DirectorySecurity AdvisoriesPricing
Sign in
Directory
kube-prometheus-stack logoHELM

kube-prometheus-stack

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:

1
# Default values for kube-prometheus-stack.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
## Provide a name in place of kube-prometheus-stack for `app:` labels
6
##
7
nameOverride: ""
8
## Override the deployment namespace
9
##
10
namespaceOverride: ""
11
## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6
12
##
13
kubeTargetVersionOverride: ""
14
## Allow kubeVersion to be overridden while creating the ingress
15
##
16
kubeVersionOverride: ""
17
## Provide a name to substitute for the full names of resources
18
##
19
fullnameOverride: ""
20
## Labels to apply to all resources
21
##
22
commonLabels: {}
23
# scmhash: abc123
24
# myLabel: aakkmd
25
26
## Install Prometheus Operator CRDs
27
##
28
crds:
29
enabled: true
30
## The CRD upgrade job mitigates the limitation of helm not being able to upgrade CRDs.
31
## The job will apply the CRDs to the cluster before the operator is deployed, using helm hooks.
32
## It deploys a corresponding clusterrole, clusterrolebinding and serviceaccount to apply the CRDs.
33
## This feature is in preview, off by default and may change in the future.
34
upgradeJob:
35
enabled: false
36
forceConflicts: false
37
image:
38
busybox:
39
registry: cgr.dev
40
repository: scratch-images/test-tmp/busybox
41
tag: glibc-1.37.0-r61@sha256:19f59085b5a760212ec01b00a67b16b4dc5f8e633e6cac6f72cc232de62e5f3c
42
sha: ""
43
pullPolicy: IfNotPresent
44
kubectl:
45
registry: cgr.dev
46
repository: scratch-images/test-tmp/kubectl
47
tag: 1.36.2-r1
48
sha: sha256:31b8e0d54fe3d9eef194cb082bbfc82e5595c428479ed68609cb38b46469605a
49
pullPolicy: IfNotPresent
50
env: {}
51
## Define resources requests and limits for single Pods.
52
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
53
##
54
resources: {}
55
## Additional volumes
56
##
57
extraVolumes: []
58
## Additional volume mounts
59
##
60
extraVolumeMounts: []
61
## Define which Nodes the Pods are scheduled on.
62
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
63
##
64
nodeSelector: {}
65
## Assign custom affinity rules to the upgrade-crd job
66
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
67
##
68
affinity: {}
69
# nodeAffinity:
70
# requiredDuringSchedulingIgnoredDuringExecution:
71
# nodeSelectorTerms:
72
# - matchExpressions:
73
# - key: kubernetes.io/e2e-az-name
74
# operator: In
75
# values:
76
# - e2e-az1
77
# - e2e-az2
78
79
## If specified, the pod's tolerations.
80
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
81
##
82
tolerations: []
83
# - key: "key"
84
# operator: "Equal"
85
# value: "value"
86
# effect: "NoSchedule"
87
88
## If specified, the pod's topology spread constraints.
89
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
90
##
91
topologySpreadConstraints: []
92
# - maxSkew: 1
93
# topologyKey: topology.kubernetes.io/zone
94
# whenUnsatisfiable: DoNotSchedule
95
# labelSelector:
96
# matchLabels:
97
# app: alertmanager
98
99
# ## Labels to add to the upgrade-crd job
100
# ##
101
labels: {}
102
## Annotations to add to the upgrade-crd job
103
##
104
annotations: {}
105
## Labels to add to the upgrade-crd pod
106
##
107
podLabels: {}
108
## Annotations to add to the upgrade-crd pod
109
##
110
podAnnotations: {}
111
## Service account for upgrade crd job to use.
112
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
113
##
114
serviceAccount:
115
create: true
116
name: ""
117
annotations: {}
118
labels: {}
119
automountServiceAccountToken: true
120
## Automounting API credentials for upgrade crd job pod.
121
##
122
automountServiceAccountToken: true
123
## Container-specific security context configuration
124
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
125
##
126
containerSecurityContext:
127
allowPrivilegeEscalation: false
128
readOnlyRootFilesystem: true
129
capabilities:
130
drop:
131
- ALL
132
## SecurityContext holds pod-level security attributes and common container settings.
133
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
134
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
135
##
136
podSecurityContext:
137
fsGroup: 65534
138
runAsGroup: 65534
139
runAsNonRoot: true
140
runAsUser: 65534
141
seccompProfile:
142
type: RuntimeDefault
143
## Custom rules to override "for" and "severity" in defaultRules
144
##
145
customRules: {}
146
# AlertmanagerFailedReload:
147
# for: 3m
148
# AlertmanagerMembersInconsistent:
149
# for: 5m
150
# severity: "warning"
151
152
## Create default rules for monitoring the cluster
153
##
154
defaultRules:
155
create: true
156
rules:
157
alertmanager: true
158
etcd: true
159
configReloaders: true
160
general: true
161
k8sContainerCpuUsageSecondsTotal: true
162
k8sContainerMemoryCache: true
163
k8sContainerMemoryRss: true
164
k8sContainerMemorySwap: true
165
k8sContainerResource: true
166
k8sContainerMemoryWorkingSetBytes: true
167
k8sPodOwner: true
168
kubeApiserverAvailability: true
169
kubeApiserverBurnrate: true
170
kubeApiserverHistogram: true
171
kubeApiserverSlos: true
172
kubeControllerManager: true
173
kubelet: true
174
kubeProxy: true
175
kubePrometheusGeneral: true
176
kubePrometheusNodeRecording: true
177
kubernetesApps: true
178
kubernetesResources: true
179
kubernetesStorage: true
180
kubernetesSystem: true
181
kubeSchedulerAlerting: true
182
kubeSchedulerRecording: true
183
kubeStateMetrics: true
184
network: true
185
node: true
186
nodeExporterAlerting: true
187
nodeExporterRecording: true
188
prometheus: true
189
prometheusOperator: true
190
windows: true
191
# Defines the operator for namespace selection in rules
192
# Use "=~" to include namespaces matching the pattern (default)
193
# Use "!~" to exclude namespaces matching the pattern
194
appNamespacesOperator: "=~"
195
## Reduce app namespace alert scope
196
appNamespacesTarget: ".*"
197
## Set keep_firing_for for all alerts
198
keepFiringFor: ""
199
## Labels for default rules
200
labels: {}
201
## Annotations for default rules
202
annotations: {}
203
## Additional labels for PrometheusRule alerts
204
additionalRuleLabels: {}
205
## Additional annotations for specific PrometheusRule alerts by alert name
206
additionalRuleAnnotations: {}
207
## Additional labels for specific PrometheusRule alert groups
208
additionalRuleGroupLabels:
209
alertmanager: {}
210
etcd: {}
211
configReloaders: {}
212
general: {}
213
k8sContainerCpuUsageSecondsTotal: {}
214
k8sContainerMemoryCache: {}
215
k8sContainerMemoryRss: {}
216
k8sContainerMemorySwap: {}
217
k8sContainerResource: {}
218
k8sPodOwner: {}
219
kubeApiserverAvailability: {}
220
kubeApiserverBurnrate: {}
221
kubeApiserverHistogram: {}
222
kubeApiserverSlos: {}
223
kubeControllerManager: {}
224
kubelet: {}
225
kubeProxy: {}
226
kubePrometheusGeneral: {}
227
kubePrometheusNodeRecording: {}
228
kubernetesApps: {}
229
kubernetesResources: {}
230
kubernetesStorage: {}
231
kubernetesSystem: {}
232
kubeSchedulerAlerting: {}
233
kubeSchedulerRecording: {}
234
kubeStateMetrics: {}
235
network: {}
236
node: {}
237
nodeExporterAlerting: {}
238
nodeExporterRecording: {}
239
prometheus: {}
240
prometheusOperator: {}
241
## Additional annotations for specific PrometheusRule alert groups
242
additionalRuleGroupAnnotations:
243
alertmanager: {}
244
etcd: {}
245
configReloaders: {}
246
general: {}
247
k8sContainerCpuUsageSecondsTotal: {}
248
k8sContainerMemoryCache: {}
249
k8sContainerMemoryRss: {}
250
k8sContainerMemorySwap: {}
251
k8sContainerResource: {}
252
k8sPodOwner: {}
253
kubeApiserverAvailability: {}
254
kubeApiserverBurnrate: {}
255
kubeApiserverHistogram: {}
256
kubeApiserverSlos: {}
257
kubeControllerManager: {}
258
kubelet: {}
259
kubeProxy: {}
260
kubePrometheusGeneral: {}
261
kubePrometheusNodeRecording: {}
262
kubernetesApps: {}
263
kubernetesResources: {}
264
kubernetesStorage: {}
265
kubernetesSystem: {}
266
kubeSchedulerAlerting: {}
267
kubeSchedulerRecording: {}
268
kubeStateMetrics: {}
269
network: {}
270
node: {}
271
nodeExporterAlerting: {}
272
nodeExporterRecording: {}
273
prometheus: {}
274
prometheusOperator: {}
275
additionalAggregationLabels: []
276
## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules.
