePullSecrets: []

326

# - name: "image-pull-secret"

327

# or

328

# - "image-pull-secret"

329

windowsMonitoring:

330

## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter')

331

enabled: false

332

## Configuration for prometheus-windows-exporter

333

## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter

334

335

prometheus-windows-exporter:

336

## Enable ServiceMonitor and set Kubernetes label to use as a job label

337

338

prometheus:

339

monitor:

340

enabled: true

341

jobLabel: jobLabel

342

releaseLabel: true

343

## Set job label to 'windows-exporter' as required by the default Prometheus rules and Grafana dashboards

344

345

podLabels:

346

jobLabel: windows-exporter

347

## Enable memory and container metrics as required by the default Prometheus rules and Grafana dashboards

348

349

config: |-

350

collectors:

351

enabled: '[defaults],memory,container'

352

## Configuration for alertmanager

353

## ref: https://prometheus.io/docs/alerting/alertmanager/

354

355

alertmanager:

356

## Deploy alertmanager

357

358

enabled: true

359

# Optional: Override the namespace where Alertmanager will be deployed.

360

namespaceOverride: ""

361

## Annotations for Alertmanager

362

363

annotations: {}

364

## Additional labels for Alertmanager

365

366

additionalLabels: {}

367

## API that Prometheus will use to communicate with alertmanager. Possible values are v1, v2

368

369

apiVersion: v2

370

## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features.

371

372

enableFeatures: []

373

## Create dashboard configmap even if alertmanager deployment has been disabled

374

375

forceDeployDashboards: false

376

## Network Policy configuration

377

378

networkPolicy:

379

# -- Enable network policy for Alertmanager

380

enabled: false

381

# -- Define policy types. If egress is enabled, both Ingress and Egress will be used

382

# Valid values are ["Ingress"] or ["Ingress", "Egress"]

383

384

policyTypes:

385

- Ingress

386

# -- Gateway (formerly ingress controller) configuration

387

388

gateway:

389

# -- Gateway namespace

390

391

namespace: ""

392

# -- Gateway pod labels

393

394

podLabels: {}

395

# app.kubernetes.io/name: ingress-nginx

396

# -- Additional custom ingress rules

397

398

additionalIngress: []

399

# - from:

400

# - namespaceSelector:

401

# matchLabels:

402

# name: another-namespace

403

# podSelector:

404

# matchLabels:

405

# app: another-app

406

# - from:

407

# - podSelector:

408

# matchLabels:

409

# app.kubernetes.io/name: loki

410

# ports:

411

# - port: 9093

412

# protocol: TCP

413

414

# -- Configure egress rules

415

416

egress:

417

# -- Enable egress rules. When enabled, policyTypes will include Egress

418

419

enabled: false

420

# -- Custom egress rules

421

422

rules: []

423

# - to:

424

# - namespaceSelector: {}

425

# podSelector:

426

# matchLabels:

427

# name: smtp-relay

428

# ports:

429

# - port: 25

430

# protocol: TCP

431

# -- Enable rules for alertmanager cluster traffic

432

433

enableClusterRules: true

434

# -- Configure monitoring component rules

435

436

monitoringRules:

437

# -- Enable ingress from Prometheus

438

439

prometheus: true

440

# -- Enable ingress for config reloader metrics

441

442

configReloader: true

443

## Service account for Alertmanager to use.

444

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

445

446

serviceAccount:

447

create: true

448

449

annotations: {}

450

automountServiceAccountToken: true

451

## Configure pod disruption budgets for Alertmanager

452

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget

453

454

podDisruptionBudget:

455

enabled: false

456

minAvailable: 1

457

# maxUnavailable: ""

458

unhealthyPodEvictionPolicy: AlwaysAllow

459

## Enable vertical pod autoscaler support for Alertmanager

460

## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler

461

462

verticalPodAutoscaler:

463

enabled: false

464

# Recommender responsible for generating recommendation for the object.

465

# List should be empty (then the default recommender will generate the recommendation)

466

# or contain exactly one recommender.

467

# recommenders:

468

# - name: custom-recommender-performance

469

470

# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

471

controlledResources: []

472

# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.

473

# controlledValues: RequestsAndLimits

474

475

# Define the max allowed resources for the pod

476

maxAllowed: {}

477

# cpu: 200m

478

# memory: 100Mi

479

# Define the min allowed resources for the pod

480

minAllowed: {}

481

# cpu: 200m

482

# memory: 100Mi

483

484

updatePolicy:

485

# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates

486

# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".

487

updateMode: Recreate

488

## Alertmanager configuration directives

489

## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file

490

## https://prometheus.io/webtools/alerting/routing-tree-editor/

491

492

config:

493

global:

494

resolve_timeout: 5m

495

inhibit_rules:

496

- source_matchers:

497

- 'severity = critical'

498

target_matchers:

499

- 'severity =~ warning|info'

500

equal:

501

- 'namespace'

502

- 'alertname'

503

- source_matchers:

504

- 'severity = warning'

505

target_matchers:

506

- 'severity = info'

507

equal:

508

- 'namespace'

509

- 'alertname'

510

- source_matchers:

511

- 'alertname = InfoInhibitor'

512

target_matchers:

513

- 'severity = info'

514

equal:

515

- 'namespace'

516

- target_matchers:

517

- 'alertname = InfoInhibitor'

518

route:

519

group_by: ['namespace']

520

group_wait: 30s

521

group_interval: 5m

522

repeat_interval: 12h

523

receiver: 'null'

524

routes:

525

- receiver: 'null'

526

matchers:

527

- alertname = "Watchdog"

528

receivers:

529

- name: 'null'

530

templates:

531

- '/etc/alertmanager/config/*.tmpl'

532

## Alertmanager configuration directives (as string type, preferred over the config hash map)

533

## stringConfig will be used only if tplConfig is true

534

## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file

535

## https://prometheus.io/webtools/alerting/routing-tree-editor/

536

537

stringConfig: ""

538

## Pass the Alertmanager configuration directives through Helm's templating

539

## engine. If the Alertmanager configuration contains Alertmanager templates,

540

## they'll need to be properly escaped so that they are not interpreted by

541

## Helm

542

## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function

543

## https://prometheus.io/docs/alerting/configuration/#tmpl_string

544

## https://prometheus.io/docs/alerting/notifications/

545

## https://prometheus.io/docs/alerting/notification_examples/

546

tplConfig: false

547

## Alertmanager template files to format alerts

548

## By default, templateFiles are placed in /etc/alertmanager/config/ and if

549

## they have a .tmpl file suffix will be loaded. See config.templates above

550

## to change, add other suffixes. If adding other suffixes, be sure to update

551

## config.templates above to include those suffixes.

552

## ref: https://prometheus.io/docs/alerting/notifications/

553

## https://prometheus.io/docs/alerting/notification_examples/

554

555

templateFiles: {}

556

557

## An example template:

558

# template_1.tmpl: |-

559

# {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}

560

561

# {{ define "slack.myorg.text" }}

562

# {{- $root := . -}}

563

# {{ range .Alerts }}

564

# *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`

565

# *Cluster:* {{ template "cluster" $root }}

566

# *Description:* {{ .Annotations.description }}

567

# *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>

568

# *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>

569

# *Details:*

570

# {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`

571

# {{ end }}

572

# {{ end }}

573

# {{ end }}

574

575

ingress:

576

enabled: false

577

ingressClassName: ""

578

annotations: {}

579

labels: {}

580

## Override ingress to a different defined port on the service

581

# servicePort: 8081

582

## Override ingress to a different service then the default, this is useful if you need to

583

## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0)

584

# serviceName: kube-prometheus-stack-alertmanager-0

585

586

## Hosts must be provided if Ingress is enabled.

587

588

hosts: []

589

# - alertmanager.domain.com

590

591

## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix

592

593

paths: []

594

# - /

595

596

## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)

597

## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types

598

# pathType: ImplementationSpecific

599

600

## TLS configuration for Alertmanager Ingress

601

## Secret must be manually created in the namespace

602

603

tls: []

604

# - secretName: alertmanager-general-tls

605

# hosts:

606

# - alertmanager.example.com

607

# -- BETA: Configure the gateway routes for the chart here.

608

# More routes can be added by adding a dictionary key like the 'main' route.

609

# Be aware that this is an early beta of this feature,

610

# kube-prometheus-stack does not guarantee this works and is subject to change.

611

# Being BETA this can/will change in the future without notice, do not use unless you want to take that risk

612

# [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)

613

route:

614

main:

615

# -- Enables or disables the route

616

enabled: false

617

# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2

618

apiVersion: gateway.networking.k8s.io/v1

619

# -- Set the route kind

620

# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute

621

kind: HTTPRoute

622

annotations: {}

623

labels: {}

624

hostnames: []

625

# - my-filter.example.com

626

parentRefs: []

627

# - name: acme-gw

628

629

# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)

630

## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.

631

## matches, filters and additionalRules will be ignored if this is set to true. Be are

632

httpsRedirect: false

633

matches:

634

- path:

635

type: PathPrefix

636

value: /

637

## Filters define the filters that are applied to requests that match this rule.

638

filters: []

639

## Session persistence configuration for the route rule.

640

sessionPersistence: {}

641

# sessionName: route

642

# type: Cookie

643

# absoluteTimeout: 12h

644

# cookieConfig:

645

# lifetimeType: Permanent

646

647

## Additional custom rules that can be added to the route

648

additionalRules: []

649

## Configuration for Alertmanager secret

650

651

secret:

652

annotations: {}

653

## Configuration for creating an Ingress that will map to each Alertmanager replica service

654

## alertmanager.servicePerReplica must be enabled

655

656

ingressPerReplica:

657

enabled: false

658

ingressClassName: ""

659

annotations: {}

660

labels: {}

661

## Final form of the hostname for each per replica ingress is

662

## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}

663

664

## Prefix for the per replica ingress that will have `-$replicaNumber`

665

## appended to the end

666

hostPrefix: ""

667

## Domain that will be used for the per replica ingress

668

hostDomain: ""

669

## Paths to use for ingress rules

670

671

paths: []

672

# - /

673

674

## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)

675

## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types

676

# pathType: ImplementationSpecific

677

678

## Secret name containing the TLS certificate for alertmanager per replica ingress

679

## Secret must be manually created in the namespace

680

tlsSecretName: ""

681

## Separated secret for each per replica Ingress. Can be used together with cert-manager

682

683

tlsSecretPerReplica:

684

enabled: false

685

## Final form of the secret for each per replica ingress is

686

## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}

687

688

prefix: "alertmanager"

689

## Configuration for Alertmanager service

690

691

service:

692

enabled: true

693

annotations: {}

694

labels: {}

695

clusterIP: ""

696

ipDualStack:

697

enabled: false

698

ipFamilies: ["IPv6", "IPv4"]

699

ipFamilyPolicy: "PreferDualStack"

700

## Port for Alertmanager Service to listen on

701

702

port: 9093

703

## Port for Alertmanager cluster communication

704

705

# clusterPort: 9094

706

## To be used with a proxy extraContainer port

707

708

targetPort: 9093

709

## Port to expose on each node

710

## Only used if service.type is 'NodePort'

711

712

nodePort: 30903

713

## List of IP addresses at which the Prometheus server service is available

714

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips

715

716

717

## Additional ports to open for Alertmanager service

718

719

additionalPorts: []

720

# - name: oauth-proxy

721

# port: 8081

722

# targetPort: 8081

723

# - name: oauth-metrics

724

# port: 8082

725

# targetPort: 8082

726

727

externalIPs: []

728

loadBalancerIP: ""

729

loadBalancerSourceRanges: []

730

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

731

732

externalTrafficPolicy: Cluster

733

## If you want to make sure that connections from a particular client are passed to the same Pod each time

734

## Accepts 'ClientIP' or 'None'

735

736

sessionAffinity: None

737

## If you want to modify the ClientIP sessionAffinity timeout

738

## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP"

739

740

sessionAffinityConfig:

741

clientIP:

742

timeoutSeconds: 10800

743

## Service type

744

745

type: ClusterIP

746

## Configuration for creating a separate Service for each statefulset Alertmanager replica

747

748

servicePerReplica:

749

enabled: false

750

annotations: {}

751

## Port for Alertmanager Service per replica to listen on

752

753

port: 9093

754

## To be used with a proxy extraContainer port

755

targetPort: 9093

756

## Port to expose on each node

757

## Only used if servicePerReplica.type is 'NodePort'

758

759

nodePort: 30904

760

## Loadbalancer source IP ranges

761

## Only used if servicePerReplica.type is "LoadBalancer"

762

loadBalancerSourceRanges: []

763

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

764

765

externalTrafficPolicy: Cluster

766

## Service type

767

768

type: ClusterIP

769

## Configuration for creating a ServiceMonitor for AlertManager

770

771

serviceMonitor:

772

## If true, a ServiceMonitor will be created for the AlertManager service.

773

774

selfMonitor: true

775

## Scrape interval. If not set, the Prometheus default scrape interval is used.

776

777

interval: ""

778

## Additional labels

779

780

additionalLabels: {}

781

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

782

783

sampleLimit: 0

784

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

785

786

targetLimit: 0

787

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

788

789

labelLimit: 0

790

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

791

792

labelNameLengthLimit: 0

793

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

794

795

labelValueLengthLimit: 0

796

## proxyUrl: URL of a proxy that should be used for scraping.

797

798

proxyUrl: ""

799

## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.

800

scheme: ""

801

## enableHttp2: Whether to enable HTTP2.

802

## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#endpoint

803

enableHttp2: true

804

## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.

805

## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig

806

tlsConfig: {}

807

bearerTokenFile:

808

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

809

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

810

811

metricRelabelings: []

812

# - action: keep

813

814

# sourceLabels: [__name__]

815

816

## RelabelConfigs to apply to samples before scraping

817

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

818

819

relabelings: []

820

# - sourceLabels: [__meta_kubernetes_pod_node_name]

821

# separator: ;

822

# regex: ^(.*)$

823

# targetLabel: nodename

824

# replacement: $1

825

# action: replace

826

827

## Additional Endpoints

828

829

additionalEndpoints: []

830

# - port: oauth-metrics

831

# path: /metrics

832

## Settings affecting alertmanagerSpec

833

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerspec

834

835

alertmanagerSpec:

836

## Statefulset's persistent volume claim retention policy

837

## whenDeleted and whenScaled determine whether

838

## statefulset's PVCs are deleted (true) or retained (false)

839

## on scaling down and deleting statefulset, respectively.

840

## Requires Kubernetes version 1.27.0+.

841

## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention

842

persistentVolumeClaimRetentionPolicy: {}

843

# whenDeleted: Retain

844

# whenScaled: Retain

845

846

## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata

847

## Metadata Labels and Annotations gets propagated to the Alertmanager pods.

848

849

podMetadata: {}

850

851

serviceName:

852

## Image of Alertmanager

853

854

image:

855

registry: cgr.dev

856

repository: chainguard-private/prometheus-alertmanager

857

tag: latest

858

sha: sha256:a3bf5afed597dfdb38a438ffd22cab7dbabe5923a283414b544e1eb23e129a70

859

pullPolicy: IfNotPresent

860

## If true then the user will be responsible to provide a secret with alertmanager configuration

861

## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used

862

863

useExistingSecret: false

864

## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the

865

## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.

866

867

secrets: []

868

## If false then the user will opt out of automounting API credentials.

869

870

automountServiceAccountToken: true

871

## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.

872

## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.

873

874

configMaps: []

875

## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for

876

## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config.

877

878

# configSecret:

879

880

## WebTLSConfig defines the TLS parameters for HTTPS

881

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerwebspec

882

web: {}

883

## AlertmanagerConfigs to be selected to merge and configure Alertmanager with.

884

885

alertmanagerConfigSelector: {}

886

## Example which selects all alertmanagerConfig resources

887

## with label "alertconfig" with values any of "example-config" or "example-config-2"

888

# alertmanagerConfigSelector:

889

# matchExpressions:

890

# - key: alertconfig

891

# operator: In

892

# values:

893

# - example-config

894

# - example-config-2

895

896

## Example which selects all alertmanagerConfig resources with label "role" set to "example-config"

897

# alertmanagerConfigSelector:

898

# matchLabels:

899

# role: example-config

900

901

## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.

902

903

alertmanagerConfigNamespaceSelector: {}

904

## Example which selects all namespaces

905

## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2"

906

# alertmanagerConfigNamespaceSelector:

907

# matchExpressions:

908

# - key: alertmanagerconfig

909

# operator: In

910

# values:

911

# - example-namespace

912

# - example-namespace-2

913

914

## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled"

915

# alertmanagerConfigNamespaceSelector:

916

# matchLabels:

917

# alertmanagerconfig: enabled

918

919

## AlermanagerConfig to be used as top level configuration

920

921

alertmanagerConfiguration: {}

922

## Example with select a global alertmanagerconfig

923

# alertmanagerConfiguration:

924

# name: global-alertmanager-Configuration

925

926

## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg:

927

928

alertmanagerConfigMatcherStrategy: {}

929

## Example with use OnNamespace strategy

930

# alertmanagerConfigMatcherStrategy:

931

# type: OnNamespace

932

933

## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart)

934

additionalArgs: []

935

## Define Log Format

936

# Use logfmt (default) or json logging

937

logFormat: logfmt

938

## Log level for Alertmanager to be configured with.

939

940

logLevel: info

941

## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the

942

## running cluster equal to the expected size.

943

replicas: 1

944

## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression

945

## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).

946

947

retention: 120h

948

## Storage is the definition of how storage will be used by the Alertmanager instances.

949

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md

950

951

storage: {}

952

# volumeClaimTemplate:

953

# spec:

954

# storageClassName: gluster

955

# accessModes: ["ReadWriteOnce"]

956

# resources:

957

# requests:

958

# storage: 50Gi

959

# selector: {}

960

961

## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false

962

963

externalUrl:

964

## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,

965

## but the server serves requests under a different route prefix. For example for use with kubectl proxy.

966

967

routePrefix: /

968

## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS.

969

scheme: ""

970

## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS.

971

## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig

972

tlsConfig: {}

973

## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.

974

975

paused: false

976

## Define which Nodes the Pods are scheduled on.

977

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

978

979

nodeSelector: {}

980

## Define resources requests and limits for single Pods.

981

## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

982

983

resources: {}

984

# requests:

985

# memory: 400Mi

986

987

## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.

988

## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.

989

## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.

990

## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.

991

992

podAntiAffinity: "soft"

993

## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.

994

## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone

995

996

podAntiAffinityTopologyKey: kubernetes.io/hostname

997

## Assign custom affinity rules to the alertmanager instance

998

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

999

1000

affinity: {}

1001

# nodeAffinity:

1002

# requiredDuringSchedulingIgnoredDuringExecution:

1003

# nodeSelectorTerms:

1004

# - matchExpressions:

1005

# - key: kubernetes.io/e2e-az-name

1006

# operator: In

1007

# values:

1008

# - e2e-az1

1009

# - e2e-az2

1010

1011

## If specified, the pod's tolerations.

1012

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

1013

1014

tolerations: []

1015

# - key: "key"

1016

# operator: "Equal"

1017

# value: "value"

1018

# effect: "NoSchedule"

1019

1020

## If specified, the pod's topology spread constraints.

1021

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/

1022

1023

topologySpreadConstraints: []

1024

# - maxSkew: 1

1025

# topologyKey: topology.kubernetes.io/zone

1026

# whenUnsatisfiable: DoNotSchedule

1027

# labelSelector:

1028

# matchLabels:

1029

# app: alertmanager

1030

1031

## SecurityContext holds pod-level security attributes and common container settings.

1032

## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false

1033

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1034

1035

securityContext:

1036

runAsGroup: 2000

1037

runAsNonRoot: true

1038

runAsUser: 1000

1039

fsGroup: 2000

1040

seccompProfile:

1041

type: RuntimeDefault

1042

## Use the host's user namespace for Alertmanager pods.

1043

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

1044

hostUsers: ~

1045

## DNS configuration for Alertmanager.

1046

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig

1047

dnsConfig: {}

1048

## DNS policy for Alertmanager.

1049

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias

1050

dnsPolicy: ""

1051

## Enable hostNetwork for Alertmanager.

1052

hostNetwork: false

1053

## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.

1054

## Note this is only for the Alertmanager UI, not the gossip communication.

1055

1056

listenLocal: false

1057

## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.

1058

1059

containers: []

1060

# containers:

1061

# - name: oauth-proxy

1062

# image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2

1063

# args:

1064

# - --upstream=http://127.0.0.1:9093

1065

# - --http-address=0.0.0.0:8081

1066

# - --metrics-address=0.0.0.0:8082

1067

# - ...

1068

# ports:

1069

# - containerPort: 8081

1070

# name: oauth-proxy

1071

# protocol: TCP

1072

# - containerPort: 8082

1073

# name: oauth-metrics

1074

# protocol: TCP

1075

# resources: {}

1076

1077

# Additional volumes on the output StatefulSet definition.

1078

volumes: []

1079

# Additional VolumeMounts on the output StatefulSet definition.

1080

volumeMounts: []

1081

## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes

1082

## (permissions, dir tree) on mounted volumes before starting prometheus

1083

initContainers: []

1084

## Priority class assigned to the Pods

1085

1086

priorityClassName: ""

1087

## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.

1088

1089

additionalPeers: []

1090

## PortName to use for Alert Manager.

1091

1092

portName: "http-web"

1093

## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918

1094

1095

clusterAdvertiseAddress: false

1096

## clusterGossipInterval determines interval between gossip attempts.

1097

## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)

1098

clusterGossipInterval: ""

1099

## clusterPeerTimeout determines timeout for cluster peering.

1100

## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)

1101

clusterPeerTimeout: ""

1102

## clusterPushpullInterval determines interval between pushpull attempts.

1103

## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)

1104

clusterPushpullInterval: ""

1105

## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster.

1106

clusterLabel: ""

1107

## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.

1108

## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.

1109

forceEnableClusterMode: false

1110

## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to

1111

## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).

1112

minReadySeconds: 0

1113

## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.

1114

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

1115

podManagementPolicy: ""

1116

## Update strategy for the StatefulSet.

1117

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

1118

updateStrategy: {}

1119

# type: RollingUpdate

1120

# rollingUpdate:

1121

# maxUnavailable: 1

1122

1123

## Duration in seconds the pod needs to terminate gracefully.

1124

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination

1125

terminationGracePeriodSeconds: ~

1126

## Additional configuration which is not covered by the properties above. (passed through tpl)

1127

additionalConfig: {}

1128

## Additional configuration which is not covered by the properties above.

1129

## Useful, if you need advanced templating inside alertmanagerSpec.

1130

## Otherwise, use alertmanager.alertmanagerSpec.additionalConfig (passed through tpl)

1131

additionalConfigString: ""

1132

## ExtraSecret can be used to store various data in an extra secret

1133

## (use it for example to store hashed basic auth credentials)

1134

extraSecret:

1135

## if not set, name will be auto generated

1136

# name: ""

1137

annotations: {}

1138

data: {}

1139

# auth: |

1140

# foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0

1141

# someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.

1142

## Using default values from https://github.com/grafana-community/helm-charts/blob/main/charts/grafana/values.yaml

1143

1144

grafana:

1145

enabled: true

1146

namespaceOverride: ""

1147

## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled

1148

1149

forceDeployDatasources: false

1150

## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled

1151

1152

forceDeployDashboards: false

1153

## Deploy default dashboards

1154

1155

defaultDashboardsEnabled: true

1156

## Deploy GrafanaDashboard CRDs that reference dashboards from ConfigMaps when grafana-operator is used

1157

## These settings control how dashboards are integrated with the Grafana Operator

1158

## Note: End user still need to create is own kind: GrafanaDataSource for Prometheus

1159

## eg:

1160

## apiVersion: grafana.integreatly.org/v1beta1

1161

## kind: GrafanaDatasource

1162

## metadata:

1163

## name: prometheus

1164

## annotations: {}

1165

## spec:

1166

## allowCrossNamespaceImport: true

1167

## instanceSelector:

1168

## matchLabels:

1169

## app: grafana

1170

## datasource:

1171

## name: prometheus

1172

## type: prometheus

1173

## access: proxy

1174

## url: http://prometheus-operated.prometheus-stack.svc.cluster.local:9090

1175

## isDefault: true

1176

## jsonData:

1177

## "tlsSkipVerify": true

1178

## "timeInterval": "5s"

1179

1180

operator:

1181

## Enable references to ConfigMaps containing dashboards in GrafanaDashboard CRs

1182

## Set to true to allow dashboards to be loaded from ConfigMap references

1183

dashboardsConfigMapRefEnabled: false

1184

## Annotations for GrafanaDashboard Cr

1185

1186

annotations: {}

1187

## Labels that should be matched kind: Grafana instance

1188

## Example: { app: grafana, category: dashboard }

1189

1190

matchLabels: {}

1191

## How frequently the operator should resync resources (in duration format)

1192

## Controls how often dashboards are reconciled by the operator

1193

1194

resyncPeriod: 10m

1195

## Which folder contains all dashboards in Grafana

1196

## This folder will be created on the Root level

1197

## Only one of 'folder', 'folderUID' or 'folderRef' can be set

1198

1199

folder: General

1200

## Which UID of the target folder contains all dashboards in Grafana

1201

## This allows you to use subfolder hierarchy

1202

## Only one of 'folder', 'folderUID' or 'folderRef' can be set

1203

1204

folderUID: null

1205

## Which GrafanaFolder reference contains all dashboards in Grafana

1206

## This allows you to use subfolder hierarchy.

1207

## Only one of 'folder', 'folderUID' or 'folderRef' can be set

1208

1209

folderRef: null

1210

## Timezone for the default dashboards

1211

## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg

1212

1213

defaultDashboardsTimezone: utc

1214

## Editable flag for the default dashboards

1215

1216

defaultDashboardsEditable: true

1217

## Default interval for Grafana dashboards

1218

1219

defaultDashboardsInterval: 1m

1220

# Administrator credentials when not using an existing secret (see below)

1221

adminUser: admin

1222

# adminPassword: strongpassword

1223

1224

# Use an existing secret for the admin user.

1225

admin:

1226

## Name of the secret. Can be templated.

1227

existingSecret: ""

1228

userKey: admin-user

1229

passwordKey: admin-password

1230

rbac:

1231

## If true, Grafana PSPs will be created

1232

1233

pspEnabled: false

1234

ingress:

1235

## If true, Grafana Ingress will be created

1236

1237

enabled: false

1238

## IngressClassName for Grafana Ingress.

1239

## Should be provided if Ingress is enable.

1240

1241

# ingressClassName: nginx

1242

1243

## Annotations for Grafana Ingress

1244

1245

annotations: {}

1246

# kubernetes.io/ingress.class: nginx

1247

# kubernetes.io/tls-acme: "true"

1248

1249

## Labels to be added to the Ingress

1250

1251

labels: {}

1252

## Hostnames.

1253

## Must be provided if Ingress is enable.

1254

1255

# hosts:

1256

# - grafana.domain.com

1257

hosts: []

1258

## Path for grafana ingress

1259

path: /

1260

## TLS configuration for grafana Ingress

1261

## Secret must be manually created in the namespace

1262

1263

tls: []

1264

# - secretName: grafana-general-tls

1265

# hosts:

1266

# - grafana.example.com

1267

# # To make Grafana persistent (Using Statefulset)

1268

# #

1269

# persistence:

1270

# enabled: true

1271

# type: sts

1272

# storageClassName: "storageClassName"

1273

# accessModes:

1274

# - ReadWriteOnce

1275

# size: 20Gi

1276

# finalizers:

1277

# - kubernetes.io/pvc-protection

1278

serviceAccount:

1279

create: true

1280

autoMount: true

1281

sidecar:

1282

dashboards:

1283

enabled: true

1284

label: grafana_dashboard

1285

labelValue: "1"

1286

# Allow discovery in all namespaces for dashboards

1287

searchNamespace: ALL

1288

# Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels

1289

enableNewTablePanelSyntax: false

1290

## Annotations for Grafana dashboard configmaps

1291

1292

annotations: {}

1293

multicluster:

1294

global:

1295

enabled: false

1296

etcd:

1297

enabled: false

1298

provider:

1299

allowUiUpdates: false

1300

datasources:

1301

enabled: true

1302

defaultDatasourceEnabled: true

1303

isDefaultDatasource: true

1304

1305

uid: prometheus

1306

## Extra jsonData properties to add to the datasource

1307

# extraJsonData:

1308

# prometheusType: Prometheus

1309

1310

## URL of prometheus datasource

1311

1312

# url: http://prometheus-stack-prometheus:9090/

1313

1314

## Prometheus request timeout in seconds

1315

# timeout: 30

1316

1317

## Query parameters to add, as a URL-encoded string,

1318

## to query Prometheus

1319

# customQueryParameters: ""

1320

1321

# If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default

1322

# defaultDatasourceScrapeInterval: 15s

1323

1324

## Annotations for Grafana datasource configmaps

1325

1326

annotations: {}

1327

## Set method for HTTP to send query to datasource

1328

httpMethod: POST

1329

## Create datasource for each Pod of Prometheus StatefulSet;

1330

## this uses by default the headless service `prometheus-operated` which is

1331

## created by Prometheus Operator. In case you deployed your own Service for your

1332

## Prometheus instance, you can specify it with the field `prometheusServiceName`

1333

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286

1334

createPrometheusReplicasDatasources: false

1335

prometheusServiceName: prometheus-operated

1336

label: grafana_datasource

1337

labelValue: "1"

1338

## Field with internal link pointing to existing data source in Grafana.

1339

## Can be provisioned via additionalDataSources

1340

exemplarTraceIdDestinations: {}

1341

# datasourceUid: Jaeger

1342

# traceIdLabelName: trace_id

1343

# urlDisplayLabel: View traces

1344

alertmanager:

1345

enabled: true

1346

1347

uid: alertmanager

1348

handleGrafanaManagedAlerts: false

1349

implementation: prometheus

1350

extraConfigmapMounts: []

1351

# - name: certs-configmap

1352

# mountPath: /etc/grafana/ssl/

1353

# configMap: certs-configmap

1354

# readOnly: true

1355

1356

deleteDatasources: []

1357

# - name: example-datasource

1358

# orgId: 1

1359

1360

## Configure additional grafana datasources (passed through tpl)

1361

## ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources

1362

additionalDataSources: []

1363

# - name: prometheus-sample

1364

# access: proxy

1365

# basicAuth: true

1366

# secureJsonData:

1367

# basicAuthPassword: pass

1368

# basicAuthUser: daco

1369

# editable: false

1370

# jsonData:

1371

# tlsSkipVerify: true

1372

# orgId: 1

1373

# type: prometheus

1374

# url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090

1375

# version: 1

1376

1377

## Configure additional grafana datasources as a templated string (passed through tpl)

1378

## Useful when you need Helm flow control or templating inside the datasource definition

1379

additionalDataSourcesString: ""

1380

# Flag to mark provisioned data sources for deletion if they are no longer configured.

1381

# It takes no effect if data sources are already listed in the deleteDatasources section.

1382

# ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-configuration-file

1383

prune: false

1384

## Passed to grafana subchart and used by servicemonitor below

1385

1386

service:

1387

portName: http-web

1388

ipFamilies: []

1389

ipFamilyPolicy: ""

1390

serviceMonitor:

1391

# If true, a ServiceMonitor CRD is created for a prometheus operator

1392

# https://github.com/prometheus-operator/prometheus-operator

1393

1394

enabled: true

1395

# Path to use for scraping metrics. Might be different if server.root_url is set

1396

# in grafana.ini

1397

# path: /metrics

1398

1399

# namespace: monitoring (defaults to use the namespace this chart is deployed to)

1400

1401

# labels for the ServiceMonitor

1402

# labels: {}

1403

1404

# Extra scrape settings.

1405

# interval: ""

1406

# scheme: http

1407

# tlsConfig: {}

1408

# scrapeTimeout: 30s

1409

1410

## RelabelConfigs to apply to samples before scraping

1411

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1412

1413

# relabelings: []

1414

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1415

# separator: ;

1416

# regex: ^(.*)$

1417

# targetLabel: nodename

1418

# replacement: $1

1419

# action: replace

1420

## Flag to disable all the kubernetes component scrapers

1421

1422

kubernetesServiceMonitors:

1423

enabled: true

1424

## Component scraping the kube api server

1425

1426

kubeApiServer:

1427

enabled: true

1428

tlsConfig:

1429

serverName: kubernetes

1430

insecureSkipVerify: false

1431

serviceMonitor:

1432

enabled: true

1433

## Scrape interval. If not set, the Prometheus default scrape interval is used.

1434

1435

interval: ""

1436

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

1437

1438

sampleLimit: 0

1439

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

1440

1441

targetLimit: 0

1442

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1443

1444

labelLimit: 0

1445

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1446

1447

labelNameLengthLimit: 0

1448

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1449

1450

labelValueLengthLimit: 0

1451

## proxyUrl: URL of a proxy that should be used for scraping.

1452

1453

proxyUrl: ""

1454

jobLabel: component

1455

selector:

1456

matchLabels:

1457

component: apiserver

1458

provider: kubernetes

1459

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1460

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1461

1462

metricRelabelings:

1463

# Drop excessively noisy apiserver buckets.

1464

- action: drop

1465

regex: (etcd_request|apiserver_request_slo|apiserver_request_sli|apiserver_request)_duration_seconds_bucket;(0\.15|0\.2|0\.3|0\.35|0\.4|0\.45|0\.6|0\.7|0\.8|0\.9|1\.25|1\.5|1\.75|2|3|3\.5|4|4\.5|6|7|8|9|15|20|40|45|50)(\.0)?

1466

sourceLabels:

1467

- __name__

1468

- le

1469

# - action: keep

1470

1471

# sourceLabels: [__name__]

1472

1473

## RelabelConfigs to apply to samples before scraping

1474

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1475

1476

relabelings: []

1477

# - sourceLabels:

1478

# - __meta_kubernetes_namespace

1479

# - __meta_kubernetes_service_name

1480

# - __meta_kubernetes_endpoint_port_name

1481

# action: keep

1482

# regex: default;kubernetes;https

1483

# - targetLabel: __address__

1484

# replacement: kubernetes.default.svc:443

1485

1486

## Additional labels

1487

1488

additionalLabels: {}

1489

# foo: bar

1490

1491

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

1492

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

1493

targetLabels: []

1494

## Override the job label used for the apiserver.

1495

## This allows users who scrape apiserver metrics under a different job name (e.g. k3s-server via PushProx)

1496

## to align the recording rules and alerts with their actual job label.

1497

jobNameOverride: ""

1498

## Component scraping the kubelet and kubelet-hosted cAdvisor

1499

1500

kubelet:

1501

enabled: true

1502

namespace: kube-system

1503

# Overrides the job selector in Grafana dashboards and Prometheus rules

1504

# For k3s clusters, change to k3s-server

1505

jobNameOverride: ""

1506

serviceMonitor:

1507

enabled: true

1508

## Enable scraping /metrics from kubelet's service

1509

kubelet: true

1510

## Attach metadata to discovered targets. Requires Prometheus v2.45 for endpoints created by the operator.

1511

1512

attachMetadata:

1513

node: false

1514

## Scrape interval. If not set, the Prometheus default scrape interval is used.

1515

1516

interval: ""

1517

## If true, Prometheus use (respect) labels provided by exporter.

1518

1519

honorLabels: true

1520

## If true, Prometheus ingests metrics with timestamp provided by exporter. If false, Prometheus ingests metrics with timestamp of scrape.