277
runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks"
278
## Thresholds for kubelet certificate expiration alerts (in seconds)
279
kubeletServerCertificateExpiration:
280
warning: 604800 # 7 days
281
critical: 86400 # 1 day
282
kubeletClientCertificateExpiration:
283
warning: 604800 # 7 days
284
critical: 86400 # 1 day
285
node:
286
fsSelector: 'fstype!=""'
287
# fsSelector: 'fstype=~"ext[234]|btrfs|xfs|zfs"'
288
## Disabled PrometheusRule alerts
289
disabled: {}
290
# KubeAPIDown: true
291
# NodeRAIDDegraded: true
292
## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster.
293
##
294
# additionalPrometheusRules: []
295
# - name: my-rule-file
296
# groups:
297
# - name: my_group
298
# rules:
299
# - record: my_record
300
# expr: 100 * my_record
301
302
## Provide custom recording or alerting rules to be deployed into the cluster.
303
##
304
additionalPrometheusRulesMap: {}
305
# rule-name:
306
# groups:
307
# - name: my_group
308
# rules:
309
# - record: my_record
310
# expr: 100 * my_record
311
312
##
313
global:
314
rbac:
315
create: true
316
## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs
317
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
318
createAggregateClusterRoles: false
319
## Global image registry to use if it needs to be overridden for some specific use cases (e.g. local registries, custom images, ...)
320
##
321
imageRegistry: ""
322
## Reference to one or more secrets to be used when pulling images
323
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
324
##
325
imagePullSecrets: []
326
# - name: "image-pull-secret"
327
# or
328
# - "image-pull-secret"
329
windowsMonitoring:
330
## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter')
331
enabled: false
332
## Configuration for prometheus-windows-exporter
333
## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter
334
##
335
prometheus-windows-exporter:
336
## Enable ServiceMonitor and set Kubernetes label to use as a job label
337
##
338
prometheus:
339
monitor:
340
enabled: true
341
jobLabel: jobLabel
342
releaseLabel: true
343
## Set job label to 'windows-exporter' as required by the default Prometheus rules and Grafana dashboards
344
##
345
podLabels:
346
jobLabel: windows-exporter
347
## Enable memory and container metrics as required by the default Prometheus rules and Grafana dashboards
348
##
349
config: |-
350
collectors:
351
enabled: '[defaults],memory,container'
352
## Configuration for alertmanager
353
## ref: https://prometheus.io/docs/alerting/alertmanager/
354
##
355
alertmanager:
356
## Deploy alertmanager
357
##
358
enabled: true
359
# Optional: Override the namespace where Alertmanager will be deployed.
360
namespaceOverride: ""
361
## Annotations for Alertmanager
362
##
363
annotations: {}
364
## Additional labels for Alertmanager
365
##
366
additionalLabels: {}
367
## API that Prometheus will use to communicate with alertmanager. Possible values are v1, v2
368
##
369
apiVersion: v2
370
## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features.
371
##
372
enableFeatures: []
373
## Create dashboard configmap even if alertmanager deployment has been disabled
374
##
375
forceDeployDashboards: false
376
## Network Policy configuration
377
##
378
networkPolicy:
379
# -- Enable network policy for Alertmanager
380
enabled: false
381
# -- Define policy types. If egress is enabled, both Ingress and Egress will be used
382
# Valid values are ["Ingress"] or ["Ingress", "Egress"]
383
##
384
policyTypes:
385
- Ingress
386
# -- Gateway (formerly ingress controller) configuration
387
##
388
gateway:
389
# -- Gateway namespace
390
##
391
namespace: ""
392
# -- Gateway pod labels
393
##
394
podLabels: {}
395
# app.kubernetes.io/name: ingress-nginx
396
# -- Additional custom ingress rules
397
##
398
additionalIngress: []
399
# - from:
400
# - namespaceSelector:
401
# matchLabels:
402
# name: another-namespace
403
# podSelector:
404
# matchLabels:
405
# app: another-app
406
# - from:
407
# - podSelector:
408
# matchLabels:
409
# app.kubernetes.io/name: loki
410
# ports:
411
# - port: 9093
412
# protocol: TCP
413
414
# -- Configure egress rules
415
##
416
egress:
417
# -- Enable egress rules. When enabled, policyTypes will include Egress
418
##
419
enabled: false
420
# -- Custom egress rules
421
##
422
rules: []
423
# - to:
424
# - namespaceSelector: {}
425
# podSelector:
426
# matchLabels:
427
# name: smtp-relay
428
# ports:
429
# - port: 25
430
# protocol: TCP
431
# -- Enable rules for alertmanager cluster traffic
432
##
433
enableClusterRules: true
434
# -- Configure monitoring component rules
435
##
436
monitoringRules:
437
# -- Enable ingress from Prometheus
438
##
439
prometheus: true
440
# -- Enable ingress for config reloader metrics
441
##
442
configReloader: true
443
## Service account for Alertmanager to use.
444
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
445
##
446
serviceAccount:
447
create: true
448
name: ""
449
annotations: {}
450
automountServiceAccountToken: true
451
## Configure pod disruption budgets for Alertmanager
452
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
453
##
454
podDisruptionBudget:
455
enabled: false
456
minAvailable: 1
457
# maxUnavailable: ""
458
unhealthyPodEvictionPolicy: AlwaysAllow
459
## Enable vertical pod autoscaler support for Alertmanager
460
## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
461
##
462
verticalPodAutoscaler:
463
enabled: false
464
# Recommender responsible for generating recommendation for the object.
465
# List should be empty (then the default recommender will generate the recommendation)
466
# or contain exactly one recommender.
467
# recommenders:
468
# - name: custom-recommender-performance
469
470
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
471
controlledResources: []
472
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
473
# controlledValues: RequestsAndLimits
474
475
# Define the max allowed resources for the pod
476
maxAllowed: {}
477
# cpu: 200m
478
# memory: 100Mi
479
# Define the min allowed resources for the pod
480
minAllowed: {}
481
# cpu: 200m
482
# memory: 100Mi
483
484
updatePolicy:
485
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
486
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".
487
updateMode: Recreate
488
## Alertmanager configuration directives
489
## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
490
## https://prometheus.io/webtools/alerting/routing-tree-editor/
491
##
492
config:
493
global:
494
resolve_timeout: 5m
495
inhibit_rules:
496
- source_matchers:
497
- 'severity = critical'
498
target_matchers:
499
- 'severity =~ warning|info'
500
equal:
501
- 'namespace'
502
- 'alertname'
503
- source_matchers:
504
- 'severity = warning'
505
target_matchers:
506
- 'severity = info'
507
equal:
508
- 'namespace'
509
- 'alertname'
510
- source_matchers:
511
- 'alertname = InfoInhibitor'
512
target_matchers:
513
- 'severity = info'
514
equal:
515
- 'namespace'
516
- target_matchers:
517
- 'alertname = InfoInhibitor'
518
route:
519
group_by: ['namespace']
520
group_wait: 30s
521
group_interval: 5m
522
repeat_interval: 12h
523
receiver: 'null'
524
routes:
525
- receiver: 'null'
526
matchers:
527
- alertname = "Watchdog"
528
receivers:
529
- name: 'null'
530
templates:
531
- '/etc/alertmanager/config/*.tmpl'
532
## Alertmanager configuration directives (as string type, preferred over the config hash map)
533
## stringConfig will be used only if tplConfig is true
534
## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
535
## https://prometheus.io/webtools/alerting/routing-tree-editor/
536
##
537
stringConfig: ""