1521

1522

honorTimestamps: true

1523

## If true, defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false.

1524

## We recommend enabling this if you want the best possible accuracy for container_ metrics scraped from cadvisor.

1525

## For more details see: https://github.com/prometheus-community/helm-charts/pull/5063#issuecomment-2545374849

1526

trackTimestampsStaleness: true

1527

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

1528

1529

sampleLimit: 0

1530

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

1531

1532

targetLimit: 0

1533

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1534

1535

labelLimit: 0

1536

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1537

1538

labelNameLengthLimit: 0

1539

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1540

1541

labelValueLengthLimit: 0

1542

## proxyUrl: URL of a proxy that should be used for scraping.

1543

1544

proxyUrl: ""

1545

## Enable scraping the kubelet over https. For requirements to enable this see

1546

## https://github.com/prometheus-operator/prometheus-operator/issues/926

1547

1548

https: true

1549

## Skip TLS certificate validation when scraping.

1550

## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed

1551

## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs

1552

1553

insecureSkipVerify: true

1554

## Enable scraping /metrics/probes from kubelet's service

1555

1556

probes: true

1557

## Enable scraping /metrics/resource from kubelet's service

1558

## This is disabled by default because container metrics are already exposed by cAdvisor

1559

1560

resource: false

1561

# From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource

1562

resourcePath: "/metrics/resource/v1alpha1"

1563

## Configure the scrape interval for resource metrics. This is configured to the default Kubelet cAdvisor

1564

## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored

1565

## if kubelet.serviceMonitor.interval is not empty.

1566

resourceInterval: 10s

1567

## Enable scraping /metrics/cadvisor from kubelet's service

1568

1569

cAdvisor: true

1570

## Configure the scrape interval for cAdvisor. This is configured to the default Kubelet cAdvisor

1571

## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored

1572

## if kubelet.serviceMonitor.interval is not empty.

1573

cAdvisorInterval: 10s

1574

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1575

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1576

1577

cAdvisorMetricRelabelings:

1578

# Drop less useful container CPU metrics.

1579

- sourceLabels: [__name__]

1580

action: drop

1581

regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)'

1582

# Drop less useful container / always zero filesystem metrics.

1583

- sourceLabels: [__name__]

1584

action: drop

1585

1586

# Drop less useful / always zero container memory metrics.

1587

- sourceLabels: [__name__]

1588

action: drop

1589

regex: 'container_memory_(mapped_file|swap)'

1590

# Drop less useful container process metrics.

1591

- sourceLabels: [__name__]

1592

action: drop

1593

regex: 'container_(file_descriptors|tasks_state|threads_max)'

1594

# Drop container_memory_failures_total{scope="hierarchy"} metrics,

1595

# we only need the container scope.

1596

- sourceLabels: [__name__, scope]

1597

action: drop

1598

regex: 'container_memory_failures_total;hierarchy'

1599

# Drop container_network_... metrics that match various interfaces that

1600

# correspond to CNI and similar interfaces. This avoids capturing network

1601

# metrics for host network containers.

1602

- sourceLabels: [__name__, interface]

1603

action: drop

1604

1605

# Drop container spec metrics that overlap with kube-state-metrics.

1606

- sourceLabels: [__name__]

1607

action: drop

1608

regex: 'container_spec.*'

1609

# Drop cgroup metrics with no pod.

1610

- sourceLabels: [id, pod]

1611

action: drop

1612

regex: '.+;'

1613

# - sourceLabels: [__name__, image]

1614

# separator: ;

1615

# regex: container_([a-z_]+);

1616

# replacement: $1

1617

# action: drop

1618

# - sourceLabels: [__name__]

1619

# separator: ;

1620

# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)

1621

# replacement: $1

1622

# action: drop

1623

1624

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1625

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1626

1627

probesMetricRelabelings: []

1628

# - sourceLabels: [__name__, image]

1629

# separator: ;

1630

# regex: container_([a-z_]+);

1631

# replacement: $1

1632

# action: drop

1633

# - sourceLabels: [__name__]

1634

# separator: ;

1635

# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)

1636

# replacement: $1

1637

# action: drop

1638

1639

## RelabelConfigs to apply to samples before scraping

1640

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1641

1642

## metrics_path is required to match upstream rules and charts

1643

cAdvisorRelabelings:

1644

- action: replace

1645

sourceLabels: [__metrics_path__]

1646

targetLabel: metrics_path

1647

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1648

# separator: ;

1649

# regex: ^(.*)$

1650

# targetLabel: nodename

1651

# replacement: $1

1652

# action: replace

1653

1654

## RelabelConfigs to apply to samples before scraping

1655

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1656

1657

probesRelabelings:

1658

- action: replace

1659

sourceLabels: [__metrics_path__]

1660

targetLabel: metrics_path

1661

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1662

# separator: ;

1663

# regex: ^(.*)$

1664

# targetLabel: nodename

1665

# replacement: $1

1666

# action: replace

1667

1668

## RelabelConfigs to apply to samples before scraping

1669

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1670

1671

resourceRelabelings:

1672

- action: replace

1673

sourceLabels: [__metrics_path__]

1674

targetLabel: metrics_path

1675

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1676

# separator: ;

1677

# regex: ^(.*)$

1678

# targetLabel: nodename

1679

# replacement: $1

1680

# action: replace

1681

1682

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1683

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1684

1685

metricRelabelings:

1686

# Reduce bucket cardinality of kubelet storage operations.

1687

- action: drop

1688

sourceLabels: [__name__, le]

1689

regex: (csi_operations|storage_operation_duration)_seconds_bucket;(0.25|2.5|15|25|120|600)(\.0)?

1690

# - sourceLabels: [__name__, image]

1691

# separator: ;

1692

# regex: container_([a-z_]+);

1693

# replacement: $1

1694

# action: drop

1695

# - sourceLabels: [__name__]

1696

# separator: ;

1697

# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)

1698

# replacement: $1

1699

# action: drop

1700

1701

## RelabelConfigs to apply to samples before scraping

1702

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1703

1704

## metrics_path is required to match upstream rules and charts

1705

relabelings:

1706

- action: replace

1707

sourceLabels: [__metrics_path__]

1708

targetLabel: metrics_path

1709

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1710

# separator: ;

1711

# regex: ^(.*)$

1712

# targetLabel: nodename

1713

# replacement: $1

1714

# action: replace

1715

1716

## Additional labels

1717

1718

additionalLabels: {}

1719

# foo: bar

1720

1721

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

1722

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

1723

targetLabels: []

1724

## Component scraping the kube controller manager

1725

1726

kubeControllerManager:

1727

enabled: true

1728

# Overrides the job selector in Grafana dashboards and Prometheus rules

1729

# For k3s clusters, change to k3s-server

1730

jobNameOverride: ""

1731

## If your kube controller manager is not deployed as a pod, specify IPs it can be found on

1732

1733

endpoints: []

1734

# - 10.141.4.22

1735

# - 10.141.4.23

1736

# - 10.141.4.24

1737

1738

## If using kubeControllerManager.endpoints only the port and targetPort are used

1739

1740

service:

1741

enabled: true

1742

## If null or unset, the value is determined dynamically based on target Kubernetes version due to change

1743

## of default port in Kubernetes 1.22.

1744

1745

port: null

1746

targetPort: null

1747

ipDualStack:

1748

enabled: false

1749

ipFamilies: ["IPv6", "IPv4"]

1750

ipFamilyPolicy: "PreferDualStack"

1751

# selector:

1752

# component: kube-controller-manager

1753

serviceMonitor:

1754

enabled: true

1755

## Scrape interval. If not set, the Prometheus default scrape interval is used.

1756

1757

interval: ""

1758

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

1759

1760

sampleLimit: 0

1761

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

1762

1763

targetLimit: 0

1764

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1765

1766

labelLimit: 0

1767

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1768

1769

labelNameLengthLimit: 0

1770

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1771

1772

labelValueLengthLimit: 0

1773

## proxyUrl: URL of a proxy that should be used for scraping.

1774

1775

proxyUrl: ""

1776

## port: Name of the port the metrics will be scraped from

1777

1778

port: http-metrics

1779

jobLabel: jobLabel

1780

selector: {}

1781

# matchLabels:

1782

# component: kube-controller-manager

1783

1784

## Enable scraping kube-controller-manager over https.

1785

## Requires proper certs (not self-signed) and delegated authentication/authorization checks.

1786

## If null or unset, the value is determined dynamically based on target Kubernetes version.

1787

1788

https: null

1789

# Skip TLS certificate validation when scraping

1790

insecureSkipVerify: null

1791

# Name of the server to use when validating TLS certificate

1792

serverName: null

1793

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1794

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1795

1796

metricRelabelings: []

1797

# - action: keep

1798

1799

# sourceLabels: [__name__]

1800

1801

## RelabelConfigs to apply to samples before scraping

1802

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1803

1804

relabelings: []

1805

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1806

# separator: ;

1807

# regex: ^(.*)$

1808

# targetLabel: nodename

1809

# replacement: $1

1810

# action: replace

1811

1812

## Additional labels

1813

1814

additionalLabels: {}

1815

# foo: bar

1816

1817

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

1818

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

1819

targetLabels: []

1820

## Component scraping coreDns. Use either this or kubeDns

1821

1822

coreDns:

1823

enabled: true

1824

service:

1825

enabled: true

1826

port: 9153

1827

targetPort: 9153

1828

ipDualStack:

1829

enabled: false

1830

ipFamilies: ["IPv6", "IPv4"]

1831

ipFamilyPolicy: "PreferDualStack"

1832

# selector:

1833

# k8s-app: kube-dns

1834

serviceMonitor:

1835

enabled: true

1836

## Scrape interval. If not set, the Prometheus default scrape interval is used.

1837

1838

interval: ""

1839

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

1840

1841

sampleLimit: 0

1842

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

1843

1844

targetLimit: 0

1845

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1846

1847

labelLimit: 0

1848

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1849

1850

labelNameLengthLimit: 0

1851

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1852

1853

labelValueLengthLimit: 0

1854

## proxyUrl: URL of a proxy that should be used for scraping.

1855

1856

proxyUrl: ""

1857

## port: Name of the port the metrics will be scraped from

1858

1859

port: http-metrics

1860

jobLabel: jobLabel

1861

selector: {}

1862

# matchLabels:

1863

# k8s-app: kube-dns

1864

1865

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1866

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1867

1868

metricRelabelings: []

1869

# - action: keep

1870

1871

# sourceLabels: [__name__]

1872

1873

## RelabelConfigs to apply to samples before scraping

1874

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1875

1876

relabelings: []

1877

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1878

# separator: ;

1879

# regex: ^(.*)$

1880

# targetLabel: nodename

1881

# replacement: $1

1882

# action: replace

1883

1884

## Additional labels

1885

1886

additionalLabels: {}

1887

# foo: bar

1888

1889

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

1890

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

1891

targetLabels: []

1892

## File containing bearer token to be used when scraping targets

1893

## Empty value do not send any bearer token.

1894

1895

bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

1896

## Component scraping kubeDns. Use either this or coreDns

1897

1898

kubeDns:

1899

enabled: false

1900

service:

1901

dnsmasq:

1902

port: 10054

1903

targetPort: 10054

1904

skydns:

1905

port: 10055

1906

targetPort: 10055

1907

ipDualStack:

1908

enabled: false

1909

ipFamilies: ["IPv6", "IPv4"]

1910

ipFamilyPolicy: "PreferDualStack"

1911

# selector:

1912

# k8s-app: kube-dns

1913

serviceMonitor:

1914

## Scrape interval. If not set, the Prometheus default scrape interval is used.

1915

1916

interval: ""

1917

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

1918

1919

sampleLimit: 0

1920

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

1921

1922

targetLimit: 0

1923

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1924

1925

labelLimit: 0

1926

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1927

1928

labelNameLengthLimit: 0

1929

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

1930

1931

labelValueLengthLimit: 0

1932

## proxyUrl: URL of a proxy that should be used for scraping.

1933

1934

proxyUrl: ""

1935

jobLabel: jobLabel

1936

selector: {}

1937

# matchLabels:

1938

# k8s-app: kube-dns

1939

1940

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1941

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1942

1943

metricRelabelings: []

1944

# - action: keep

1945

1946

# sourceLabels: [__name__]

1947

1948

## RelabelConfigs to apply to samples before scraping

1949

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1950

1951

relabelings: []

1952

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1953

# separator: ;

1954

# regex: ^(.*)$

1955

# targetLabel: nodename

1956

# replacement: $1

1957

# action: replace

1958

1959

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

1960

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1961

1962

dnsmasqMetricRelabelings: []

1963

# - action: keep

1964

1965

# sourceLabels: [__name__]

1966

1967

## RelabelConfigs to apply to samples before scraping

1968

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

1969

1970

dnsmasqRelabelings: []

1971

# - sourceLabels: [__meta_kubernetes_pod_node_name]

1972

# separator: ;

1973

# regex: ^(.*)$

1974

# targetLabel: nodename

1975

# replacement: $1

1976

# action: replace

1977

1978

## Additional labels

1979

1980

additionalLabels: {}

1981

# foo: bar

1982

1983

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

1984

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

1985

targetLabels: []

1986

## File containing bearer token to be used when scraping targets

1987

## Empty value do not send any bearer token.

1988

1989

bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

1990

## Component scraping etcd

1991

1992

kubeEtcd:

1993

enabled: true

1994

## If your etcd is not deployed as a pod, specify IPs it can be found on

1995

1996

endpoints: []

1997

# - 10.141.4.22

1998

# - 10.141.4.23

1999

# - 10.141.4.24

2000

2001

## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used

2002

2003

service:

2004

enabled: true

2005

port: 2381

2006

targetPort: 2381

2007

ipDualStack:

2008

enabled: false

2009

ipFamilies: ["IPv6", "IPv4"]

2010

ipFamilyPolicy: "PreferDualStack"

2011

# selector:

2012

# component: etcd

2013

## Configure secure access to the etcd cluster by loading a secret into prometheus and

2014

## specifying security configuration below. For example, with a secret named etcd-client-cert

2015

2016

## serviceMonitor:

2017

## scheme: https

2018

## insecureSkipVerify: false

2019

## serverName: localhost

2020

## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca

2021

## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client

2022

## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key

2023

2024

serviceMonitor:

2025

enabled: true

2026

## Scrape interval. If not set, the Prometheus default scrape interval is used.

2027

2028

interval: ""

2029

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

2030

2031

sampleLimit: 0

2032

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

2033

2034

targetLimit: 0

2035

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2036

2037

labelLimit: 0

2038

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2039

2040

labelNameLengthLimit: 0

2041

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2042

2043

labelValueLengthLimit: 0

2044

## proxyUrl: URL of a proxy that should be used for scraping.

2045

2046

proxyUrl: ""

2047

scheme: http

2048

insecureSkipVerify: false

2049

serverName: ""

2050

caFile: ""

2051

certFile: ""

2052

keyFile: ""

2053

## port: Name of the port the metrics will be scraped from

2054

2055

port: http-metrics

2056

jobLabel: jobLabel

2057

selector: {}

2058

# matchLabels:

2059

# component: etcd

2060

2061

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

2062

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2063

2064

metricRelabelings: []

2065

# - action: keep

2066

2067

# sourceLabels: [__name__]

2068

2069

## RelabelConfigs to apply to samples before scraping

2070

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2071

2072

relabelings: []

2073

# - sourceLabels: [__meta_kubernetes_pod_node_name]

2074

# separator: ;

2075

# regex: ^(.*)$

2076

# targetLabel: nodename

2077

# replacement: $1

2078

# action: replace

2079

2080

## Additional labels

2081

2082

additionalLabels: {}

2083

# foo: bar

2084

2085

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

2086

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

2087

targetLabels: []

2088

## File containing bearer token to be used when scraping targets

2089

## Empty value do not send any bearer token.

2090

2091

bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

2092

## Component scraping kube scheduler

2093

2094

kubeScheduler:

2095

enabled: true

2096

# Overrides the job selector in Grafana dashboards and Prometheus rules

2097

# For k3s clusters, change to k3s-server

2098

jobNameOverride: ""

2099

## If your kube scheduler is not deployed as a pod, specify IPs it can be found on

2100

2101

endpoints: []

2102

# - 10.141.4.22

2103

# - 10.141.4.23

2104

# - 10.141.4.24

2105

2106

## If using kubeScheduler.endpoints only the port and targetPort are used

2107

2108

service:

2109

enabled: true

2110

## If null or unset, the value is determined dynamically based on target Kubernetes version due to change

2111

## of default port in Kubernetes 1.23.

2112

2113

port: null

2114

targetPort: null

2115

ipDualStack:

2116

enabled: false

2117

ipFamilies: ["IPv6", "IPv4"]

2118

ipFamilyPolicy: "PreferDualStack"

2119

# selector:

2120

# component: kube-scheduler

2121

serviceMonitor:

2122

enabled: true

2123

## Scrape interval. If not set, the Prometheus default scrape interval is used.

2124

2125

interval: ""

2126

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

2127

2128

sampleLimit: 0

2129

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

2130

2131

targetLimit: 0

2132

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2133

2134

labelLimit: 0

2135

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2136

2137

labelNameLengthLimit: 0

2138

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2139

2140

labelValueLengthLimit: 0

2141

## proxyUrl: URL of a proxy that should be used for scraping.

2142

2143

proxyUrl: ""