538
## Pass the Alertmanager configuration directives through Helm's templating
539
## engine. If the Alertmanager configuration contains Alertmanager templates,
540
## they'll need to be properly escaped so that they are not interpreted by
541
## Helm
542
## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
543
## https://prometheus.io/docs/alerting/configuration/#tmpl_string
544
## https://prometheus.io/docs/alerting/notifications/
545
## https://prometheus.io/docs/alerting/notification_examples/
546
tplConfig: false
547
## Alertmanager template files to format alerts
548
## By default, templateFiles are placed in /etc/alertmanager/config/ and if
549
## they have a .tmpl file suffix will be loaded. See config.templates above
550
## to change, add other suffixes. If adding other suffixes, be sure to update
551
## config.templates above to include those suffixes.
552
## ref: https://prometheus.io/docs/alerting/notifications/
553
## https://prometheus.io/docs/alerting/notification_examples/
554
##
555
templateFiles: {}
556
#
557
## An example template:
558
# template_1.tmpl: |-
559
# {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}
560
#
561
# {{ define "slack.myorg.text" }}
562
# {{- $root := . -}}
563
# {{ range .Alerts }}
564
# *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
565
# *Cluster:* {{ template "cluster" $root }}
566
# *Description:* {{ .Annotations.description }}
567
# *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
568
# *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
569
# *Details:*
570
# {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`
571
# {{ end }}
572
# {{ end }}
573
# {{ end }}
574
575
ingress:
576
enabled: false
577
ingressClassName: ""
578
annotations: {}
579
labels: {}
580
## Override ingress to a different defined port on the service
581
# servicePort: 8081
582
## Override ingress to a different service then the default, this is useful if you need to
583
## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0)
584
# serviceName: kube-prometheus-stack-alertmanager-0
585
586
## Hosts must be provided if Ingress is enabled.
587
##
588
hosts: []
589
# - alertmanager.domain.com
590
591
## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix
592
##
593
paths: []
594
# - /
595
596
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
597
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
598
# pathType: ImplementationSpecific
599
600
## TLS configuration for Alertmanager Ingress
601
## Secret must be manually created in the namespace
602
##
603
tls: []
604
# - secretName: alertmanager-general-tls
605
# hosts:
606
# - alertmanager.example.com
607
# -- BETA: Configure the gateway routes for the chart here.
608
# More routes can be added by adding a dictionary key like the 'main' route.
609
# Be aware that this is an early beta of this feature,
610
# kube-prometheus-stack does not guarantee this works and is subject to change.
611
# Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
612
# [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)
613
route:
614
main:
615
# -- Enables or disables the route
616
enabled: false
617
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
618
apiVersion: gateway.networking.k8s.io/v1
619
# -- Set the route kind
620
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
621
kind: HTTPRoute
622
annotations: {}
623
labels: {}
624
hostnames: []
625
# - my-filter.example.com
626
parentRefs: []
627
# - name: acme-gw
628
629
# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
630
## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
631
## matches, filters and additionalRules will be ignored if this is set to true. Be are
632
httpsRedirect: false
633
matches:
634
- path:
635
type: PathPrefix
636
value: /
637
## Filters define the filters that are applied to requests that match this rule.
638
filters: []
639
## Session persistence configuration for the route rule.
640
sessionPersistence: {}
641
# sessionName: route
642
# type: Cookie
643
# absoluteTimeout: 12h
644
# cookieConfig:
645
# lifetimeType: Permanent
646
647
## Additional custom rules that can be added to the route
648
additionalRules: []
649
## Configuration for Alertmanager secret
650
##
651
secret:
652
annotations: {}
653
## Configuration for creating an Ingress that will map to each Alertmanager replica service
654
## alertmanager.servicePerReplica must be enabled
655
##
656
ingressPerReplica:
657
enabled: false
658
ingressClassName: ""
659
annotations: {}
660
labels: {}
661
## Final form of the hostname for each per replica ingress is
662
## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
663
##
664
## Prefix for the per replica ingress that will have `-$replicaNumber`
665
## appended to the end
666
hostPrefix: ""
667
## Domain that will be used for the per replica ingress
668
hostDomain: ""
669
## Paths to use for ingress rules
670
##
671
paths: []
672
# - /
673
674
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
675
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
676
# pathType: ImplementationSpecific
677
678
## Secret name containing the TLS certificate for alertmanager per replica ingress
679
## Secret must be manually created in the namespace
680
tlsSecretName: ""
681
## Separated secret for each per replica Ingress. Can be used together with cert-manager
682
##
683
tlsSecretPerReplica:
684
enabled: false
685
## Final form of the secret for each per replica ingress is
686
## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
687
##
688
prefix: "alertmanager"
689
## Configuration for creating a Gateway API route that will map to each Alertmanager replica service
690
## alertmanager.servicePerReplica must be enabled
691
##
692
routePerReplica:
693
main:
694
# -- Enables or disables the routePerReplica
695
enabled: false
696
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
697
apiVersion: gateway.networking.k8s.io/v1
698
# -- Set the route kind
699
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
700
kind: HTTPRoute
701
annotations: {}
702
labels: {}
703
## Final form of the hostname for each per replica route is
704
## {{ routePerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ routePerReplica.hostDomain }}
705
##
706
## Prefix for the per replica route that will have `-$replicaNumber` appended to the end
707
hostPrefix: ""
708
## Domain that will be used for the per replica route
709
hostDomain: ""
710
parentRefs: []
711
# - name: acme-gw
712
713
# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
714
## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
715
## matches, filters and additionalRules will be ignored if this is set to true.
716
httpsRedirect: false
717
## Filters define the filters that are applied to requests that match this rule.
718
filters: []
719
matches:
720
- path:
721
type: PathPrefix
722
value: /
723
## Session persistence configuration for the route rule.
724
sessionPersistence: {}
725
# sessionName: route
726
# type: Cookie
727
# absoluteTimeout: 12h
728
# cookieConfig:
729
# lifetimeType: Permanent
730
731
## Additional custom rules that can be added to the route
732
additionalRules: []
733
## Configuration for Alertmanager service
734
##
735
service:
736
enabled: true
737
annotations: {}
738
labels: {}
739
clusterIP: ""
740
ipDualStack:
741
enabled: false
742
ipFamilies: ["IPv6", "IPv4"]
743
ipFamilyPolicy: "PreferDualStack"
744
## Port for Alertmanager Service to listen on
745
##
746
port: 9093
747
## Port for Alertmanager cluster communication
748
##
749
# clusterPort: 9094
750
## To be used with a proxy extraContainer port
751
##
752
targetPort: 9093
753
## Port to expose on each node
754
## Only used if service.type is 'NodePort'
755
##
756
nodePort: 30903
757
## List of IP addresses at which the Prometheus server service is available
758
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
759
##
760
761
## Additional ports to open for Alertmanager service
762
##
763
additionalPorts: []
764
# - name: oauth-proxy
765
# port: 8081
766
# targetPort: 8081
767
# - name: oauth-metrics
768
# port: 8082
769
# targetPort: 8082
770
771
externalIPs: []
772
loadBalancerIP: ""
773
loadBalancerSourceRanges: []
774
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
775
##
776
externalTrafficPolicy: Cluster
777
## If you want to make sure that connections from a particular client are passed to the same Pod each time
778
## Accepts 'ClientIP' or 'None'
779
##
780
sessionAffinity: None
781
## If you want to modify the ClientIP sessionAffinity timeout
782
## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP"
783
##
784
sessionAffinityConfig:
785
clientIP:
786
timeoutSeconds: 10800
787
## Service type
788
##
789
type: ClusterIP
790
## Configuration for creating a separate Service for each statefulset Alertmanager replica
791
##
792
servicePerReplica:
793
enabled: false
794
annotations: {}
795
## Port for Alertmanager Service per replica to listen on
796
##
797
port: 9093
798
## To be used with a proxy extraContainer port
799
targetPort: 9093
800
## Port to expose on each node
801
## Only used if servicePerReplica.type is 'NodePort'
802
##
803
nodePort: 30904
804
## Loadbalancer source IP ranges
805
## Only used if servicePerReplica.type is "LoadBalancer"
806
loadBalancerSourceRanges: []
807
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
808
##
809
externalTrafficPolicy: Cluster
810
## Service type
811
##
812
type: ClusterIP
813
## Configuration for creating a ServiceMonitor for AlertManager
814
##
815
serviceMonitor:
816
## If true, a ServiceMonitor will be created for the AlertManager service.
817
##
818
selfMonitor: true
819
## Scrape interval. If not set, the Prometheus default scrape interval is used.
820
##
821
interval: ""
822
## Additional labels
823
##
824
additionalLabels: {}
825
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
826
##
827
sampleLimit: 0
828
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
829
##
830
targetLimit: 0
831
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
832
##
833
labelLimit: 0
834
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
835
##
836
labelNameLengthLimit: 0
837
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
838
##
839
labelValueLengthLimit: 0
840
## proxyUrl: URL of a proxy that should be used for scraping.
841
##
842
proxyUrl: ""
843
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
844
scheme: ""
845
## enableHttp2: Whether to enable HTTP2.
846
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#endpoint
847
enableHttp2: true
848
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
849
## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
850
tlsConfig: {}
851
bearerTokenFile:
852
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
853
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
854
##
855
metricRelabelings: []
856
# - action: keep
857
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
858
# sourceLabels: [__name__]
859
860
## RelabelConfigs to apply to samples before scraping
861
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
862
##
863
relabelings: []
864
# - sourceLabels: [__meta_kubernetes_pod_node_name]
865
# separator: ;
866
# regex: ^(.*)$
867
# targetLabel: nodename
868
# replacement: $1
869
# action: replace
870
871
## Additional Endpoints
872
##
873
additionalEndpoints: []
874
# - port: oauth-metrics
875
# path: /metrics
876
## Settings affecting alertmanagerSpec
877
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerspec
878
##
879
alertmanagerSpec:
880
## Statefulset's persistent volume claim retention policy
881
## whenDeleted and whenScaled determine whether
882
## statefulset's PVCs are deleted (true) or retained (false)
883
## on scaling down and deleting statefulset, respectively.
884
## Requires Kubernetes version 1.27.0+.
885
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
886
persistentVolumeClaimRetentionPolicy: {}
887
# whenDeleted: Retain
888
# whenScaled: Retain
889
890
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
891
## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
892
##
893
podMetadata: {}
894
##
895
serviceName:
896
## Image of Alertmanager
897
##
898
image:
899
registry: cgr.dev
900
repository: scratch-images/test-tmp/prometheus-alertmanager
901
tag: 0.33.1-r2
902
sha: sha256:6d3c29114ffd83c091743e460db3dbeaec1fdc3060e3cf80a41cdaf3cfc50537
903
pullPolicy: IfNotPresent
904
## If true then the user will be responsible to provide a secret with alertmanager configuration
905
## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used
906
##
907
useExistingSecret: false
908
## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the
909
## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
910
##
911
secrets: []
912
## If false then the user will opt out of automounting API credentials.
913
##
914
automountServiceAccountToken: true
915
## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.
916
## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
917
##
918
configMaps: []
919
## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for
920
## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config.
921
##
922
# configSecret:
923
924
## WebTLSConfig defines the TLS parameters for HTTPS
925
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerwebspec
926
web: {}
927
## AlertmanagerConfigs to be selected to merge and configure Alertmanager with.
928
##
929
alertmanagerConfigSelector: {}
930
## Example which selects all alertmanagerConfig resources
931
## with label "alertconfig" with values any of "example-config" or "example-config-2"
932
# alertmanagerConfigSelector:
933
# matchExpressions:
934
# - key: alertconfig
935
# operator: In
936
# values:
937
# - example-config
938
# - example-config-2
939
#
940
## Example which selects all alertmanagerConfig resources with label "role" set to "example-config"
941
# alertmanagerConfigSelector:
942
# matchLabels:
943
# role: example-config
944
945
## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.
946
##
947
alertmanagerConfigNamespaceSelector: {}
948
## Example which selects all namespaces
949
## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2"
950
# alertmanagerConfigNamespaceSelector:
951
# matchExpressions:
952
# - key: alertmanagerconfig
953
# operator: In
954
# values:
955
# - example-namespace
956
# - example-namespace-2
957
958
## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled"
959
# alertmanagerConfigNamespaceSelector:
960
# matchLabels:
961
# alertmanagerconfig: enabled
962
963
## AlermanagerConfig to be used as top level configuration
964
##
965
alertmanagerConfiguration: {}
966
## Example with select a global alertmanagerconfig
967
# alertmanagerConfiguration:
968
# name: global-alertmanager-Configuration
969
970
## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg:
971
##
972
alertmanagerConfigMatcherStrategy: {}
973
## Example with use OnNamespace strategy
974
# alertmanagerConfigMatcherStrategy:
975
# type: OnNamespace
976
977
## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart)
978
additionalArgs: []
979
## Define Log Format
980
# Use logfmt (default) or json logging
981
logFormat: logfmt
982
## Log level for Alertmanager to be configured with.
983
##
984
logLevel: info
985
## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the
986
## running cluster equal to the expected size.
987
replicas: 1
988
## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression
989
## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
990
##
991
retention: 120h
992
## Storage is the definition of how storage will be used by the Alertmanager instances.
993
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md
994
##
995
storage: {}
996
# volumeClaimTemplate:
997
# spec:
998
# storageClassName: gluster
999
# accessModes: ["ReadWriteOnce"]
1000
# resources:
1001
# requests:
1002
# storage: 50Gi
1003
# selector: {}
1004
1005
## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false
1006
##
1007
externalUrl:
1008
## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
1009
## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
1010
##
1011
routePrefix: /
1012
## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS.
1013
scheme: ""
1014
## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS.
1015
## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
1016
tlsConfig: {}
1017
## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
1018
##
1019
paused: false
1020
## Define which Nodes the Pods are scheduled on.
1021
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
1022
##
1023
nodeSelector: {}
1024
## Define resources requests and limits for single Pods.
1025
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
1026
##
1027
resources: {}
1028
# requests:
1029
# memory: 400Mi
1030
1031
## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
1032
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
1033
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
1034
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
1035
##
1036
podAntiAffinity: "soft"
1037
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
1038
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
1039
##
1040
podAntiAffinityTopologyKey: kubernetes.io/hostname
1041
## Assign custom affinity rules to the alertmanager instance
1042
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1043
##
1044
affinity: {}
1045
# nodeAffinity:
1046
# requiredDuringSchedulingIgnoredDuringExecution:
1047
# nodeSelectorTerms:
1048
# - matchExpressions:
1049
# - key: kubernetes.io/e2e-az-name
1050
# operator: In
1051
# values:
1052
# - e2e-az1
1053
# - e2e-az2
1054
1055
## If specified, the pod's tolerations.
1056
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
1057
##
1058
tolerations: []
1059
# - key: "key"
1060
# operator: "Equal"
1061
# value: "value"
1062
# effect: "NoSchedule"
1063
1064
## If specified, the pod's topology spread constraints.
1065
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1066
##
1067
topologySpreadConstraints: []
1068
# - maxSkew: 1
1069
# topologyKey: topology.kubernetes.io/zone
1070
# whenUnsatisfiable: DoNotSchedule
1071
# labelSelector:
1072
# matchLabels:
1073
# app: alertmanager
1074
1075
## SecurityContext holds pod-level security attributes and common container settings.
1076
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
1077
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1078
##
1079
securityContext:
1080
runAsGroup: 2000
1081
runAsNonRoot: true
1082
runAsUser: 1000
1083
fsGroup: 2000
1084
seccompProfile:
1085
type: RuntimeDefault
1086
## Use the host's user namespace for Alertmanager pods.
1087
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
1088
hostUsers: ~
1089
## DNS configuration for Alertmanager.
1090
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig
1091
dnsConfig: {}
1092
## DNS policy for Alertmanager.
1093
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias
1094
dnsPolicy: ""
1095
## Enable hostNetwork for Alertmanager.
1096
hostNetwork: false
1097
## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.
1098
## Note this is only for the Alertmanager UI, not the gossip communication.
1099
##
1100
listenLocal: false
1101
## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.
1102
##
1103
containers: []
1104
# containers:
1105
# - name: oauth-proxy
1106
# image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
1107
# args:
1108
# - --upstream=http://127.0.0.1:9093
1109
# - --http-address=0.0.0.0:8081
1110
# - --metrics-address=0.0.0.0:8082
1111
# - ...
1112
# ports:
1113
# - containerPort: 8081
1114
# name: oauth-proxy
1115
# protocol: TCP
1116
# - containerPort: 8082
1117
# name: oauth-metrics
1118
# protocol: TCP
1119
# resources: {}
1120
1121
# Additional volumes on the output StatefulSet definition.
1122
volumes: []
1123
# Additional VolumeMounts on the output StatefulSet definition.
1124
volumeMounts: []
1125
## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
1126
## (permissions, dir tree) on mounted volumes before starting prometheus
1127
initContainers: []
1128
## Priority class assigned to the Pods
1129
##
1130
priorityClassName: ""
1131
## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
1132
##
1133
additionalPeers: []
1134
## PortName to use for Alert Manager.
1135
##
1136
portName: "http-web"
1137
## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918
1138
##
1139
clusterAdvertiseAddress: false
1140
## clusterGossipInterval determines interval between gossip attempts.
1141
## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)
1142
clusterGossipInterval: ""
1143
## clusterPeerTimeout determines timeout for cluster peering.
1144
## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)
1145
clusterPeerTimeout: ""
1146
## clusterPushpullInterval determines interval between pushpull attempts.
1147
## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)
1148
clusterPushpullInterval: ""
1149
## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster.