2144

## Enable scraping kube-scheduler over https.

2145

## Requires proper certs (not self-signed) and delegated authentication/authorization checks.

2146

## If null or unset, the value is determined dynamically based on target Kubernetes version.

2147

2148

https: null

2149

## port: Name of the port the metrics will be scraped from

2150

2151

port: http-metrics

2152

jobLabel: jobLabel

2153

selector: {}

2154

# matchLabels:

2155

# component: kube-scheduler

2156

2157

## Skip TLS certificate validation when scraping

2158

insecureSkipVerify: null

2159

## Name of the server to use when validating TLS certificate

2160

serverName: null

2161

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

2162

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2163

2164

metricRelabelings: []

2165

# - action: keep

2166

2167

# sourceLabels: [__name__]

2168

2169

## RelabelConfigs to apply to samples before scraping

2170

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2171

2172

relabelings: []

2173

# - sourceLabels: [__meta_kubernetes_pod_node_name]

2174

# separator: ;

2175

# regex: ^(.*)$

2176

# targetLabel: nodename

2177

# replacement: $1

2178

# action: replace

2179

2180

## Additional labels

2181

2182

additionalLabels: {}

2183

# foo: bar

2184

2185

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

2186

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

2187

targetLabels: []

2188

## Component scraping kube proxy

2189

2190

kubeProxy:

2191

enabled: true

2192

# Overrides the job selector in Grafana dashboards and Prometheus rules

2193

# For k3s clusters, change to k3s-server

2194

jobNameOverride: ""

2195

## If your kube proxy is not deployed as a pod, specify IPs it can be found on

2196

2197

endpoints: []

2198

# - 10.141.4.22

2199

# - 10.141.4.23

2200

# - 10.141.4.24

2201

2202

service:

2203

enabled: true

2204

port: 10249

2205

targetPort: 10249

2206

ipDualStack:

2207

enabled: false

2208

ipFamilies: ["IPv6", "IPv4"]

2209

ipFamilyPolicy: "PreferDualStack"

2210

# selector:

2211

# k8s-app: kube-proxy

2212

serviceMonitor:

2213

enabled: true

2214

## Scrape interval. If not set, the Prometheus default scrape interval is used.

2215

2216

interval: ""

2217

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

2218

2219

sampleLimit: 0

2220

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

2221

2222

targetLimit: 0

2223

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2224

2225

labelLimit: 0

2226

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2227

2228

labelNameLengthLimit: 0

2229

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2230

2231

labelValueLengthLimit: 0

2232

## proxyUrl: URL of a proxy that should be used for scraping.

2233

2234

proxyUrl: ""

2235

## port: Name of the port the metrics will be scraped from

2236

2237

port: http-metrics

2238

jobLabel: jobLabel

2239

selector: {}

2240

# matchLabels:

2241

# k8s-app: kube-proxy

2242

2243

## Enable scraping kube-proxy over https.

2244

## Requires proper certs (not self-signed) and delegated authentication/authorization checks

2245

2246

https: false

2247

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

2248

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2249

2250

metricRelabelings: []

2251

# - action: keep

2252

2253

# sourceLabels: [__name__]

2254

2255

## RelabelConfigs to apply to samples before scraping

2256

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2257

2258

relabelings: []

2259

# - action: keep

2260

2261

# sourceLabels: [__name__]

2262

2263

## Additional labels

2264

2265

additionalLabels: {}

2266

# foo: bar

2267

2268

## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.

2269

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor

2270

targetLabels: []

2271

## File containing bearer token to be used when scraping targets

2272

## Empty value do not send any bearer token.

2273

2274

bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token

2275

## Component scraping kube state metrics

2276

2277

kubeStateMetrics:

2278

enabled: true

2279

## Configuration for kube-state-metrics subchart

2280

2281

kube-state-metrics:

2282

## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box

2283

releaseLabel: true

2284

## Enable scraping via kubernetes-service-endpoints

2285

## Disabled by default as we service monitor is enabled below

2286

2287

prometheusScrape: false

2288

prometheus:

2289

monitor:

2290

## Enable scraping via service monitor

2291

## Disable to prevent duplication if you enable prometheusScrape above

2292

enabled: true

2293

## kube-state-metrics endpoint

2294

http:

2295

## Keep labels from scraped data, overriding server-side labels

2296

honorLabels: true

2297

## selfMonitor endpoint

2298

metrics:

2299

## Keep labels from scraped data, overriding server-side labels

2300

honorLabels: true

2301

## Deploy node exporter as a daemonset to all nodes

2302

2303

nodeExporter:

2304

enabled: true

2305

operatingSystems:

2306

linux:

2307

enabled: true

2308

aix:

2309

enabled: true

2310

darwin:

2311

enabled: true

2312

## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled

2313

2314

forceDeployDashboards: false

2315

## Configuration for prometheus-node-exporter subchart

2316

2317

prometheus-node-exporter:

2318

namespaceOverride: ""

2319

podLabels:

2320

## Add the 'node-exporter' label to be used by serviceMonitor and podMonitor to match standard common usage in rules and grafana dashboards

2321

2322

jobLabel: node-exporter

2323

releaseLabel: true

2324

extraArgs:

2325

2326

2327

service:

2328

portName: http-metrics

2329

ipDualStack:

2330

enabled: false

2331

ipFamilies: ["IPv6", "IPv4"]

2332

ipFamilyPolicy: "PreferDualStack"

2333

labels:

2334

jobLabel: node-exporter

2335

image:

2336

distroless: true

2337

prometheus:

2338

monitor:

2339

enabled: true

2340

jobLabel: jobLabel

2341

## Scrape interval. If not set, the Prometheus default scrape interval is used.

2342

2343

interval: ""

2344

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

2345

2346

sampleLimit: 0

2347

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

2348

2349

targetLimit: 0

2350

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2351

2352

labelLimit: 0

2353

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2354

2355

labelNameLengthLimit: 0

2356

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2357

2358

labelValueLengthLimit: 0

2359

## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.

2360

2361

scrapeTimeout: ""

2362

## proxyUrl: URL of a proxy that should be used for scraping.

2363

2364

proxyUrl: ""

2365

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

2366

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2367

2368

metricRelabelings: []

2369

# - sourceLabels: [__name__]

2370

# separator: ;

2371

# regex: ^node_mountstats_nfs_(event|operations|transport)_.+

2372

# replacement: $1

2373

# action: drop

2374

2375

## RelabelConfigs to apply to samples before scraping

2376

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

2377

2378

relabelings: []

2379

# - sourceLabels: [__meta_kubernetes_pod_node_name]

2380

# separator: ;

2381

# regex: ^(.*)$

2382

# targetLabel: nodename

2383

# replacement: $1

2384

# action: replace

2385

## Attach node metadata to discovered targets. Requires Prometheus v2.35.0 and above.

2386

2387

# attachMetadata:

2388

# node: false

2389

2390

podMonitor:

2391

enabled: false

2392

jobLabel: jobLabel

2393

rbac:

2394

## If true, create PSPs for node-exporter

2395

2396

pspEnabled: false

2397

## Manages Prometheus and Alertmanager components

2398

2399

prometheusOperator:

2400

enabled: true

2401

## Use '{{ template "kube-prometheus-stack.fullname" . }}-operator' by default

2402

fullnameOverride: ""

2403

## Number of old replicasets to retain ##

2404

## The default value is 10, 0 will garbage-collect old replicasets ##

2405

revisionHistoryLimit: 10

2406

## Strategy of the deployment

2407

2408

strategy: {}

2409

## Prometheus-Operator v0.39.0 and later support TLS natively.

2410

2411

tls:

2412

enabled: true

2413

# Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants

2414

tlsMinVersion: VersionTLS13

2415

# The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.

2416

internalPort: 10250

2417

## Liveness probe for the prometheusOperator deployment

2418

2419

livenessProbe:

2420

enabled: true

2421

failureThreshold: 3

2422

initialDelaySeconds: 0

2423

periodSeconds: 10

2424

successThreshold: 1

2425

timeoutSeconds: 1

2426

## Readiness probe for the prometheusOperator deployment

2427

2428

readinessProbe:

2429

enabled: true

2430

failureThreshold: 3

2431

initialDelaySeconds: 0

2432

periodSeconds: 10

2433

successThreshold: 1

2434

timeoutSeconds: 1

2435

## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted

2436

## rules from making their way into prometheus and potentially preventing the container from starting

2437

admissionWebhooks:

2438

## Valid values: Fail, Ignore, IgnoreOnInstallOnly

2439

## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail"

2440

failurePolicy: ""

2441

## The default timeoutSeconds is 10 and the maximum value is 30.

2442

timeoutSeconds: 10

2443

enabled: true

2444

## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.

2445

## If unspecified, system trust roots on the apiserver are used.

2446

caBundle: ""

2447

## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.

2448

## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own

2449

## certs ahead of time if you wish.

2450

2451

annotations: {}

2452

# argocd.argoproj.io/hook: PreSync

2453

# argocd.argoproj.io/hook-delete-policy: HookSucceeded

2454

2455

namespaceSelector: {}

2456

objectSelector: {}

2457

matchConditions: {}

2458

mutatingWebhookConfiguration:

2459

annotations: {}

2460

# argocd.argoproj.io/hook: PreSync

2461

validatingWebhookConfiguration:

2462

annotations: {}

2463

# argocd.argoproj.io/hook: PreSync

2464

deployment:

2465

enabled: false

2466

## Number of replicas

2467

2468

replicas: 1

2469

## Strategy of the deployment

2470

2471

strategy: {}

2472

# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/

2473

podDisruptionBudget:

2474

enabled: false

2475

minAvailable: 1

2476

# maxUnavailable: ""

2477

unhealthyPodEvictionPolicy: AlwaysAllow

2478

## Number of old replicasets to retain ##

2479

## The default value is 10, 0 will garbage-collect old replicasets ##

2480

revisionHistoryLimit: 10

2481

## Prometheus-Operator v0.39.0 and later support TLS natively.

2482

2483

tls:

2484

enabled: true

2485

# Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants

2486

tlsMinVersion: VersionTLS13

2487

# The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.

2488

internalPort: 10250

2489

## Service account for Prometheus Operator Webhook to use.

2490

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2491

2492

serviceAccount:

2493

annotations: {}

2494

automountServiceAccountToken: false

2495

create: true

2496

2497

## Configuration for Prometheus operator Webhook service

2498

2499

service:

2500

annotations: {}

2501

labels: {}

2502

clusterIP: ""

2503

ipDualStack:

2504

enabled: false

2505

ipFamilies: ["IPv6", "IPv4"]

2506

ipFamilyPolicy: "PreferDualStack"

2507

## Port to expose on each node

2508

## Only used if service.type is 'NodePort'

2509

2510

nodePort: 31080

2511

nodePortTls: 31443

2512

## Additional ports to open for Prometheus operator Webhook service

2513

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services

2514

2515

additionalPorts: []

2516

## Loadbalancer IP

2517

## Only use if service.type is "LoadBalancer"

2518

2519

loadBalancerIP: ""

2520

loadBalancerSourceRanges: []

2521

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

2522

2523

externalTrafficPolicy: Cluster

2524

## Service type

2525

## NodePort, ClusterIP, LoadBalancer

2526

2527

type: ClusterIP

2528

## List of IP addresses at which the Prometheus server service is available

2529

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips

2530

2531

externalIPs: []

2532

# ## Labels to add to the operator webhook deployment

2533

# ##

2534

labels: {}

2535

## Annotations to add to the operator webhook deployment

2536

2537

annotations: {}

2538

## Labels to add to the operator webhook pod

2539

2540

podLabels: {}

2541

## Annotations to add to the operator webhook pod

2542

2543

podAnnotations: {}

2544

## Assign a PriorityClassName to pods if set

2545

# priorityClassName: ""

2546

2547

## Define Log Format

2548

# Use logfmt (default) or json logging

2549

# logFormat: logfmt

2550

2551

## Decrease log verbosity to errors only

2552

# logLevel: error

2553

2554

## Prometheus-operator webhook image

2555

2556

image:

2557

registry: cgr.dev

2558

repository: chainguard-private/prometheus-admission-webhook

2559

# if not set appVersion field from Chart.yaml is used

2560

tag: latest

2561

sha: sha256:63936b8a303678a137c158f04590b9fd9b5a31ed19e311c56a4fbe4dbf8e6b20

2562

pullPolicy: IfNotPresent

2563

## Define Log Format

2564

# Use logfmt (default) or json logging

2565

# logFormat: logfmt

2566

2567

## Decrease log verbosity to errors only

2568

# logLevel: error

2569

2570

## PromQL parser options to enable for the admission webhook when validating PrometheusRule resources.

2571

## The options are passed to the prometheus-operator admission-webhook binary as a comma-separated --promql-options value.

2572

## Requires prometheus-operator admission-webhook v0.91.0 or newer.

2573

## Valid values: experimental-functions, duration-expression-parsing, extended-range-selectors, binop-fill-modifiers.

2574

2575

promqlOptions: []

2576

## Liveness probe

2577

2578

livenessProbe:

2579

enabled: true

2580

failureThreshold: 3

2581

initialDelaySeconds: 30

2582

periodSeconds: 10

2583

successThreshold: 1

2584

timeoutSeconds: 1

2585

## Readiness probe

2586

2587

readinessProbe:

2588

enabled: true

2589

failureThreshold: 3

2590

initialDelaySeconds: 5

2591

periodSeconds: 10

2592

successThreshold: 1

2593

timeoutSeconds: 1

2594

## Resource limits & requests

2595

2596

resources: {}

2597

# limits:

2598

# cpu: 200m

2599

# memory: 200Mi

2600

# requests:

2601

# cpu: 100m

2602

# memory: 100Mi

2603

2604

# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),

2605

# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working

2606

2607

hostNetwork: false

2608

## Define which Nodes the Pods are scheduled on.

2609

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

2610

2611

nodeSelector: {}

2612

## Tolerations for use with node taints

2613

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

2614

2615

tolerations: []

2616

# - key: "key"

2617

# operator: "Equal"

2618

# value: "value"

2619

# effect: "NoSchedule"

2620

2621

## Assign custom affinity rules to the prometheus operator

2622

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

2623

2624

affinity: {}

2625

# nodeAffinity:

2626

# requiredDuringSchedulingIgnoredDuringExecution:

2627

# nodeSelectorTerms:

2628

# - matchExpressions:

2629

# - key: kubernetes.io/e2e-az-name

2630

# operator: In

2631

# values:

2632

# - e2e-az1

2633

# - e2e-az2

2634

dnsConfig: {}

2635

# nameservers:

2636

# - 1.2.3.4

2637

# searches:

2638

# - ns1.svc.cluster-domain.example

2639

# - my.dns.search.suffix

2640

# options:

2641

# - name: ndots

2642

# value: "2"

2643

# - name: edns0

2644

securityContext:

2645

fsGroup: 65534

2646

runAsGroup: 65534

2647

runAsNonRoot: true

2648

runAsUser: 65534

2649

seccompProfile:

2650

type: RuntimeDefault

2651

## Container-specific security context configuration

2652

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

2653

2654

containerSecurityContext:

2655

allowPrivilegeEscalation: false

2656

readOnlyRootFilesystem: true

2657

capabilities:

2658

drop:

2659

- ALL

2660

## If false then the user will opt out of automounting API credentials.

2661

2662

automountServiceAccountToken: true

2663

patch:

2664

enabled: true

2665

image:

2666

registry: cgr.dev

2667

repository: chainguard-private/kube-webhook-certgen

2668

tag: latest

2669

sha: sha256:75101c63ec22b85737bad95af855ac199f55619eadc402797531ab48d53e218f

2670

pullPolicy: IfNotPresent

2671

resources: {}

2672

## Provide a priority class name to the webhook patching job

2673

2674

priorityClassName: ""

2675

ttlSecondsAfterFinished: 60

2676

annotations: {}

2677

# argocd.argoproj.io/hook: PreSync

2678

# argocd.argoproj.io/hook-delete-policy: HookSucceeded

2679

podAnnotations: {}

2680

nodeSelector: {}

2681

affinity: {}

2682

tolerations: []

2683

## SecurityContext holds pod-level security attributes and common container settings.

2684

## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false

2685

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

2686

2687

securityContext:

2688

runAsGroup: 2000

2689

runAsNonRoot: true

2690

runAsUser: 2000

2691

seccompProfile:

2692

type: RuntimeDefault

2693

## Service account for Prometheus Operator Webhook Job Patch to use.

2694

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2695

2696

serviceAccount:

2697

create: true

2698

annotations: {}

2699

automountServiceAccountToken: true

2700

# Security context for create job container

2701

createSecretJob:

2702

securityContext:

2703

allowPrivilegeEscalation: false

2704

readOnlyRootFilesystem: true

2705

capabilities:

2706

drop:

2707

- ALL

2708

# Security context for patch job container

2709

patchWebhookJob:

2710

securityContext:

2711

allowPrivilegeEscalation: false

2712

readOnlyRootFilesystem: true

2713

capabilities:

2714

drop:

2715

- ALL

2716

# Use certmanager to generate webhook certs

2717

certManager:

2718

enabled: false

2719

# self-signed root certificate

2720

rootCert:

2721

duration: "" # default to be 5y

2722

# -- Set the revisionHistoryLimit on the Certificate. See

2723

# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec

2724

# Defaults to nil.

2725

revisionHistoryLimit:

2726

admissionCert:

2727

duration: "" # default to be 1y

2728

# -- Set the revisionHistoryLimit on the Certificate. See

2729

# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec

2730

# Defaults to nil.

2731

revisionHistoryLimit:

2732

# issuerRef:

2733

# name: "issuer"

2734

# kind: "ClusterIssuer"

2735

## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).