1150
clusterLabel: ""
1151
## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.
1152
## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.
1153
forceEnableClusterMode: false
1154
## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
1155
## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
1156
minReadySeconds: 0
1157
## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.
1158
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1159
podManagementPolicy: ""
1160
## Update strategy for the StatefulSet.
1161
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1162
updateStrategy: {}
1163
# type: RollingUpdate
1164
# rollingUpdate:
1165
# maxUnavailable: 1
1166
1167
## Duration in seconds the pod needs to terminate gracefully.
1168
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
1169
terminationGracePeriodSeconds: ~
1170
## EnableServiceLinks indicates whether information about services should be injected into the
1171
## pod's environment variables. Uses the operator/Kubernetes default when left unset (~).
1172
enableServiceLinks: ~
1173
## Set the scheduler name to use for the Alertmanager pods.
1174
schedulerName: ""
1175
## Pods' hostAliases configuration
1176
## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1177
hostAliases: []
1178
# - ip: 10.10.0.100
1179
# hostnames:
1180
# - a1.app.local
1181
1182
## Limits defines the Alertmanager limits command line flags. Requires Alertmanager >= v0.28.0.
1183
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AlertmanagerLimitsSpec
1184
limits: {}
1185
# maxSilences: 1000
1186
# maxPerSilenceBytes: 1MB
1187
1188
## ClusterTLS defines the mutual TLS configuration for the Alertmanager cluster's gossip protocol.
1189
## Requires Alertmanager >= v0.24.0.
1190
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ClusterTLSConfig
1191
clusterTLS: {}
1192
## Additional configuration which is not covered by the properties above. (passed through tpl)
1193
additionalConfig: {}
1194
## Additional configuration which is not covered by the properties above.
1195
## Useful, if you need advanced templating inside alertmanagerSpec.
1196
## Otherwise, use alertmanager.alertmanagerSpec.additionalConfig (passed through tpl)
1197
additionalConfigString: ""
1198
## ExtraSecret can be used to store various data in an extra secret
1199
## (use it for example to store hashed basic auth credentials)
1200
extraSecret:
1201
## if not set, name will be auto generated
1202
# name: ""
1203
annotations: {}
1204
data: {}
1205
# auth: |
1206
# foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
1207
# someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
1208
## Using default values from https://github.com/grafana-community/helm-charts/blob/main/charts/grafana/values.yaml
1209
##
1210
grafana:
1211
enabled: true
1212
namespaceOverride: ""
1213
## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
1214
##
1215
forceDeployDatasources: false
1216
## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled
1217
##
1218
forceDeployDashboards: false
1219
## Deploy default dashboards
1220
##
1221
defaultDashboardsEnabled: true
1222
## Deploy GrafanaDashboard CRDs that reference dashboards from ConfigMaps when grafana-operator is used
1223
## These settings control how dashboards are integrated with the Grafana Operator
1224
## Note: End user still need to create is own kind: GrafanaDataSource for Prometheus
1225
## eg:
1226
## apiVersion: grafana.integreatly.org/v1beta1
1227
## kind: GrafanaDatasource
1228
## metadata:
1229
## name: prometheus
1230
## annotations: {}
1231
## spec:
1232
## allowCrossNamespaceImport: true
1233
## instanceSelector:
1234
## matchLabels:
1235
## app: grafana
1236
## datasource:
1237
## name: prometheus
1238
## type: prometheus
1239
## access: proxy
1240
## url: http://prometheus-operated.prometheus-stack.svc.cluster.local:9090
1241
## isDefault: true
1242
## jsonData:
1243
## "tlsSkipVerify": true
1244
## "timeInterval": "5s"
1245
##
1246
operator:
1247
## Enable references to ConfigMaps containing dashboards in GrafanaDashboard CRs
1248
## Set to true to allow dashboards to be loaded from ConfigMap references
1249
dashboardsConfigMapRefEnabled: false
1250
## Annotations for GrafanaDashboard Cr
1251
##
1252
annotations: {}
1253
## Labels that should be matched kind: Grafana instance
1254
## Example: { app: grafana, category: dashboard }
1255
##
1256
matchLabels: {}
1257
## How frequently the operator should resync resources (in duration format)
1258
## Controls how often dashboards are reconciled by the operator
1259
##
1260
resyncPeriod: 10m
1261
## Which folder contains all dashboards in Grafana
1262
## This folder will be created on the Root level
1263
## Only one of 'folder', 'folderUID' or 'folderRef' can be set
1264
##
1265
folder: General
1266
## Which UID of the target folder contains all dashboards in Grafana
1267
## This allows you to use subfolder hierarchy
1268
## Only one of 'folder', 'folderUID' or 'folderRef' can be set
1269
##
1270
folderUID: null
1271
## Which GrafanaFolder reference contains all dashboards in Grafana
1272
## This allows you to use subfolder hierarchy.
1273
## Only one of 'folder', 'folderUID' or 'folderRef' can be set
1274
##
1275
folderRef: null
1276
## Timezone for the default dashboards
1277
## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg
1278
##
1279
defaultDashboardsTimezone: utc
1280
## Editable flag for the default dashboards
1281
##
1282
defaultDashboardsEditable: true
1283
## Default interval for Grafana dashboards
1284
##
1285
defaultDashboardsInterval: 1m
1286
# Administrator credentials when not using an existing secret (see below)
1287
adminUser: admin
1288
# adminPassword: strongpassword
1289
1290
# Use an existing secret for the admin user.
1291
admin:
1292
## Name of the secret. Can be templated.
1293
existingSecret: ""
1294
userKey: admin-user
1295
passwordKey: admin-password
1296
rbac:
1297
## If true, Grafana PSPs will be created
1298
##
1299
pspEnabled: false
1300
ingress:
1301
## If true, Grafana Ingress will be created
1302
##
1303
enabled: false
1304
## IngressClassName for Grafana Ingress.
1305
## Should be provided if Ingress is enable.
1306
##
1307
# ingressClassName: nginx
1308
1309
## Annotations for Grafana Ingress
1310
##
1311
annotations: {}
1312
# kubernetes.io/ingress.class: nginx
1313
# kubernetes.io/tls-acme: "true"
1314
1315
## Labels to be added to the Ingress
1316
##
1317
labels: {}
1318
## Hostnames.
1319
## Must be provided if Ingress is enable.
1320
##
1321
# hosts:
1322
# - grafana.domain.com
1323
hosts: []
1324
## Path for grafana ingress
1325
path: /
1326
## TLS configuration for grafana Ingress
1327
## Secret must be manually created in the namespace
1328
##
1329
tls: []
1330
# - secretName: grafana-general-tls
1331
# hosts:
1332
# - grafana.example.com
1333
# # To make Grafana persistent (Using Statefulset)
1334
# #
1335
# persistence:
1336
# enabled: true
1337
# type: sts
1338
# storageClassName: "storageClassName"
1339
# accessModes:
1340
# - ReadWriteOnce
1341
# size: 20Gi
1342
# finalizers:
1343
# - kubernetes.io/pvc-protection
1344
serviceAccount:
1345
create: true
1346
autoMount: true
1347
sidecar:
1348
dashboards:
1349
enabled: true
1350
label: grafana_dashboard
1351
labelValue: "1"
1352
# Allow discovery in all namespaces for dashboards
1353
searchNamespace: ALL
1354
# Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels
1355
enableNewTablePanelSyntax: false
1356
## Annotations for Grafana dashboard configmaps
1357
##
1358
annotations: {}
1359
multicluster:
1360
global:
1361
enabled: false
1362
etcd:
1363
enabled: false
1364
provider:
1365
allowUiUpdates: false
1366
datasources:
1367
enabled: true
1368
defaultDatasourceEnabled: true
1369
isDefaultDatasource: true
1370
name: Prometheus
1371
uid: prometheus
1372
## Extra jsonData properties to add to the datasource
1373
# extraJsonData:
1374
# prometheusType: Prometheus
1375
1376
## URL of prometheus datasource
1377
##
1378
# url: http://prometheus-stack-prometheus:9090/
1379
1380
## Prometheus request timeout in seconds
1381
# timeout: 30
1382
1383
## Query parameters to add, as a URL-encoded string,
1384
## to query Prometheus
1385
# customQueryParameters: ""
1386
1387
# If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
1388
# defaultDatasourceScrapeInterval: 15s
1389
1390
## Annotations for Grafana datasource configmaps
1391
##
1392
annotations: {}
1393
## Set method for HTTP to send query to datasource
1394
httpMethod: POST
1395
## Create datasource for each Pod of Prometheus StatefulSet;
1396
## this uses by default the headless service `prometheus-operated` which is
1397
## created by Prometheus Operator. In case you deployed your own Service for your
1398
## Prometheus instance, you can specify it with the field `prometheusServiceName`
1399
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286
1400
createPrometheusReplicasDatasources: false
1401
prometheusServiceName: prometheus-operated
1402
label: grafana_datasource
1403
labelValue: "1"