2736

## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration

2737

2738

namespaces: {}

2739

# releaseNamespace: true

2740

# additional:

2741

# - kube-system

2742

2743

## Namespaces not to scope the interaction of the Prometheus Operator (deny list).

2744

2745

denyNamespaces: []

2746

## Filter namespaces to look for prometheus-operator custom resources

2747

2748

alertmanagerInstanceNamespaces: []

2749

alertmanagerConfigNamespaces: []

2750

prometheusInstanceNamespaces: []

2751

thanosRulerInstanceNamespaces: []

2752

## The clusterDomain value will be added to the cluster.peer option of the alertmanager.

2753

## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value)

2754

## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094

2755

2756

# clusterDomain: "cluster.local"

2757

networkPolicy:

2758

## Enable creation of NetworkPolicy resources.

2759

2760

enabled: false

2761

## Flavor of the network policy to use.

2762

# Can be:

2763

# * kubernetes for networking.k8s.io/v1/NetworkPolicy

2764

# * cilium for cilium.io/v2/CiliumNetworkPolicy

2765

flavor: kubernetes

2766

# cilium:

2767

# egress:

2768

2769

## match labels used in selector

2770

# matchLabels: {}

2771

## Service account for Prometheus Operator to use.

2772

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2773

2774

serviceAccount:

2775

create: true

2776

2777

automountServiceAccountToken: true

2778

annotations: {}

2779

# -- terminationGracePeriodSeconds for container lifecycle hook

2780

terminationGracePeriodSeconds: 30

2781

# -- Specify lifecycle hooks for the controller

2782

lifecycle: {}

2783

## Configuration for Prometheus operator service

2784

2785

service:

2786

annotations: {}

2787

labels: {}

2788

clusterIP: ""

2789

ipDualStack:

2790

enabled: false

2791

ipFamilies: ["IPv6", "IPv4"]

2792

ipFamilyPolicy: "PreferDualStack"

2793

## Port to expose on each node

2794

## Only used if service.type is 'NodePort'

2795

2796

nodePort: 30080

2797

nodePortTls: 30443

2798

## Additional ports to open for Prometheus operator service

2799

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services

2800

2801

additionalPorts: []

2802

## Loadbalancer IP

2803

## Only use if service.type is "LoadBalancer"

2804

2805

loadBalancerIP: ""

2806

loadBalancerSourceRanges: []

2807

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

2808

2809

externalTrafficPolicy: Cluster

2810

## Service type

2811

## NodePort, ClusterIP, LoadBalancer

2812

2813

type: ClusterIP

2814

## List of IP addresses at which the Prometheus server service is available

2815

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips

2816

2817

externalIPs: []

2818

# ## Labels to add to the operator deployment

2819

# ##

2820

labels: {}

2821

## Annotations to add to the operator deployment

2822

2823

annotations: {}

2824

## Labels to add to the operator pod

2825

2826

podLabels: {}

2827

## Annotations to add to the operator pod

2828

2829

podAnnotations: {}

2830

## Assign a podDisruptionBudget to the operator

2831

2832

podDisruptionBudget:

2833

enabled: false

2834

minAvailable: 1

2835

# maxUnavailable: ""

2836

unhealthyPodEvictionPolicy: AlwaysAllow

2837

## Assign a PriorityClassName to pods if set

2838

# priorityClassName: ""

2839

2840

## Define Log Format

2841

# Use logfmt (default) or json logging

2842

# logFormat: logfmt

2843

2844

## Decrease log verbosity to errors only

2845

# logLevel: error

2846

kubeletService:

2847

## If true, the operator will create and maintain a service for scraping kubelets

2848

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md

2849

2850

enabled: true

2851

namespace: kube-system

2852

selector: ""

2853

## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default

2854

2855

## Create Endpoints objects for kubelet targets.

2856

kubeletEndpointsEnabled: true

2857

## Create EndpointSlice objects for kubelet targets.

2858

kubeletEndpointSliceEnabled: false

2859

## Extra arguments to pass to prometheusOperator

2860

# https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/operator.md

2861

extraArgs: []

2862

# - --labels="cluster=talos-cluster"

2863

2864

## Create a servicemonitor for the operator

2865

2866

serviceMonitor:

2867

## If true, create a serviceMonitor for prometheus operator

2868

2869

selfMonitor: true

2870

## Labels for ServiceMonitor

2871

additionalLabels: {}

2872

## Scrape interval. If not set, the Prometheus default scrape interval is used.

2873

2874

interval: ""

2875

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

2876

2877

sampleLimit: 0

2878

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

2879

2880

targetLimit: 0

2881

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2882

2883

labelLimit: 0

2884

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2885

2886

labelNameLengthLimit: 0

2887

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

2888

2889

labelValueLengthLimit: 0

2890

## Scrape timeout. If not set, the Prometheus default scrape timeout is used.

2891

scrapeTimeout: ""

2892

## Metric relabel configs to apply to samples before ingestion.

2893

2894

metricRelabelings: []

2895

# - action: keep

2896

2897

# sourceLabels: [__name__]

2898

2899

# relabel configs to apply to samples before ingestion.

2900

2901

relabelings: []

2902

# - sourceLabels: [__meta_kubernetes_pod_node_name]

2903

# separator: ;

2904

# regex: ^(.*)$

2905

# targetLabel: nodename

2906

# replacement: $1

2907

# action: replace

2908

## Resource limits & requests

2909

2910

resources: {}

2911

# limits:

2912

# cpu: 200m

2913

# memory: 200Mi

2914

# requests:

2915

# cpu: 100m

2916

# memory: 100Mi

2917

2918

## Operator Environment

2919

## env:

2920

## VARIABLE: value

2921

env:

2922

GOGC: "30"

2923

# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),

2924

# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working

2925

2926

hostNetwork: false

2927

## Define which Nodes the Pods are scheduled on.

2928

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

2929

2930

nodeSelector: {}

2931

## Tolerations for use with node taints

2932

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

2933

2934

tolerations: []

2935

# - key: "key"

2936

# operator: "Equal"

2937

# value: "value"

2938

# effect: "NoSchedule"

2939

2940

## Assign custom affinity rules to the prometheus operator

2941

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

2942

2943

affinity: {}

2944

# nodeAffinity:

2945

# requiredDuringSchedulingIgnoredDuringExecution:

2946

# nodeSelectorTerms:

2947

# - matchExpressions:

2948

# - key: kubernetes.io/e2e-az-name

2949

# operator: In

2950

# values:

2951

# - e2e-az1

2952

# - e2e-az2

2953

dnsConfig: {}

2954

# nameservers:

2955

# - 1.2.3.4

2956

# searches:

2957

# - ns1.svc.cluster-domain.example

2958

# - my.dns.search.suffix

2959

# options:

2960

# - name: ndots

2961

# value: "2"

2962

# - name: edns0

2963

securityContext:

2964

fsGroup: 65534

2965

runAsGroup: 65534

2966

runAsNonRoot: true

2967

runAsUser: 65534

2968

seccompProfile:

2969

type: RuntimeDefault

2970

## Setup hostUsers for prometheus-operator

2971

## ref: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/

2972

hostUsers: ~

2973

## Container-specific security context configuration

2974

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

2975

2976

containerSecurityContext:

2977

allowPrivilegeEscalation: false

2978

readOnlyRootFilesystem: true

2979

capabilities:

2980

drop:

2981

- ALL

2982

# Enable vertical pod autoscaler support for prometheus-operator

2983

verticalPodAutoscaler:

2984

enabled: false

2985

# Recommender responsible for generating recommendation for the object.

2986

# List should be empty (then the default recommender will generate the recommendation)

2987

# or contain exactly one recommender.

2988

# recommenders:

2989

# - name: custom-recommender-performance

2990

2991

# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

2992

controlledResources: []

2993

# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.

2994

# controlledValues: RequestsAndLimits

2995

2996

# Define the max allowed resources for the pod

2997

maxAllowed: {}

2998

# cpu: 200m

2999

# memory: 100Mi

3000

# Define the min allowed resources for the pod

3001

minAllowed: {}

3002

# cpu: 200m

3003

# memory: 100Mi

3004

3005

updatePolicy:

3006

# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction

3007

# minReplicas: 1

3008

# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates

3009

# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".

3010

updateMode: Recreate

3011

## Prometheus-operator image

3012

3013

image:

3014

registry: cgr.dev

3015

repository: chainguard-private/prometheus-operator

3016

# if not set appVersion field from Chart.yaml is used

3017

tag: latest

3018

sha: sha256:160665486be8525d30c439c47e09099c9884e69b94651ed66e266d432d96d9bd

3019

pullPolicy: IfNotPresent

3020

## Prometheus image to use for prometheuses managed by the operator

3021

3022

# prometheusDefaultBaseImage: prometheus/prometheus

3023

3024

## Prometheus image registry to use for prometheuses managed by the operator

3025

3026

# prometheusDefaultBaseImageRegistry: quay.io

3027

3028

## Alertmanager image to use for alertmanagers managed by the operator

3029

3030

# alertmanagerDefaultBaseImage: prometheus/alertmanager

3031

3032

## Alertmanager image registry to use for alertmanagers managed by the operator

3033

3034

# alertmanagerDefaultBaseImageRegistry: quay.io

3035

3036

## Prometheus-config-reloader

3037

3038

prometheusConfigReloader:

3039

image:

3040

registry: cgr.dev

3041

repository: chainguard-private/prometheus-config-reloader

3042

# if not set appVersion field from Chart.yaml is used

3043

tag: latest

3044

sha: sha256:101fbbbccedc1551ae0b96737686dac80e33cef55eed40324d653cc5c8619529

3045

# add prometheus config reloader liveness and readiness probe. Default: false

3046

enableProbe: false

3047

# resource config for prometheusConfigReloader

3048

resources: {}

3049

# requests:

3050

# cpu: 200m

3051

# memory: 50Mi

3052

# limits:

3053

# cpu: 200m

3054

# memory: 50Mi

3055

## Thanos side-car image when configured

3056

3057

thanosImage:

3058

registry: cgr.dev

3059

repository: chainguard-private/thanos

3060

tag: latest

3061

sha: sha256:bf12d37a4a537580deb922d6eda6744cff0a374ac40efc77e559febc22191b49

3062

## Set a Label Selector to filter watched prometheus and prometheusAgent

3063

3064

prometheusInstanceSelector: ""

3065

## Set a Label Selector to filter watched alertmanager

3066

3067

alertmanagerInstanceSelector: ""

3068

## Set a Label Selector to filter watched thanosRuler

3069

thanosRulerInstanceSelector: ""

3070

## Set a Field Selector to filter watched secrets

3071

3072

secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1"

3073

## If false then the user will opt out of automounting API credentials.

3074

3075

automountServiceAccountToken: true

3076

## Additional volumes

3077

3078

extraVolumes: []

3079

## Additional volume mounts

3080

3081

extraVolumeMounts: []

3082

## Deploy a Prometheus instance

3083

3084

prometheus:

3085

enabled: true

3086

## Toggle prometheus into agent mode

3087

## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode.

3088

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/prometheus-agent.md

3089

3090

agentMode: false

3091

## Annotations for Prometheus

3092

3093

annotations: {}

3094

## Additional labels for Prometheus

3095

3096

additionalLabels: {}

3097

## Configure network policy for the prometheus

3098

networkPolicy:

3099

enabled: false

3100

## Flavor of the network policy to use.

3101

# Can be:

3102

# * kubernetes for networking.k8s.io/v1/NetworkPolicy

3103

# * cilium for cilium.io/v2/CiliumNetworkPolicy

3104

flavor: kubernetes

3105

namespace:

3106

# cilium:

3107

# endpointSelector:

3108

# egress:

3109

# ingress:

3110

3111

# egress:

3112

# - {}

3113

# ingress:

3114

# - {}

3115

# podSelector:

3116

# matchLabels:

3117

# app: prometheus

3118

## Service account for Prometheuses to use.

3119

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

3120

3121

serviceAccount:

3122

create: true

3123

3124

annotations: {}

3125

automountServiceAccountToken: true

3126

# Service for thanos service discovery on sidecar

3127

# Enable this can make Thanos Query can use

3128

# `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery

3129

# Thanos sidecar on prometheus nodes

3130

# (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!)

3131

thanosService:

3132

enabled: false

3133

annotations: {}

3134

labels: {}

3135

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

3136

3137

externalTrafficPolicy: Cluster

3138

## Service type

3139

3140

type: ClusterIP

3141

## Service dual stack

3142

3143

ipDualStack:

3144

enabled: false

3145

ipFamilies: ["IPv6", "IPv4"]

3146

ipFamilyPolicy: "PreferDualStack"

3147

## gRPC port config

3148

portName: grpc

3149

port: 10901

3150

targetPort: "grpc"

3151

## HTTP port config (for metrics)

3152

httpPortName: http

3153

httpPort: 10902

3154

targetHttpPort: "http"

3155

## ClusterIP to assign

3156

# Default is to make this a headless service ("None")

3157

clusterIP: "None"

3158

## Port to expose on each node, if service type is NodePort

3159

3160

nodePort: 30901

3161

httpNodePort: 30902

3162

# ServiceMonitor to scrape Sidecar metrics

3163

# Needs thanosService to be enabled as well

3164

thanosServiceMonitor:

3165

enabled: false

3166

interval: ""

3167

## Additional labels

3168

3169

additionalLabels: {}

3170

## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.

3171

scheme: ""

3172

## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.

3173

## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig

3174

tlsConfig: {}

3175

bearerTokenFile:

3176

## Metric relabel configs to apply to samples before ingestion.

3177

metricRelabelings: []

3178

## relabel configs to apply to samples before ingestion.

3179

relabelings: []

3180

# Service for external access to sidecar

3181

# Enabling this creates a service to expose thanos-sidecar outside the cluster.

3182

thanosServiceExternal:

3183

enabled: false

3184

annotations: {}

3185

labels: {}

3186

loadBalancerIP: ""

3187

loadBalancerSourceRanges: []

3188

## gRPC port config

3189

portName: grpc

3190

port: 10901

3191

targetPort: "grpc"

3192

## HTTP port config (for metrics)

3193

httpPortName: http

3194

httpPort: 10902

3195

targetHttpPort: "http"

3196

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

3197

3198

externalTrafficPolicy: Cluster

3199

## Service type

3200

3201

type: LoadBalancer

3202

## Port to expose on each node

3203

3204

nodePort: 30901

3205

httpNodePort: 30902

3206

## Configuration for Prometheus service

3207

3208

service:

3209

enabled: true

3210

annotations: {}

3211

labels: {}

3212

clusterIP: ""

3213

ipDualStack:

3214

enabled: false

3215

ipFamilies: ["IPv6", "IPv4"]

3216

ipFamilyPolicy: "PreferDualStack"

3217

## Port for Prometheus Service to listen on

3218

3219

port: 9090

3220

## To be used with a proxy extraContainer port

3221

targetPort: 9090

3222

## Port for Prometheus Reloader to listen on

3223

3224

reloaderWebPort: 8080

3225

## Port to expose for Prometheus Reloader

3226

## Only used if service.type is 'NodePort'

3227

3228

reloaderWebNodePort: null

3229

## List of IP addresses at which the Prometheus server service is available

3230

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips

3231

3232

externalIPs: []

3233

## Port to expose on each node

3234

## Only used if service.type is 'NodePort'

3235

3236

nodePort: 30090

3237

## Loadbalancer IP

3238

## Only use if service.type is "LoadBalancer"

3239

loadBalancerIP: ""

3240

loadBalancerSourceRanges: []

3241

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

3242

3243

externalTrafficPolicy: Cluster

3244

## Service type

3245

3246

type: ClusterIP

3247

## Additional ports to open for Prometheus service

3248

3249

additionalPorts: []

3250

# additionalPorts:

3251

# - name: oauth-proxy

3252

# port: 8081

3253

# targetPort: 8081

3254

# - name: oauth-metrics

3255

# port: 8082

3256

# targetPort: 8082

3257

3258

## Consider that all endpoints are considered "ready" even if the Pods themselves are not

3259

## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec

3260

publishNotReadyAddresses: false

3261

## If you want to make sure that connections from a particular client are passed to the same Pod each time

3262

## Accepts 'ClientIP' or 'None'

3263

3264

sessionAffinity: None

3265

## If you want to modify the ClientIP sessionAffinity timeout

3266

## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP"

3267

3268

sessionAffinityConfig:

3269

clientIP:

3270

timeoutSeconds: 10800

3271

## Configuration for creating a separate Service for each statefulset Prometheus replica

3272

3273

servicePerReplica:

3274

enabled: false

3275

annotations: {}

3276

## Port for Prometheus Service per replica to listen on

3277

3278

port: 9090

3279

## To be used with a proxy extraContainer port

3280

targetPort: 9090

3281

## Port to expose on each node

3282

## Only used if servicePerReplica.type is 'NodePort'

3283

3284

nodePort: 30091

3285

## Loadbalancer source IP ranges

3286

## Only used if servicePerReplica.type is "LoadBalancer"

3287

loadBalancerSourceRanges: []

3288

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

3289

3290

externalTrafficPolicy: Cluster

3291

## Service type

3292

3293

type: ClusterIP

3294

## Service dual stack

3295

3296

ipDualStack:

3297

enabled: false

3298

ipFamilies: ["IPv6", "IPv4"]

3299

ipFamilyPolicy: "PreferDualStack"

3300

## Configure pod disruption budgets for Prometheus

3301

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget

3302

3303

podDisruptionBudget:

3304

enabled: false

3305

minAvailable: 1

3306

# maxUnavailable: ""

3307

unhealthyPodEvictionPolicy: AlwaysAllow

3308

## Enable vertical pod autoscaler support for Prometheus

3309

## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler

3310

3311

verticalPodAutoscaler:

3312

enabled: false

3313

# Recommender responsible for generating recommendation for the object.

3314

# List should be empty (then the default recommender will generate the recommendation)

3315

# or contain exactly one recommender.

3316

# recommenders:

3317

# - name: custom-recommender-performance

3318

3319

# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

3320

controlledResources: []

3321

# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.

3322

# controlledValues: RequestsAndLimits

3323

3324

# Define the max allowed resources for the pod

3325

maxAllowed: {}

3326

# cpu: 200m

3327

# memory: 100Mi

3328

# Define the min allowed resources for the pod

3329

minAllowed: {}

3330

# cpu: 200m

3331

# memory: 100Mi

3332

3333

updatePolicy:

3334

# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates

3335

# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".

3336

updateMode: Recreate

3337

# Ingress exposes thanos sidecar outside the cluster

3338

thanosIngress:

3339

enabled: false

3340

ingressClassName: ""

3341

annotations: {}

3342

labels: {}

3343

servicePort: 10901

3344

## Port to expose on each node

3345

## Only used if service.type is 'NodePort'

3346

3347

nodePort: 30901

3348

## Hosts must be provided if Ingress is enabled.

3349

3350

hosts: []

3351

# - thanos-gateway.domain.com

3352

3353

## Paths to use for ingress rules

3354

3355

paths: []

3356

# - /

3357

3358

## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)

3359

## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types

3360

# pathType: ImplementationSpecific

3361

3362

## TLS configuration for Thanos Ingress

3363

## Secret must be manually created in the namespace

3364

3365

tls: []

3366

# - secretName: thanos-gateway-tls

3367

# hosts:

3368

# - thanos-gateway.domain.com

3369

3370

## ExtraSecret can be used to store various data in an extra secret

3371

## (use it for example to store hashed basic auth credentials)

3372

extraSecret:

3373

## if not set, name will be auto generated

3374

# name: ""

3375

annotations: {}

3376

data: {}

3377

# auth: |

3378

# foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0

3379

# someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.

3380

3381

ingress:

3382

enabled: false

3383

ingressClassName: ""

3384

annotations: {}

3385

labels: {}

3386

## Redirect ingress to an additional defined port on the service

3387

# servicePort: 8081

3388

3389

## Hostnames.

3390

## Must be provided if Ingress is enabled.

3391

3392

# hosts:

3393

# - prometheus.domain.com

3394

hosts: []

3395

## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix

3396

3397

paths: []

3398

# - /

3399

3400

## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)

3401

## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types

3402

# pathType: ImplementationSpecific

3403

3404

## TLS configuration for Prometheus Ingress

3405

## Secret must be manually created in the namespace

3406

3407

tls: []

3408

# - secretName: prometheus-general-tls

3409

# hosts:

3410

# - prometheus.example.com

3411

# -- BETA: Configure the gateway routes for the chart here.

3412

# More routes can be added by adding a dictionary key like the 'main' route.

3413

# Be aware that this is an early beta of this feature,

3414

# kube-prometheus-stack does not guarantee this works and is subject to change.

3415

# Being BETA this can/will change in the future without notice, do not use unless you want to take that risk

3416

# [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)

3417

route:

3418

main:

3419

# -- Enables or disables the route

3420

enabled: false

3421

# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2

3422

apiVersion: gateway.networking.k8s.io/v1

3423

# -- Set the route kind

3424

# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute

3425

kind: HTTPRoute

3426

annotations: {}

3427

labels: {}

3428

hostnames: []

3429

# - my-filter.example.com

3430

parentRefs: []

3431

# - name: acme-gw

3432

3433

# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)

3434

## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.

3435

## matches, filters and additionalRules will be ignored if this is set to true. Be are

3436

httpsRedirect: false

3437

matches:

3438

- path:

3439

type: PathPrefix

3440

value: /

3441

## Filters define the filters that are applied to requests that match this rule.

3442

filters: []

3443

## Session persistence configuration for the route rule.

3444

sessionPersistence: {}

3445

# sessionName: route

3446

# type: Cookie

3447

# absoluteTimeout: 12h

3448

# cookieConfig:

3449

# lifetimeType: Permanent

3450

3451

## Additional custom rules that can be added to the route

3452

additionalRules: []

3453

## Configuration for creating an Ingress that will map to each Prometheus replica service

3454

## prometheus.servicePerReplica must be enabled

3455

3456

ingressPerReplica:

3457

enabled: false

3458

ingressClassName: ""

3459

annotations: {}

3460

labels: {}

3461

## Final form of the hostname for each per replica ingress is

3462

## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}

3463

3464

## Prefix for the per replica ingress that will have `-$replicaNumber`

3465

## appended to the end

3466

hostPrefix: ""

3467

## Domain that will be used for the per replica ingress

3468

hostDomain: ""

3469

## Paths to use for ingress rules

3470

3471

paths: []

3472

# - /

3473

3474

## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)

3475

## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types

3476

# pathType: ImplementationSpecific

3477

3478

## Secret name containing the TLS certificate for Prometheus per replica ingress

3479

## Secret must be manually created in the namespace

3480

tlsSecretName: ""

3481

## Separated secret for each per replica Ingress. Can be used together with cert-manager

3482

3483

tlsSecretPerReplica:

3484

enabled: false

3485

## Final form of the secret for each per replica ingress is

3486

## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}

3487

3488

prefix: "prometheus"

3489

serviceMonitor:

3490

## If true, create a serviceMonitor for prometheus

3491

3492

selfMonitor: true

3493

## Scrape interval. If not set, the Prometheus default scrape interval is used.

3494

3495

interval: ""

3496

## Additional labels

3497

3498

additionalLabels: {}

3499

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

3500

3501

sampleLimit: 0

3502

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

3503

3504

targetLimit: 0

3505

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

3506

3507

labelLimit: 0

3508

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

3509

3510

labelNameLengthLimit: 0

3511

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

3512

3513

labelValueLengthLimit: 0

3514

## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.

3515

scheme: ""

3516

## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.

3517

## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig

3518

tlsConfig: {}

3519

bearerTokenFile:

3520

## Metric relabel configs to apply to samples before ingestion.

3521

3522

metricRelabelings: []

3523

# - action: keep

3524

3525

# sourceLabels: [__name__]

3526

3527

# relabel configs to apply to samples before ingestion.

3528

3529

relabelings: []

3530

# - sourceLabels: [__meta_kubernetes_pod_node_name]

3531

# separator: ;

3532

# regex: ^(.*)$

3533

# targetLabel: nodename

3534

# replacement: $1

3535

# action: replace

3536

3537

## Additional Endpoints

3538

3539

additionalEndpoints: []

3540

# - port: oauth-metrics

3541

# path: /metrics

3542

## Settings affecting prometheusSpec

3543

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheusspec

3544

3545

prometheusSpec:

3546

## Statefulset's persistent volume claim retention policy

3547

## whenDeleted and whenScaled determine whether

3548

## statefulset's PVCs are deleted (true) or retained (false)

3549

## on scaling down and deleting statefulset, respectively.

3550

## Requires Kubernetes version 1.27.0+.

3551

## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention

3552

persistentVolumeClaimRetentionPolicy: {}

3553

# whenDeleted: Retain

3554

# whenScaled: Retain

3555

3556

## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos

3557

3558

disableCompaction: false

3559

## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod,

3560

## If the field isn't set, the operator mounts the service account token by default.

3561

## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery,

3562

## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container.

3563

automountServiceAccountToken: true

3564

## APIServerConfig

3565

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#apiserverconfig

3566

3567

apiserverConfig: {}

3568

## Allows setting additional arguments for the Prometheus container

3569

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus

3570

additionalArgs: []

3571

## Convert all classic histograms to native histograms with custom buckets.

3572

## This corresponds to the 'convert_classic_histograms_to_nhcb' field in Prometheus configuration.

3573

3574

convertClassicHistogramsToNHCB: false

3575

## Enable scraping of classic histograms that are also exposed as native histograms.

3576

## This corresponds to the 'always_scrape_classic_histograms' field in Prometheus configuration.

3577

3578

scrapeClassicHistograms: false

3579

## Enable scraping of native histograms.

3580

## This corresponds to the 'scrape_native_histograms' field in Prometheus configuration.

3581

3582

scrapeNativeHistograms: false

3583

## File to which scrape failures are logged.

3584

## Reloading the configuration will reopen the file.

3585

## Defaults to empty (disabled)

3586

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus

3587

3588

scrapeFailureLogFile: ""

3589

## Interval between consecutive scrapes.

3590

## Defaults to 30s.

3591

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183

3592

3593

scrapeInterval: ""

3594

## Number of seconds to wait for target to respond before erroring

3595

3596

scrapeTimeout: ""

3597

## List of scrape classes to expose to scraping objects such as

3598

## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.

3599

3600

scrapeClasses: []

3601

# - name: istio-mtls

3602

# default: false

3603

# tlsConfig:

3604

# caFile: /etc/prometheus/secrets/istio.default/root-cert.pem

3605

# certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem

3606

3607

## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects.

3608

3609

podTargetLabels: []

3610

# - customlabel

3611

3612

## Interval between consecutive evaluations.

3613

3614

evaluationInterval: ""

3615

## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.

3616

3617

listenLocal: false

3618

## enableOTLPReceiver enables the OTLP receiver for Prometheus.

3619

enableOTLPReceiver: false

3620

## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series.

3621

## This is disabled by default.

3622

## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis

3623

3624

enableAdminAPI: false

3625

## Sets version of Prometheus overriding the Prometheus version as derived

3626

## from the image tag. Useful in cases where the tag does not follow semver v2.

3627

version: ""

3628

## WebTLSConfig defines the TLS parameters for HTTPS

3629

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#webtlsconfig

3630

web: {}

3631

## Exemplars related settings that are runtime reloadable.

3632

## It requires to enable the exemplar storage feature to be effective.

3633

exemplars: {}

3634

## Maximum number of exemplars stored in memory for all series.

3635

## If not set, Prometheus uses its default value.

3636

## A value of zero or less than zero disables the storage.

3637

# maxSize: 100000

3638

3639

# EnableFeatures API enables access to Prometheus disabled features.

3640

# ref: https://prometheus.io/docs/prometheus/latest/feature_flags/

3641

enableFeatures: []

3642

# - exemplar-storage

3643

3644

## https://prometheus.io/docs/guides/opentelemetry

3645

3646

otlp: {}

3647

# promoteResourceAttributes: []

3648

# keepIdentifyingResourceAttributes: false

3649

# translationStrategy: NoUTF8EscapingWithSuffixes

3650

# convertHistogramsToNHCB: false

3651

3652

3653

serviceName:

3654

## Image of Prometheus.

3655

3656

image:

3657

registry: cgr.dev

3658

repository: chainguard-private/prometheus

3659

tag: latest

3660

sha: sha256:9823cfb14860fa97cedbb3d2a7c0ed148a1e93c4e846cac9297a219b074b9c9a

3661

pullPolicy: IfNotPresent

3662

## Tolerations for use with node taints

3663

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

3664

3665

tolerations: []

3666

# - key: "key"

3667

# operator: "Equal"

3668

# value: "value"

3669

# effect: "NoSchedule"

3670

3671

## If specified, the pod's topology spread constraints.

3672

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/

3673

3674

topologySpreadConstraints: []

3675

# - maxSkew: 1

3676

# topologyKey: topology.kubernetes.io/zone

3677

# whenUnsatisfiable: DoNotSchedule

3678

# labelSelector:

3679

# matchLabels:

3680

# app: prometheus

3681

3682

## Disable alerting

3683

3684

disableAlerting: false

3685

## Alertmanagers to which alerts will be sent

3686

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerendpoints

3687

3688

## Default configuration will connect to the alertmanager deployed as part of this release

3689

3690

alertingEndpoints: []

3691

# - name: ""

3692

# namespace: ""

3693

# port: http

3694

# scheme: http

3695

# pathPrefix: ""

3696

# tlsConfig: {}

3697

# bearerTokenFile: ""

3698

# apiVersion: v2

3699

3700

## External labels to add to any time series or alerts when communicating with external systems

3701

3702

externalLabels: {}

3703

## enable --web.enable-remote-write-receiver flag on prometheus-server

3704

3705

enableRemoteWriteReceiver: false

3706

## Name of the external label used to denote replica name

3707

3708

replicaExternalLabelName: ""

3709

## If true, the Operator won't add the external label used to denote replica name

3710

3711

replicaExternalLabelNameClear: false

3712

## Name of the external label used to denote Prometheus instance name

3713

3714

prometheusExternalLabelName: ""

3715

## If true, the Operator won't add the external label used to denote Prometheus instance name

3716

3717

prometheusExternalLabelNameClear: false

3718

## External URL at which Prometheus will be reachable.

3719

3720

externalUrl: ""

3721

## Define which Nodes the Pods are scheduled on.

3722

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

3723

3724

nodeSelector: {}

3725

## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.

3726

## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not

3727

## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated

3728

## with the new list of secrets.

3729

3730

secrets: []

3731

## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.

3732

## The ConfigMaps are mounted into /etc/prometheus/configmaps/.

3733

3734

configMaps: []

3735

## QuerySpec defines the query command line flags when starting Prometheus.

3736

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#queryspec

3737

3738

query: {}

3739

## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery.

3740

ruleNamespaceSelector: {}

3741

## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel"

3742

# ruleNamespaceSelector:

3743

# matchLabels:

3744

# prometheus: somelabel

3745

3746

## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the

3747

## prometheus resource to be created with selectors based on values in the helm deployment,

3748

## which will also match the PrometheusRule resources created

3749

3750

ruleSelectorNilUsesHelmValues: true

3751

## PrometheusRules to be selected for target discovery.

3752

## If {}, select all PrometheusRules

3753

3754

ruleSelector: {}

3755

## Example which select all PrometheusRules resources

3756

## with label "prometheus" with values any of "example-rules" or "example-rules-2"

3757

# ruleSelector:

3758

# matchExpressions:

3759

# - key: prometheus

3760

# operator: In

3761

# values:

3762

# - example-rules

3763

# - example-rules-2

3764

3765

## Example which select all PrometheusRules resources with label "role" set to "example-rules"

3766

# ruleSelector:

3767

# matchLabels:

3768

# role: example-rules

3769

3770

## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the

3771

## prometheus resource to be created with selectors based on values in the helm deployment,

3772

## which will also match the servicemonitors created

3773

3774

serviceMonitorSelectorNilUsesHelmValues: true

3775

## ServiceMonitors to be selected for target discovery.

3776

## If {}, select all ServiceMonitors

3777

3778

serviceMonitorSelector: {}

3779

## Example which selects ServiceMonitors with label "prometheus" set to "somelabel"

3780

# serviceMonitorSelector:

3781

# matchLabels:

3782

# prometheus: somelabel

3783

3784

## Namespaces to be selected for ServiceMonitor discovery.

3785

3786

serviceMonitorNamespaceSelector: {}

3787

## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel"

3788

# serviceMonitorNamespaceSelector:

3789

# matchLabels:

3790

# prometheus: somelabel

3791

3792

## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the

3793

## prometheus resource to be created with selectors based on values in the helm deployment,

3794

## which will also match the podmonitors created

3795

3796

podMonitorSelectorNilUsesHelmValues: true

3797

## PodMonitors to be selected for target discovery.

3798

## If {}, select all PodMonitors

3799

3800

podMonitorSelector: {}

3801

## Example which selects PodMonitors with label "prometheus" set to "somelabel"

3802

# podMonitorSelector:

3803

# matchLabels:

3804

# prometheus: somelabel

3805

3806

## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery.

3807

podMonitorNamespaceSelector: {}

3808

## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel"

3809

# podMonitorNamespaceSelector:

3810

# matchLabels:

3811

# prometheus: somelabel

3812

3813

## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the

3814

## prometheus resource to be created with selectors based on values in the helm deployment,

3815

## which will also match the probes created

3816

3817

probeSelectorNilUsesHelmValues: true

3818

## Probes to be selected for target discovery.

3819

## If {}, select all Probes

3820

3821

probeSelector: {}

3822

## Example which selects Probes with label "prometheus" set to "somelabel"

3823

# probeSelector:

3824

# matchLabels:

3825

# prometheus: somelabel

3826

3827

## If nil, select own namespace. Namespaces to be selected for Probe discovery.

3828

probeNamespaceSelector: {}

3829

## Example which selects Probe in namespaces with label "prometheus" set to "somelabel"

3830

# probeNamespaceSelector:

3831

# matchLabels:

3832

# prometheus: somelabel

3833

3834

## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the

3835

## prometheus resource to be created with selectors based on values in the helm deployment,

3836

## which will also match the scrapeConfigs created

3837

3838

## If null and scrapeConfigSelector is also null, exclude field from the prometheusSpec

3839

## (keeping downward compatibility with older versions of CRD)

3840

3841

scrapeConfigSelectorNilUsesHelmValues: true

3842

## scrapeConfigs to be selected for target discovery.

3843

## If {}, select all scrapeConfigs

3844

3845

scrapeConfigSelector: {}

3846

## Example which selects scrapeConfigs with label "prometheus" set to "somelabel"

3847

# scrapeConfigSelector:

3848

# matchLabels:

3849

# prometheus: somelabel

3850

3851

## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery.

3852

## If null, exclude the field from the prometheusSpec (keeping downward compatibility with older versions of CRD)

3853

scrapeConfigNamespaceSelector: {}

3854

## Example which selects scrapeConfig in namespaces with label "prometheus" set to "somelabel"

3855

# scrapeConfigNamespaceSelector:

3856

# matchLabels:

3857

# prometheus: somelabel

3858

3859

## How long to retain metrics

3860

3861

retention: 10d

3862

## Maximum size of metrics

3863

## Unit format should be in the form of "50GiB"

3864

retentionSize: ""

3865

## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration

3866

## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb

3867

tsdb:

3868

outOfOrderTimeWindow: 0s

3869

## Enable compression of the write-ahead log using Snappy.

3870

3871

walCompression: true

3872

## If true, the Operator won't process any Prometheus configuration changes

3873

3874

paused: false

3875

## Number of replicas of each shard to deploy for a Prometheus deployment.

3876

## Number of replicas multiplied by shards is the total number of Pods created.

3877

3878

replicas: 1

3879

## EXPERIMENTAL: Number of shards to distribute targets onto.

3880

## Number of replicas multiplied by shards is the total number of Pods created.

3881

## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved.