1404
## Field with internal link pointing to existing data source in Grafana.
1405
## Can be provisioned via additionalDataSources
1406
exemplarTraceIdDestinations: {}
1407
# datasourceUid: Jaeger
1408
# traceIdLabelName: trace_id
1409
# urlDisplayLabel: View traces
1410
alertmanager:
1411
enabled: true
1412
name: Alertmanager
1413
uid: alertmanager
1414
handleGrafanaManagedAlerts: false
1415
implementation: prometheus
1416
extraConfigmapMounts: []
1417
# - name: certs-configmap
1418
# mountPath: /etc/grafana/ssl/
1419
# configMap: certs-configmap
1420
# readOnly: true
1421
1422
deleteDatasources: []
1423
# - name: example-datasource
1424
# orgId: 1
1425
1426
## Configure additional grafana datasources (passed through tpl)
1427
## ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources
1428
additionalDataSources: []
1429
# - name: prometheus-sample
1430
# access: proxy
1431
# basicAuth: true
1432
# secureJsonData:
1433
# basicAuthPassword: pass
1434
# basicAuthUser: daco
1435
# editable: false
1436
# jsonData:
1437
# tlsSkipVerify: true
1438
# orgId: 1
1439
# type: prometheus
1440
# url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090
1441
# version: 1
1442
1443
## Configure additional grafana datasources as a templated string (passed through tpl)
1444
## Useful when you need Helm flow control or templating inside the datasource definition
1445
additionalDataSourcesString: ""
1446
# Flag to mark provisioned data sources for deletion if they are no longer configured.
1447
# It takes no effect if data sources are already listed in the deleteDatasources section.
1448
# ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-configuration-file
1449
prune: false
1450
## Passed to grafana subchart and used by servicemonitor below
1451
##
1452
service:
1453
portName: http-web
1454
ipFamilies: []
1455
ipFamilyPolicy: ""
1456
serviceMonitor:
1457
# If true, a ServiceMonitor CRD is created for a prometheus operator
1458
# https://github.com/prometheus-operator/prometheus-operator
1459
#
1460
enabled: true
1461
# Path to use for scraping metrics. Might be different if server.root_url is set
1462
# in grafana.ini
1463
# path: /metrics
1464
1465
# namespace: monitoring (defaults to use the namespace this chart is deployed to)
1466
1467
# labels for the ServiceMonitor
1468
# labels: {}
1469
1470
# Extra scrape settings.
1471
# interval: ""
1472
# scheme: http
1473
# tlsConfig: {}
1474
# scrapeTimeout: 30s
1475
1476
## RelabelConfigs to apply to samples before scraping
1477
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1478
##
1479
# relabelings: []
1480
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1481
# separator: ;
1482
# regex: ^(.*)$
1483
# targetLabel: nodename
1484
# replacement: $1
1485
# action: replace
1486
## Flag to disable all the kubernetes component scrapers
1487
##
1488
kubernetesServiceMonitors:
1489
enabled: true
1490
## Component scraping the kube api server
1491
##
1492
kubeApiServer:
1493
enabled: true
1494
tlsConfig:
1495
serverName: kubernetes
1496
insecureSkipVerify: false
1497
serviceMonitor:
1498
enabled: true
1499
## Scrape interval. If not set, the Prometheus default scrape interval is used.
1500
##
1501
interval: ""
1502
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1503
##
1504
sampleLimit: 0
1505
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1506
##
1507
targetLimit: 0
1508
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1509
##
1510
labelLimit: 0
1511
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1512
##
1513
labelNameLengthLimit: 0
1514
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1515
##
1516
labelValueLengthLimit: 0
1517
## proxyUrl: URL of a proxy that should be used for scraping.
1518
##
1519
proxyUrl: ""
1520
jobLabel: component
1521
selector:
1522
matchLabels:
1523
component: apiserver
1524
provider: kubernetes
1525
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1526
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1527
##
1528
metricRelabelings:
1529
# Drop excessively noisy apiserver buckets.
1530
- action: drop
1531
regex: (etcd_request|apiserver_request_slo|apiserver_request_sli|apiserver_request)_duration_seconds_bucket;(0\.15|0\.2|0\.3|0\.35|0\.4|0\.45|0\.6|0\.7|0\.8|0\.9|1\.25|1\.5|1\.75|2|3|3\.5|4|4\.5|6|7|8|9|15|20|40|45|50)(\.0)?
1532
sourceLabels:
1533
- __name__
1534
- le
1535
# - action: keep
1536
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
1537
# sourceLabels: [__name__]
1538
1539
## RelabelConfigs to apply to samples before scraping
1540
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1541
##
1542
relabelings: []
1543
# - sourceLabels:
1544
# - __meta_kubernetes_namespace
1545
# - __meta_kubernetes_service_name
1546
# - __meta_kubernetes_endpoint_port_name
1547
# action: keep
1548
# regex: default;kubernetes;https
1549
# - targetLabel: __address__
1550
# replacement: kubernetes.default.svc:443
1551
1552
## Additional labels
1553
##
1554
additionalLabels: {}
1555
# foo: bar
1556
1557
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1558
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1559
targetLabels: []
1560
## Override the job label used for the apiserver.
1561
## This allows users who scrape apiserver metrics under a different job name (e.g. k3s-server via PushProx)
1562
## to align the recording rules and alerts with their actual job label.
1563
jobNameOverride: ""
1564
## Component scraping the kubelet and kubelet-hosted cAdvisor
1565
##
1566
kubelet:
1567
enabled: true
1568
namespace: kube-system
1569
# Overrides the job selector in Grafana dashboards and Prometheus rules
1570
# For k3s clusters, change to k3s-server
1571
jobNameOverride: ""
1572
serviceMonitor:
1573
enabled: true
1574
## Enable scraping /metrics from kubelet's service
1575
kubelet: true
1576
## Attach metadata to discovered targets. Requires Prometheus v2.45 for endpoints created by the operator.
1577
##
1578
attachMetadata:
1579
node: false
1580
## Scrape interval. If not set, the Prometheus default scrape interval is used.
1581
##
1582
interval: ""
1583
## If true, Prometheus use (respect) labels provided by exporter.
1584
##
1585
honorLabels: true
1586
## If true, Prometheus ingests metrics with timestamp provided by exporter. If false, Prometheus ingests metrics with timestamp of scrape.