3882

## Increasing shards will not reshard data either but it will continue to be available from the same instances.

3883

## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location.

3884

## Sharding is done on the content of the `__address__` target meta-label.

3885

3886

shards: 1

3887

## Log level for Prometheus be configured in

3888

3889

logLevel: info

3890

## Log format for Prometheus be configured in

3891

3892

logFormat: logfmt

3893

## Prefix used to register routes, overriding externalUrl route.

3894

## Useful for proxies that rewrite URLs.

3895

3896

routePrefix: /

3897

## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata

3898

## Metadata Labels and Annotations gets propagated to the prometheus pods.

3899

3900

podMetadata: {}

3901

# labels:

3902

# app: prometheus

3903

# k8s-app: prometheus

3904

3905

## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.

3906

## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.

3907

## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.

3908

## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.

3909

podAntiAffinity: "soft"

3910

## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.

3911

## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone

3912

3913

podAntiAffinityTopologyKey: kubernetes.io/hostname

3914

## Assign custom affinity rules to the prometheus instance

3915

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

3916

3917

affinity: {}

3918

# nodeAffinity:

3919

# requiredDuringSchedulingIgnoredDuringExecution:

3920

# nodeSelectorTerms:

3921

# - matchExpressions:

3922

# - key: kubernetes.io/e2e-az-name

3923

# operator: In

3924

# values:

3925

# - e2e-az1

3926

# - e2e-az2

3927

3928

## The remote_read spec configuration for Prometheus.

3929

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotereadspec

3930

remoteRead: []

3931

# - url: http://remote1/read

3932

## additionalRemoteRead is appended to remoteRead

3933

additionalRemoteRead: []

3934

## The remote_write spec configuration for Prometheus.

3935

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotewritespec

3936

remoteWrite: []

3937

# - url: http://remote1/push

3938

## additionalRemoteWrite is appended to remoteWrite

3939

additionalRemoteWrite: []

3940

## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature

3941

remoteWriteDashboards: false

3942

## Resource limits & requests

3943

3944

resources: {}

3945

# requests:

3946

# memory: 400Mi

3947

3948

## Prometheus StorageSpec for persistent data

3949

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md

3950

3951

storageSpec: {}

3952

## Using PersistentVolumeClaim

3953

3954

# volumeClaimTemplate:

3955

# spec:

3956

# storageClassName: gluster

3957

# accessModes: ["ReadWriteOnce"]

3958

# resources:

3959

# requests:

3960

# storage: 50Gi

3961

# selector: {}

3962

3963

## Using tmpfs volume

3964

3965

# emptyDir:

3966

# medium: Memory

3967

3968

# Additional volumes on the output StatefulSet definition.

3969

volumes: []

3970

# Additional VolumeMounts on the output StatefulSet definition.

3971

volumeMounts: []

3972

## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations

3973

## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form

3974

## as specified in the official Prometheus documentation:

3975

## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are

3976

## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility

3977

## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible

3978

## scrape configs are going to break Prometheus after the upgrade.

3979

## AdditionalScrapeConfigs can be defined as a list or as a templated string.

3980

3981

## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the

3982

## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes

3983

3984

additionalScrapeConfigs: []

3985

# - job_name: kube-etcd

3986

# kubernetes_sd_configs:

3987

# - role: node

3988

# scheme: https

3989

# tls_config:

3990

# ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca

3991

# cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client

3992

# key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key

3993

# relabel_configs:

3994

# - action: labelmap

3995

# regex: __meta_kubernetes_node_label_(.+)

3996

# - source_labels: [__address__]

3997

# action: replace

3998

# target_label: __address__

3999

# regex: ([^:;]+):(\d+)

4000

# replacement: ${1}:2379

4001

# - source_labels: [__meta_kubernetes_node_name]

4002

# action: keep

4003

# regex: .*mst.*

4004

# - source_labels: [__meta_kubernetes_node_name]

4005

# action: replace

4006

# target_label: node

4007

# regex: (.*)

4008

# replacement: ${1}

4009

# metric_relabel_configs:

4010

4011

# action: labeldrop

4012

4013

## If scrape config contains a repetitive section, you may want to use a template.

4014

## In the following example, you can see how to define `gce_sd_configs` for multiple zones

4015

# additionalScrapeConfigs: |

4016

# - job_name: "node-exporter"

4017

# gce_sd_configs:

4018

# {{range $zone := .Values.gcp_zones}}

4019

# - project: "project1"

4020

# zone: "{{$zone}}"

4021

# port: 9100

4022

# {{end}}

4023

# relabel_configs:

4024

# ...

4025

4026

## If additional scrape configurations are already deployed in a single secret file you can use this section.

4027

## Expected values are the secret name and key

4028

## Cannot be used with additionalScrapeConfigs

4029

additionalScrapeConfigsSecret: {}

4030

# enabled: false

4031

# name:

4032

# key:

4033

4034

## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful

4035

## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false'

4036

additionalPrometheusSecretsAnnotations: {}

4037

## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified

4038

## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.

4039

## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.

4040

## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this

4041

## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release

4042

## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.

4043

4044

additionalAlertManagerConfigs: []

4045

# - consul_sd_configs:

4046

# - server: consul.dev.test:8500

4047

# scheme: http

4048

# datacenter: dev

4049

# tag_separator: ','

4050

# services:

4051

# - metrics-prometheus-alertmanager

4052

4053

## If additional alertmanager configurations are already deployed in a single secret, or you want to manage

4054

## them separately from the helm deployment, you can use this section.

4055

## Expected values are the secret name and key

4056

## Cannot be used with additionalAlertManagerConfigs

4057

additionalAlertManagerConfigsSecret: {}

4058

# name:

4059

# key:

4060

# optional: false

4061

4062

## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended

4063

## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the

4064

## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.

4065

## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the

4066

## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel

4067

## configs are going to break Prometheus after the upgrade.

4068

4069

additionalAlertRelabelConfigs: []

4070

# - separator: ;

4071

# regex: prometheus_replica

4072

# replacement: $1

4073

# action: labeldrop

4074

4075

## If additional alert relabel configurations are already deployed in a single secret, or you want to manage

4076

## them separately from the helm deployment, you can use this section.

4077

## Expected values are the secret name and key

4078

## Cannot be used with additionalAlertRelabelConfigs

4079

additionalAlertRelabelConfigsSecret: {}

4080

# name:

4081

# key:

4082

4083

## SecurityContext holds pod-level security attributes and common container settings.

4084

## This defaults to non root user with uid 1000 and gid 2000.

4085

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md

4086

4087

securityContext:

4088

runAsGroup: 2000

4089

runAsNonRoot: true

4090

runAsUser: 1000

4091

fsGroup: 2000

4092

seccompProfile:

4093

type: RuntimeDefault

4094

## DNS configuration for Prometheus.

4095

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig

4096

dnsConfig: {}

4097

## DNS policy for Prometheus.

4098

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias

4099

dnsPolicy: ""

4100

## Priority class assigned to the Pods

4101

4102

priorityClassName: ""

4103

## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.

4104

## This section is experimental, it may change significantly without deprecation notice in any release.

4105

## This is experimental and may change significantly without backward compatibility in any release.

4106

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosspec

4107

4108

thanos: {}

4109

# image: quay.io/thanos/thanos

4110

# secretProviderClass:

4111

# provider: gcp

4112

# parameters:

4113

# secrets: |

4114

# - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest"

4115

# fileName: "objstore.yaml"

4116

## ObjectStorageConfig configures object storage in Thanos.

4117

# objectStorageConfig:

4118

# # use existing secret, if configured, objectStorageConfig.secret will not be used

4119

# existingSecret: {}

4120

# # name: ""

4121

# # key: ""

4122

# # will render objectStorageConfig secret data and configure it to be used by Thanos custom resource,

4123

# # ignored when prometheusspec.thanos.objectStorageConfig.existingSecret is set

4124

# # https://thanos.io/tip/thanos/storage.md/#s3

4125

# secret: {}

4126

# # type: S3

4127

# # config:

4128

# # bucket: ""

4129

# # endpoint: ""

4130

# # region: ""

4131

# # access_key: ""

4132

# # secret_key: ""

4133

4134

## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.

4135

## if using proxy extraContainer update targetPort with proxy container port

4136

containers: []

4137

# containers:

4138

# - name: oauth-proxy

4139

# image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2

4140

# args:

4141

# - --upstream=http://127.0.0.1:9090

4142

# - --http-address=0.0.0.0:8081

4143

# - --metrics-address=0.0.0.0:8082

4144

# - ...

4145

# ports:

4146

# - containerPort: 8081

4147

# name: oauth-proxy

4148

# protocol: TCP

4149

# - containerPort: 8082

4150

# name: oauth-metrics

4151

# protocol: TCP

4152

# resources: {}

4153

4154

## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes

4155

## (permissions, dir tree) on mounted volumes before starting prometheus

4156

initContainers: []

4157

## PortName to use for Prometheus.

4158

4159

portName: "http-web"

4160

## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files

4161

## on the file system of the Prometheus container e.g. bearer token files.

4162

arbitraryFSAccessThroughSMs: false

4163

## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor

4164

## or PodMonitor to true, this overrides honor_labels to false.

4165

overrideHonorLabels: false

4166

## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.

4167

overrideHonorTimestamps: false

4168

## When ignoreNamespaceSelectors is set to true, namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored,

4169

## they will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object,

4170

## and servicemonitors will be installed in the default service namespace.

4171

## Defaults to false.

4172

ignoreNamespaceSelectors: false

4173

## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created.

4174

## The label value will always be the namespace of the object that is being created.

4175

## Disabled by default

4176

enforcedNamespaceLabel: ""

4177

## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels.

4178

## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair

4179

## Deprecated, use `excludedFromEnforcement` instead

4180

prometheusRulesExcludedFromEnforce: []

4181

## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects

4182

## to be excluded from enforcing a namespace label of origin.

4183

## Works only if enforcedNamespaceLabel set to true.

4184

## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#objectreference

4185

excludedFromEnforcement: []

4186

## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable,

4187

## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such

4188

## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions

4189

## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)

4190

queryLogFile: false

4191

# Use to set global sample_limit for Prometheus. This act as default SampleLimit for ServiceMonitor or/and PodMonitor.

4192

# Set to 'false' to disable global sample_limit. or set to a number to override the default value.

4193

sampleLimit: false

4194

# EnforcedKeepDroppedTargetsLimit defines on the number of targets dropped by relabeling that will be kept in memory.

4195

# The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets

4196

# is greater than zero and less than spec.enforcedKeepDroppedTargets. 0 means no limit.

4197

enforcedKeepDroppedTargets: 0

4198

## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit

4199

## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall

4200

## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.

4201

enforcedSampleLimit: false

4202

## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set

4203

## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall

4204

## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except

4205

## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.

4206

enforcedTargetLimit: false

4207

## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present

4208

## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions

4209

## 2.27.0 and newer.

4210

enforcedLabelLimit: false

4211

## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number

4212

## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions

4213

## 2.27.0 and newer.

4214

enforcedLabelNameLengthLimit: false

4215

## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this

4216

## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus

4217

## versions 2.27.0 and newer.

4218

enforcedLabelValueLengthLimit: false

4219

## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental

4220

## in Prometheus so it may change in any upcoming release.

4221

allowOverlappingBlocks: false

4222

## Specifies the validation scheme for metric and label names.

4223

## Supported values are: Legacy, UTF8

4224

nameValidationScheme: ""

4225

## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to

4226

## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).

4227

minReadySeconds: 0

4228

## Duration in seconds the pod needs to terminate gracefully.

4229

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination

4230

terminationGracePeriodSeconds: ~

4231

# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),

4232

# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working

4233

# Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it.

4234

# When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically.

4235

hostNetwork: false

4236

## Use the host's user namespace for Prometheus pods.

4237

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

4238

hostUsers: ~

4239

# HostAlias holds the mapping between IP and hostnames that will be injected

4240

# as an entry in the pod's hosts file.

4241

hostAliases: []

4242

# - ip: 10.10.0.100

4243

# hostnames:

4244

# - a1.app.local

4245

# - b1.app.local

4246

4247

## TracingConfig configures tracing in Prometheus.

4248

## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheustracingconfig

4249

tracingConfig: {}

4250

## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.

4251

## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role.

4252

serviceDiscoveryRole: ""

4253

## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.

4254

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

4255

podManagementPolicy: ""

4256

## Update strategy for the StatefulSet.

4257

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

4258

updateStrategy: {}

4259

# type: RollingUpdate

4260

# rollingUpdate:

4261

# maxUnavailable: 1

4262

4263

## Additional configuration which is not covered by the properties above. (passed through tpl)

4264

additionalConfig: {}

4265

## Additional configuration which is not covered by the properties above.

4266

## Useful, if you need advanced templating inside alertmanagerSpec.

4267

## Otherwise, use prometheus.prometheusSpec.additionalConfig (passed through tpl)

4268

additionalConfigString: ""

4269

## Defines the maximum time that the `prometheus` container's startup probe

4270

## will wait before being considered failed. The startup probe will return

4271

## success after the WAL replay is complete. If set, the value should be

4272

## greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15

4273

## minutes).

4274

maximumStartupDurationSeconds: 0

4275

## Set default scrapeProtocols for Prometheus instances

4276

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias

4277

scrapeProtocols: []

4278

additionalRulesForClusterRole: []

4279

# - apiGroups: [ "" ]

4280

# resources:

4281

# - nodes/proxy

4282

# verbs: [ "get", "list", "watch" ]

4283

4284

additionalServiceMonitors: []

4285

## Name of the ServiceMonitor to create

4286

4287

# - name: ""

4288

4289

## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from

4290

## the chart

4291

4292

# additionalLabels: {}

4293

4294

## Service label for use in assembling a job name of the form <label value>-<port>

4295

## If no label is specified, the service name is used.

4296

4297

# jobLabel: ""

4298

4299

## labels to transfer from the kubernetes service to the target

4300

4301

# targetLabels: []

4302

4303

## labels to transfer from the kubernetes pods to the target

4304

4305

# podTargetLabels: []

4306

4307

## Label selector for services to which this ServiceMonitor applies

4308

4309

# selector: {}

4310

## Example which selects all services to be monitored

4311

## with label "monitoredby" with values any of "example-service-1" or "example-service-2"

4312

# matchExpressions:

4313

# - key: "monitoredby"

4314

# operator: In

4315

# values:

4316

# - example-service-1

4317

# - example-service-2

4318

4319

## label selector for services

4320

4321

# matchLabels: {}

4322

4323

## Namespaces from which services are selected

4324

4325

# namespaceSelector:

4326

## Match any namespace

4327

4328

# any: false

4329

4330

## Explicit list of namespace names to select

4331

4332

# matchNames: []

4333

4334

## Endpoints of the selected service to be monitored

4335

4336

# endpoints: []

4337

## Name of the endpoint's service port

4338

## Mutually exclusive with targetPort

4339

# - port: ""

4340

4341

## Name or number of the endpoint's target port

4342

## Mutually exclusive with port

4343

# - targetPort: ""

4344

4345

## File containing bearer token to be used when scraping targets

4346

4347

# bearerTokenFile: ""

4348

4349

## Interval at which metrics should be scraped

4350

4351

# interval: 30s

4352

4353

## HTTP path to scrape for metrics

4354

4355

# path: /metrics

4356

4357

## HTTP scheme to use for scraping

4358

4359

# scheme: http

4360

4361

## TLS configuration to use when scraping the endpoint

4362

4363

# tlsConfig:

4364

4365

## Path to the CA file

4366

4367

# caFile: ""

4368

4369

## Path to client certificate file

4370

4371

# certFile: ""

4372

4373

## Skip certificate verification

4374

4375

# insecureSkipVerify: false

4376

4377

## Path to client key file

4378

4379

# keyFile: ""

4380

4381

## Server name used to verify host name

4382

4383

# serverName: ""

4384

4385

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

4386

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

4387

4388

# metricRelabelings: []

4389

# - action: keep

4390

4391

# sourceLabels: [__name__]

4392

4393

## RelabelConfigs to apply to samples before scraping

4394

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

4395

4396

# relabelings: []

4397

# - sourceLabels: [__meta_kubernetes_pod_node_name]

4398

# separator: ;

4399

# regex: ^(.*)$

4400

# targetLabel: nodename

4401

# replacement: $1

4402

# action: replace

4403

4404

## Fallback scrape protocol used by Prometheus for scraping metrics

4405

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol

4406

4407

# fallbackScrapeProtocol: ""

4408

4409

## Attaches node metadata to the discovered targets

4410

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata

4411

4412

# attachMetadata:

4413

# node: true

4414

additionalPodMonitors: []

4415

## Name of the PodMonitor to create

4416

4417

# - name: ""

4418

## Additional labels to set used for the PodMonitorSelector. Together with standard labels from

4419

## the chart

4420

4421

# additionalLabels: {}

4422

4423

## Pod label for use in assembling a job name of the form <label value>-<port>

4424

## If no label is specified, the pod endpoint name is used.

4425

4426

# jobLabel: ""

4427

4428

## Label selector for pods to which this PodMonitor applies

4429

4430

# selector: {}

4431

## Example which selects all Pods to be monitored

4432

## with label "monitoredby" with values any of "example-pod-1" or "example-pod-2"

4433

# matchExpressions:

4434

# - key: "monitoredby"

4435

# operator: In

4436

# values:

4437

# - example-pod-1

4438

# - example-pod-2

4439

4440

## label selector for pods

4441

4442

# matchLabels: {}

4443

4444

## PodTargetLabels transfers labels on the Kubernetes Pod onto the target.

4445

4446

# podTargetLabels: {}

4447

4448

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

4449

4450

# sampleLimit: 0

4451

4452

## Namespaces from which pods are selected

4453

4454

# namespaceSelector:

4455

## Match any namespace

4456

4457

# any: false

4458

4459

## Explicit list of namespace names to select

4460

4461

# matchNames: []

4462

4463

## Endpoints of the selected pods to be monitored

4464

## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmetricsendpoint

4465

4466

# podMetricsEndpoints: []

4467

4468

## Fallback scrape protocol used by Prometheus for scraping metrics

4469

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol

4470

4471

# fallbackScrapeProtocol: ""

4472

4473

## Attaches node metadata to the discovered targets

4474

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata

4475

4476

# attachMetadata:

4477

# node: true

4478

4479

## Configuration for thanosRuler

4480

## ref: https://thanos.io/tip/components/rule.md/

4481

4482

thanosRuler:

4483

## Deploy thanosRuler

4484

4485

enabled: false

4486

## Annotations for ThanosRuler

4487

4488

annotations: {}

4489

## Service account for ThanosRuler to use.

4490

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

4491

4492

serviceAccount:

4493

create: true

4494

4495

annotations: {}

4496

## Configure pod disruption budgets for ThanosRuler

4497

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget

4498

4499

podDisruptionBudget:

4500

enabled: false

4501

minAvailable: 1

4502

# maxUnavailable: ""

4503

unhealthyPodEvictionPolicy: AlwaysAllow

4504

ingress:

4505

enabled: false

4506

ingressClassName: ""

4507

annotations: {}

4508

labels: {}

4509

## Hosts must be provided if Ingress is enabled.

4510

4511

hosts: []

4512

# - thanosruler.domain.com

4513

4514

## Paths to use for ingress rules - one path should match the thanosruler.routePrefix

4515

4516

paths: []

4517

# - /

4518

4519

## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)

4520

## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types

4521

# pathType: ImplementationSpecific

4522

4523

## TLS configuration for ThanosRuler Ingress

4524

## Secret must be manually created in the namespace

4525

4526

tls: []

4527

# - secretName: thanosruler-general-tls

4528

# hosts:

4529

# - thanosruler.example.com

4530

# -- BETA: Configure the gateway routes for the chart here.

4531

# More routes can be added by adding a dictionary key like the 'main' route.

4532

# Be aware that this is an early beta of this feature,

4533

# kube-prometheus-stack does not guarantee this works and is subject to change.

4534

# Being BETA this can/will change in the future without notice, do not use unless you want to take that risk

4535

# [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)

4536

route:

4537

main:

4538

# -- Enables or disables the route

4539

enabled: false

4540

# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2

4541

apiVersion: gateway.networking.k8s.io/v1

4542

# -- Set the route kind

4543

# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute

4544

kind: HTTPRoute

4545

annotations: {}

4546

labels: {}

4547

hostnames: []

4548

# - my-filter.example.com

4549

parentRefs: []

4550

# - name: acme-gw

4551

4552

# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)

4553

## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.

4554

## matches, filters and additionalRules will be ignored if this is set to true. Be are

4555

httpsRedirect: false

4556

matches:

4557

- path:

4558

type: PathPrefix

4559

value: /

4560

## Filters define the filters that are applied to requests that match this rule.

4561

filters: []

4562

## Session persistence configuration for the route rule.

4563

sessionPersistence: {}

4564

# sessionName: route

4565

# type: Cookie

4566

# absoluteTimeout: 12h

4567

# cookieConfig:

4568

# lifetimeType: Permanent

4569

4570

## Additional custom rules that can be added to the route

4571

additionalRules: []

4572

## Configuration for ThanosRuler service

4573

4574

service:

4575

enabled: true

4576

annotations: {}

4577

labels: {}

4578

clusterIP: ""

4579

ipDualStack:

4580

enabled: false

4581

ipFamilies: ["IPv6", "IPv4"]

4582

ipFamilyPolicy: "PreferDualStack"

4583

## Port for ThanosRuler Service to listen on

4584

4585

port: 10902

4586

## To be used with a proxy extraContainer port

4587

4588

targetPort: 10902

4589

## Port to expose on each node

4590

## Only used if service.type is 'NodePort'

4591

4592

nodePort: 30905

4593

## List of IP addresses at which the Prometheus server service is available

4594

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips

4595

4596

4597

## Additional ports to open for ThanosRuler service

4598

additionalPorts: []

4599

externalIPs: []

4600

loadBalancerIP: ""

4601

loadBalancerSourceRanges: []

4602

## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints

4603

4604

externalTrafficPolicy: Cluster

4605

## Service type

4606

4607

type: ClusterIP

4608

## Configuration for creating a ServiceMonitor for the ThanosRuler service

4609

4610

serviceMonitor:

4611

## If true, create a serviceMonitor for thanosRuler

4612

4613

selfMonitor: true

4614

## Scrape interval. If not set, the Prometheus default scrape interval is used.

4615

4616

interval: ""

4617

## Additional labels

4618

4619

additionalLabels: {}

4620

## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.

4621

4622

sampleLimit: 0

4623

## TargetLimit defines a limit on the number of scraped targets that will be accepted.

4624

4625

targetLimit: 0

4626

## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

4627

4628

labelLimit: 0

4629

## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

4630

4631

labelNameLengthLimit: 0

4632

## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.

4633

4634

labelValueLengthLimit: 0

4635

## proxyUrl: URL of a proxy that should be used for scraping.

4636

4637

proxyUrl: ""

4638

## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.

4639

scheme: ""

4640

## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.

4641

## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig

4642

tlsConfig: {}

4643

bearerTokenFile:

4644

## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.

4645

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

4646

4647

metricRelabelings: []

4648

# - action: keep

4649

4650

# sourceLabels: [__name__]

4651

4652

## RelabelConfigs to apply to samples before scraping

4653

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig

4654

4655

relabelings: []

4656

# - sourceLabels: [__meta_kubernetes_pod_node_name]

4657

# separator: ;

4658

# regex: ^(.*)$

4659

# targetLabel: nodename

4660

# replacement: $1

4661

# action: replace

4662

4663

## Additional Endpoints

4664

4665

additionalEndpoints: []

4666

# - port: oauth-metrics

4667

# path: /metrics

4668

## Settings affecting thanosRulerpec

4669

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerspec

4670

4671

thanosRulerSpec:

4672

## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata

4673

## Metadata Labels and Annotations gets propagated to the ThanosRuler pods.

4674

4675

podMetadata: {}

4676

4677

serviceName:

4678

## Image of ThanosRuler

4679

4680

image:

4681

registry: cgr.dev

4682

repository: chainguard-private/thanos

4683

tag: latest

4684

sha: sha256:bf12d37a4a537580deb922d6eda6744cff0a374ac40efc77e559febc22191b49

4685

## Namespaces to be selected for PrometheusRules discovery.

4686

## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.

4687

## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#namespaceselector for usage

4688

4689

ruleNamespaceSelector: {}

4690

## If true, a nil or {} value for thanosRuler.thanosRulerSpec.ruleSelector will cause the

4691

## prometheus resource to be created with selectors based on values in the helm deployment,

4692

## which will also match the PrometheusRule resources created

4693

4694

ruleSelectorNilUsesHelmValues: true

4695

## PrometheusRules to be selected for target discovery.

4696

## If {}, select all PrometheusRules

4697

4698

ruleSelector: {}

4699

## Example which select all PrometheusRules resources

4700

## with label "prometheus" with values any of "example-rules" or "example-rules-2"

4701

# ruleSelector:

4702

# matchExpressions:

4703

# - key: prometheus

4704

# operator: In

4705

# values:

4706

# - example-rules

4707

# - example-rules-2

4708

4709

## Example which select all PrometheusRules resources with label "role" set to "example-rules"

4710

# ruleSelector:

4711

# matchLabels:

4712

# role: example-rules

4713

4714

## Define Log Format

4715

# Use logfmt (default) or json logging

4716

logFormat: logfmt

4717

## Log level for ThanosRuler to be configured with.

4718

4719

logLevel: info

4720

## Size is the expected size of the thanosRuler cluster. The controller will eventually make the size of the

4721

## running cluster equal to the expected size.

4722

replicas: 1

4723

## Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression

4724

## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).

4725

4726

retention: 24h

4727

## Interval between consecutive evaluations.

4728

4729

evaluationInterval: ""

4730

## Storage is the definition of how storage will be used by the ThanosRuler instances.

4731

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md

4732

4733

storage: {}

4734

# volumeClaimTemplate:

4735

# spec:

4736

# storageClassName: gluster

4737

# accessModes: ["ReadWriteOnce"]

4738

# resources:

4739

# requests:

4740

# storage: 50Gi

4741

# selector: {}

4742

4743

## AlertmanagerConfig define configuration for connecting to alertmanager.

4744

## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg.

4745

alertmanagersConfig:

4746

# use existing secret, if configured, alertmanagersConfig.secret will not be used

4747

existingSecret: {}

4748

# name: ""

4749

# key: ""

4750

# will render alertmanagersConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when alertmanagersConfig.existingSecret is set

4751

# https://thanos.io/tip/components/rule.md/#alertmanager

4752

secret: {}

4753

# alertmanagers:

4754

# - api_version: v2

4755

# http_config:

4756

# basic_auth:

4757

# username: some_user

4758

# password: some_pass

4759

# static_configs:

4760

# - alertmanager.thanos.io

4761

# scheme: http

4762

# timeout: 10s

4763

## DEPRECATED. Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, alertmanagersConfig should be used instead.

4764

## Note: this field will be ignored if alertmanagersConfig is specified. Maps to the alertmanagers.url Thanos Ruler arg.

4765

# alertmanagersUrl:

4766

4767

## The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. string false

4768

4769

externalPrefix:

4770

## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}

4771

## will be used as value for externalPrefix

4772

externalPrefixNilUsesHelmValues: true

4773

## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,

4774

## but the server serves requests under a different route prefix. For example for use with kubectl proxy.

4775

4776

routePrefix: /

4777

## ObjectStorageConfig configures object storage in Thanos

4778

objectStorageConfig:

4779

# use existing secret, if configured, objectStorageConfig.secret will not be used

4780

existingSecret: {}

4781

# name: ""

4782

# key: ""

4783

# will render objectStorageConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when objectStorageConfig.existingSecret is set

4784

# https://thanos.io/tip/thanos/storage.md/#s3

4785

secret: {}

4786

# type: S3

4787

# config:

4788

# bucket: ""

4789

# endpoint: ""

4790

# region: ""

4791

# access_key: ""

4792

# secret_key: ""

4793

## Labels by name to drop before sending to alertmanager

4794

## Maps to the --alert.label-drop flag of thanos ruler.

4795

alertDropLabels: []

4796

## QueryEndpoints defines Thanos querier endpoints from which to query metrics.

4797

## Maps to the --query flag of thanos ruler.

4798

queryEndpoints: []

4799

## Define configuration for connecting to thanos query instances. If this is defined, the queryEndpoints field will be ignored.

4800

## Maps to the query.config CLI argument. Only available with thanos v0.11.0 and higher.

4801

queryConfig:

4802

# use existing secret, if configured, queryConfig.secret will not be used

4803

existingSecret: {}

4804

# name: ""

4805

# key: ""

4806

# render queryConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when queryConfig.existingSecret is set

4807

# https://thanos.io/tip/components/rule.md/#query-api

4808

secret: {}

4809

# - http_config:

4810

# basic_auth:

4811

# username: some_user

4812

# password: some_pass

4813

# static_configs:

4814

# - URL

4815

# scheme: http

4816

# timeout: 10s

4817

## Labels configure the external label pairs to ThanosRuler. A default replica

4818

## label `thanos_ruler_replica` will be always added as a label with the value

4819

## of the pod's name and it will be dropped in the alerts.

4820

labels: {}

4821

## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.

4822

4823

paused: false

4824

## Allows setting additional arguments for the ThanosRuler container

4825

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosruler

4826

4827

additionalArgs: []

4828

# - name: remote-write.config

4829

# value: |-

4830

# "remote_write":

4831

# - "name": "receiver-0"

4832

# "remote_timeout": "30s"

4833

# "url": "http://thanos-receiver-0.thanos-receiver:8081/api/v1/receive"

4834

4835

## Define which Nodes the Pods are scheduled on.

4836

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

4837

4838

nodeSelector: {}

4839

## Define resources requests and limits for single Pods.

4840

## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

4841

4842

resources: {}

4843

# requests:

4844

# memory: 400Mi

4845

4846

## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.

4847

## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.

4848

## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.

4849

## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.

4850

4851

podAntiAffinity: "soft"

4852

## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.

4853

## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone

4854

4855

podAntiAffinityTopologyKey: kubernetes.io/hostname

4856

## Assign custom affinity rules to the thanosRuler instance

4857

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

4858

4859

affinity: {}

4860

# nodeAffinity:

4861

# requiredDuringSchedulingIgnoredDuringExecution:

4862

# nodeSelectorTerms:

4863

# - matchExpressions:

4864

# - key: kubernetes.io/e2e-az-name

4865

# operator: In

4866

# values:

4867

# - e2e-az1

4868

# - e2e-az2

4869

4870

## If specified, the pod's tolerations.

4871

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

4872

4873

tolerations: []

4874

# - key: "key"

4875

# operator: "Equal"

4876

# value: "value"

4877

# effect: "NoSchedule"

4878

4879

## If specified, the pod's topology spread constraints.

4880

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/

4881

4882

topologySpreadConstraints: []

4883

# - maxSkew: 1

4884

# topologyKey: topology.kubernetes.io/zone

4885

# whenUnsatisfiable: DoNotSchedule

4886

# labelSelector:

4887

# matchLabels:

4888

# app: thanos-ruler

4889

4890

## SecurityContext holds pod-level security attributes and common container settings.

4891

## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false

4892

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

4893

4894

securityContext:

4895

runAsGroup: 2000

4896

runAsNonRoot: true

4897

runAsUser: 1000

4898

fsGroup: 2000

4899

seccompProfile:

4900

type: RuntimeDefault

4901

## Use the host's user namespace for ThanosRuler pods.

4902

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

4903

hostUsers: ~

4904

## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP.

4905

## Note this is only for the ThanosRuler UI, not the gossip communication.

4906

4907

listenLocal: false

4908

## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an ThanosRuler pod.

4909

4910

containers: []

4911

## Additional environment variables to set on the ThanosRuler container.

4912

## This is rendered through the Prometheus Operator strategic merge patch.

4913

4914

extraEnv: []

4915

# - name: EXAMPLE

4916

# value: test

4917

4918

# Additional volumes on the output StatefulSet definition.

4919

volumes: []

4920

# Additional VolumeMounts on the output StatefulSet definition.

4921

volumeMounts: []

4922

## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes

4923

## (permissions, dir tree) on mounted volumes before starting prometheus

4924

initContainers: []

4925

## Priority class assigned to the Pods

4926

4927

priorityClassName: ""

4928

## PortName to use for ThanosRuler.

4929

4930

portName: "web"

4931

## Duration in seconds the pod needs to terminate gracefully.

4932

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination

4933

terminationGracePeriodSeconds: ~

4934

## WebTLSConfig defines the TLS parameters for HTTPS

4935

## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerwebspec

4936

web: {}

4937

## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.

4938

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

4939

podManagementPolicy: ""

4940

## Update strategy for the StatefulSet.

4941

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

4942

updateStrategy: {}

4943

# type: RollingUpdate

4944

# rollingUpdate:

4945

# maxUnavailable: 1

4946

4947

## Additional configuration which is not covered by the properties above. (passed through tpl)

4948

additionalConfig: {}

4949

## Additional configuration which is not covered by the properties above.

4950

## Useful, if you need advanced templating

4951

additionalConfigString: ""

4952

## ExtraSecret can be used to store various data in an extra secret

4953

## (use it for example to store hashed basic auth credentials)

4954

extraSecret:

4955

## if not set, name will be auto generated

4956

# name: ""

4957

annotations: {}

4958

data: {}

4959

# auth: |

4960

# foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0

4961

# someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.

4962

## Setting to true produces cleaner resource names, but requires a data migration because the name of the persistent volume changes. Therefore this should only be set once on initial installation.

4963

4964

cleanPrometheusOperatorObjectNames: false

4965

## Extra manifests to deploy. Can be of type dict or list.

4966

## If dict, keys are ignored and only values are used.

4967

## Items contained within extraObjects can be defined as dict or string and are passed through tpl.

4968

extraManifests: null

4969

# - apiVersion: v1

4970

# kind: ConfigMap

4971

# metadata:

4972

# labels:

4973

# name: prometheus-extra

4974

# data:

4975

# extra-data: "value"

4976

4977

# can also be defined as a string, useful for templating field names

4978

# - |

4979

# apiVersion: v1

4980

# kind: Secret

4981

# type: Opaque

4982

# metadata:

4983

# name: super-secret

4984

# labels:

4985

# {{- range $key, $value := .Values.commonLabels }}

4986

# {{ $key }}: {{ $value }}

4987

# {{- end }}

4988

# data:

4989

# plaintext: Zm9vYmFy

4990

# templated: '{{ print "foobar" | upper | b64enc }}'

4991

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

kube-prometheus-stack

The trusted source for open source

Product

Solutions

Customers

Resources

Company