1587
##
1588
honorTimestamps: true
1589
## If true, defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false.
1590
## We recommend enabling this if you want the best possible accuracy for container_ metrics scraped from cadvisor.
1591
## For more details see: https://github.com/prometheus-community/helm-charts/pull/5063#issuecomment-2545374849
1592
trackTimestampsStaleness: true
1593
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1594
##
1595
sampleLimit: 0
1596
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1597
##
1598
targetLimit: 0
1599
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1600
##
1601
labelLimit: 0
1602
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1603
##
1604
labelNameLengthLimit: 0
1605
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1606
##
1607
labelValueLengthLimit: 0
1608
## proxyUrl: URL of a proxy that should be used for scraping.
1609
##
1610
proxyUrl: ""
1611
## Enable scraping the kubelet over https. For requirements to enable this see
1612
## https://github.com/prometheus-operator/prometheus-operator/issues/926
1613
##
1614
https: true
1615
## Skip TLS certificate validation when scraping.
1616
## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed
1617
## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs
1618
##
1619
insecureSkipVerify: true
1620
## Enable scraping /metrics/probes from kubelet's service
1621
##
1622
probes: true
1623
## Enable scraping /metrics/resource from kubelet's service
1624
## This is disabled by default because container metrics are already exposed by cAdvisor
1625
##
1626
resource: false
1627
# From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource
1628
resourcePath: "/metrics/resource/v1alpha1"
1629
## Configure the scrape interval for resource metrics. This is configured to the default Kubelet cAdvisor
1630
## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored
1631
## if kubelet.serviceMonitor.interval is not empty.
1632
resourceInterval: 10s
1633
## Enable scraping /metrics/cadvisor from kubelet's service
1634
##
1635
cAdvisor: true
1636
## Configure the scrape interval for cAdvisor. This is configured to the default Kubelet cAdvisor
1637
## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored
1638
## if kubelet.serviceMonitor.interval is not empty.
1639
cAdvisorInterval: 10s
1640
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1641
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1642
##
1643
cAdvisorMetricRelabelings:
1644
# Drop less useful container CPU metrics.
1645
- sourceLabels: [__name__]
1646
action: drop
1647
regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)'
1648
# Drop less useful container / always zero filesystem metrics.
1649
- sourceLabels: [__name__]
1650
action: drop
1651
regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)'
1652
# Drop less useful / always zero container memory metrics.
1653
- sourceLabels: [__name__]
1654
action: drop
1655
regex: 'container_memory_(mapped_file|swap)'
1656
# Drop less useful container process metrics.
1657
- sourceLabels: [__name__]
1658
action: drop
1659
regex: 'container_(file_descriptors|tasks_state|threads_max)'
1660
# Drop container_memory_failures_total{scope="hierarchy"} metrics,
1661
# we only need the container scope.
1662
- sourceLabels: [__name__, scope]
1663
action: drop
1664
regex: 'container_memory_failures_total;hierarchy'
1665
# Drop container_network_... metrics that match various interfaces that
1666
# correspond to CNI and similar interfaces. This avoids capturing network
1667
# metrics for host network containers.
1668
- sourceLabels: [__name__, interface]
1669
action: drop
1670
regex: 'container_network_.*;(cali|cilium|cni|lxc|nodelocaldns|tunl).*'
1671
# Drop container spec metrics that overlap with kube-state-metrics.
1672
- sourceLabels: [__name__]
1673
action: drop
1674
regex: 'container_spec.*'
1675
# Drop cgroup metrics with no pod.
1676
- sourceLabels: [id, pod]
1677
action: drop
1678
regex: '.+;'
1679
# - sourceLabels: [__name__, image]
1680
# separator: ;
1681
# regex: container_([a-z_]+);
1682
# replacement: $1
1683
# action: drop
1684
# - sourceLabels: [__name__]
1685
# separator: ;
1686
# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
1687
# replacement: $1
1688
# action: drop
1689
1690
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1691
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1692
##
1693
probesMetricRelabelings: []
1694
# - sourceLabels: [__name__, image]
1695
# separator: ;
1696
# regex: container_([a-z_]+);
1697
# replacement: $1
1698
# action: drop
1699
# - sourceLabels: [__name__]
1700
# separator: ;
1701
# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
1702
# replacement: $1
1703
# action: drop
1704
1705
## RelabelConfigs to apply to samples before scraping
1706
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1707
##
1708
## metrics_path is required to match upstream rules and charts
1709
cAdvisorRelabelings:
1710
- action: replace
1711
sourceLabels: [__metrics_path__]
1712
targetLabel: metrics_path
1713
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1714
# separator: ;
1715
# regex: ^(.*)$
1716
# targetLabel: nodename
1717
# replacement: $1
1718
# action: replace
1719
1720
## RelabelConfigs to apply to samples before scraping
1721
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1722
##
1723
probesRelabelings:
1724
- action: replace
1725
sourceLabels: [__metrics_path__]
1726
targetLabel: metrics_path
1727
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1728
# separator: ;
1729
# regex: ^(.*)$
1730
# targetLabel: nodename
1731
# replacement: $1
1732
# action: replace
1733
1734
## RelabelConfigs to apply to samples before scraping
1735
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1736
##
1737
resourceRelabelings:
1738
- action: replace
1739
sourceLabels: [__metrics_path__]
1740
targetLabel: metrics_path
1741
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1742
# separator: ;
1743
# regex: ^(.*)$
1744
# targetLabel: nodename
1745
# replacement: $1
1746
# action: replace
1747
1748
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1749
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1750
##
1751
metricRelabelings:
1752
# Reduce bucket cardinality of kubelet storage operations.
1753
- action: drop
1754
sourceLabels: [__name__, le]
1755
regex: (csi_operations|storage_operation_duration)_seconds_bucket;(0.25|2.5|15|25|120|600)(\.0)?
1756
# - sourceLabels: [__name__, image]
1757
# separator: ;
1758
# regex: container_([a-z_]+);
1759
# replacement: $1
1760
# action: drop
1761
# - sourceLabels: [__name__]
1762
# separator: ;
1763
# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
1764
# replacement: $1
1765
# action: drop
1766
1767
## RelabelConfigs to apply to samples before scraping
1768
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1769
##
1770
## metrics_path is required to match upstream rules and charts
1771
relabelings:
1772
- action: replace
1773
sourceLabels: [__metrics_path__]
1774
targetLabel: metrics_path
1775
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1776
# separator: ;
1777
# regex: ^(.*)$
1778
# targetLabel: nodename
1779
# replacement: $1
1780
# action: replace
1781
1782
## Additional labels
1783
##
1784
additionalLabels: {}
1785
# foo: bar
1786
1787
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1788
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1789
targetLabels: []
1790
## Component scraping the kube controller manager
1791
##
1792
kubeControllerManager:
1793
enabled: true
1794
# Overrides the job selector in Grafana dashboards and Prometheus rules
1795
# For k3s clusters, change to k3s-server
1796
jobNameOverride: ""
1797
## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
1798
##
1799
endpoints: []
1800
# - 10.141.4.22
1801
# - 10.141.4.23
1802
# - 10.141.4.24
1803
1804
## If using kubeControllerManager.endpoints only the port and targetPort are used
1805
##
1806
service:
1807
enabled: true
1808
## If null or unset, the value is determined dynamically based on target Kubernetes version due to change
1809
## of default port in Kubernetes 1.22.
1810
##
1811
port: null
1812
targetPort: null
1813
ipDualStack:
1814
enabled: false
1815
ipFamilies: ["IPv6", "IPv4"]
1816
ipFamilyPolicy: "PreferDualStack"
1817
# selector:
1818
# component: kube-controller-manager
1819
serviceMonitor:
1820
enabled: true
1821
## Scrape interval. If not set, the Prometheus default scrape interval is used.
1822
##
1823
interval: ""
1824
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1825
##
1826
sampleLimit: 0
1827
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1828
##
1829
targetLimit: 0
1830
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1831
##
1832
labelLimit: 0
1833
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1834
##
1835
labelNameLengthLimit: 0
1836
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1837
##
1838
labelValueLengthLimit: 0
1839
## proxyUrl: URL of a proxy that should be used for scraping.
1840
##
1841
proxyUrl: ""
1842
## port: Name of the port the metrics will be scraped from
1843
##
1844
port: http-metrics
1845
jobLabel: jobLabel
1846
selector: {}
1847
# matchLabels:
1848
# component: kube-controller-manager
1849
1850
## Enable scraping kube-controller-manager over https.
1851
## Requires proper certs (not self-signed) and delegated authentication/authorization checks.
1852
## If null or unset, the value is determined dynamically based on target Kubernetes version.
1853
##
1854
https: null
1855
# Skip TLS certificate validation when scraping
1856
insecureSkipVerify: null
1857
# Name of the server to use when validating TLS certificate
1858
serverName: null
1859
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1860
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1861
##
1862
metricRelabelings: []
1863
# - action: keep
1864
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
1865
# sourceLabels: [__name__]
1866
1867
## RelabelConfigs to apply to samples before scraping
1868
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1869
##
1870
relabelings: []
1871
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1872
# separator: ;
1873
# regex: ^(.*)$
1874
# targetLabel: nodename
1875
# replacement: $1
1876
# action: replace
1877
1878
## Additional labels
1879
##
1880
additionalLabels: {}
1881
# foo: bar
1882
1883
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1884
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1885
targetLabels: []
1886
## Component scraping coreDns. Use either this or kubeDns
1887
##
1888
coreDns:
1889
enabled: true
1890
service:
1891
enabled: true
1892
port: 9153
1893
targetPort: 9153
1894
ipDualStack:
1895
enabled: false
1896
ipFamilies: ["IPv6", "IPv4"]
1897
ipFamilyPolicy: "PreferDualStack"
1898
# selector:
1899
# k8s-app: kube-dns
1900
serviceMonitor:
1901
enabled: true
1902
## Scrape interval. If not set, the Prometheus default scrape interval is used.
1903
##
1904
interval: ""
1905
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1906
##
1907
sampleLimit: 0
1908
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1909
##
1910
targetLimit: 0
1911
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1912
##
1913
labelLimit: 0
1914
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1915
##
1916
labelNameLengthLimit: 0
1917
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1918
##
1919
labelValueLengthLimit: 0
1920
## proxyUrl: URL of a proxy that should be used for scraping.
1921
##
1922
proxyUrl: ""
1923
## port: Name of the port the metrics will be scraped from
1924
##
1925
port: http-metrics
1926
jobLabel: jobLabel
1927
selector: {}
1928
# matchLabels:
1929
# k8s-app: kube-dns
1930
1931
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1932
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1933
##
1934
metricRelabelings: []
1935
# - action: keep
1936
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
1937
# sourceLabels: [__name__]
1938
1939
## RelabelConfigs to apply to samples before scraping
1940
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1941
##
1942
relabelings: []
1943
# - sourceLabels: [__meta_kubernetes_pod_node_name]
1944
# separator: ;
1945
# regex: ^(.*)$
1946
# targetLabel: nodename
1947
# replacement: $1
1948
# action: replace
1949
1950
## Additional labels
1951
##
1952
additionalLabels: {}
1953
# foo: bar
1954
1955
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1956
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1957
targetLabels: []
1958
## File containing bearer token to be used when scraping targets
1959
## Empty value do not send any bearer token.
1960
##
1961
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
1962
## Component scraping kubeDns. Use either this or coreDns
1963
##
1964
kubeDns:
1965
enabled: false
1966
service:
1967
dnsmasq:
1968
port: 10054
1969
targetPort: 10054
1970
skydns:
1971
port: 10055
1972
targetPort: 10055
1973
ipDualStack:
1974
enabled: false
1975
ipFamilies: ["IPv6", "IPv4"]
1976
ipFamilyPolicy: "PreferDualStack"
1977
# selector:
1978
# k8s-app: kube-dns
1979
serviceMonitor:
1980
## Scrape interval. If not set, the Prometheus default scrape interval is used.
1981
##
1982
interval: ""
1983
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1984
##
1985
sampleLimit: 0
1986
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1987
##
1988
targetLimit: 0
1989
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1990
##
1991
labelLimit: 0
1992
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1993
##
1994
labelNameLengthLimit: 0
1995
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1996
##
1997
labelValueLengthLimit: 0
1998
## proxyUrl: URL of a proxy that should be used for scraping.
1999
##
2000
proxyUrl: ""
2001
jobLabel: jobLabel
2002
selector: {}
2003
# matchLabels:
2004
# k8s-app: kube-dns
2005
2006
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2007
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2008
##
2009
metricRelabelings: []
2010
# - action: keep
2011
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2012
# sourceLabels: [__name__]
2013
2014
## RelabelConfigs to apply to samples before scraping
2015
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2016
##
2017
relabelings: []
2018
# - sourceLabels: [__meta_kubernetes_pod_node_name]
2019
# separator: ;
2020
# regex: ^(.*)$
2021
# targetLabel: nodename
2022
# replacement: $1
2023
# action: replace
2024
2025
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2026
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2027
##
2028
dnsmasqMetricRelabelings: []
2029
# - action: keep
2030
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2031
# sourceLabels: [__name__]
2032
2033
## RelabelConfigs to apply to samples before scraping
2034
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2035
##
2036
dnsmasqRelabelings: []
2037
# - sourceLabels: [__meta_kubernetes_pod_node_name]
2038
# separator: ;
2039
# regex: ^(.*)$
2040
# targetLabel: nodename
2041
# replacement: $1
2042
# action: replace
2043
2044
## Additional labels
2045
##
2046
additionalLabels: {}
2047
# foo: bar
2048
2049
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2050
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2051
targetLabels: []
2052
## File containing bearer token to be used when scraping targets
2053
## Empty value do not send any bearer token.
2054
##
2055
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2056
## Component scraping etcd
2057
##
2058
kubeEtcd:
2059
enabled: true
2060
## If your etcd is not deployed as a pod, specify IPs it can be found on
2061
##
2062
endpoints: []
2063
# - 10.141.4.22
2064
# - 10.141.4.23
2065
# - 10.141.4.24
2066
2067
## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
2068
##
2069
service:
2070
enabled: true
2071
port: 2381
2072
targetPort: 2381
2073
ipDualStack:
2074
enabled: false
2075
ipFamilies: ["IPv6", "IPv4"]
2076
ipFamilyPolicy: "PreferDualStack"
2077
# selector:
2078
# component: etcd
2079
## Configure secure access to the etcd cluster by loading a secret into prometheus and
2080
## specifying security configuration below. For example, with a secret named etcd-client-cert
2081
##
2082
## serviceMonitor:
2083
## scheme: https
2084
## insecureSkipVerify: false
2085
## serverName: localhost
2086
## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
2087
## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
2088
## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
2089
##
2090
serviceMonitor:
2091
enabled: true
2092
## Scrape interval. If not set, the Prometheus default scrape interval is used.
2093
##
2094
interval: ""
2095
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2096
##
2097
sampleLimit: 0
2098
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2099
##
2100
targetLimit: 0
2101
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2102
##
2103
labelLimit: 0
2104
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2105
##
2106
labelNameLengthLimit: 0
2107
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2108
##
2109
labelValueLengthLimit: 0
2110
## proxyUrl: URL of a proxy that should be used for scraping.
2111
##
2112
proxyUrl: ""
2113
scheme: http
2114
insecureSkipVerify: false
2115
serverName: ""
2116
caFile: ""
2117
certFile: ""
2118
keyFile: ""
2119
## port: Name of the port the metrics will be scraped from
2120
##
2121
port: http-metrics
2122
jobLabel: jobLabel
2123
selector: {}
2124
# matchLabels:
2125
# component: etcd
2126
2127
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2128
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2129
##
2130
metricRelabelings: []
2131
# - action: keep
2132
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2133
# sourceLabels: [__name__]
2134
2135
## RelabelConfigs to apply to samples before scraping
2136
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2137
##
2138
relabelings: []
2139
# - sourceLabels: [__meta_kubernetes_pod_node_name]
2140
# separator: ;
2141
# regex: ^(.*)$
2142
# targetLabel: nodename
2143
# replacement: $1
2144
# action: replace
2145
2146
## Additional labels
2147
##
2148
additionalLabels: {}
2149
# foo: bar
2150
2151
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2152
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2153
targetLabels: []
2154
## File containing bearer token to be used when scraping targets
2155
## Empty value do not send any bearer token.
2156
##
2157
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2158
## Component scraping kube scheduler
2159
##
2160
kubeScheduler:
2161
enabled: true
2162
# Overrides the job selector in Grafana dashboards and Prometheus rules
2163
# For k3s clusters, change to k3s-server
2164
jobNameOverride: ""
2165
## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
2166
##
2167
endpoints: []
2168
# - 10.141.4.22
2169
# - 10.141.4.23
2170
# - 10.141.4.24
2171
2172
## If using kubeScheduler.endpoints only the port and targetPort are used
2173
##
2174
service:
2175
enabled: true
2176
## If null or unset, the value is determined dynamically based on target Kubernetes version due to change
2177
## of default port in Kubernetes 1.23.
2178
##
2179
port: null
2180
targetPort: null
2181
ipDualStack:
2182
enabled: false
2183
ipFamilies: ["IPv6", "IPv4"]
2184
ipFamilyPolicy: "PreferDualStack"
2185
# selector:
2186
# component: kube-scheduler
2187
serviceMonitor:
2188
enabled: true
2189
## Scrape interval. If not set, the Prometheus default scrape interval is used.
2190
##
2191
interval: ""
2192
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2193
##
2194
sampleLimit: 0
2195
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2196
##
2197
targetLimit: 0
2198
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2199
##
2200
labelLimit: 0
2201
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2202
##
2203
labelNameLengthLimit: 0
2204
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2205
##
2206
labelValueLengthLimit: 0
2207
## proxyUrl: URL of a proxy that should be used for scraping.
2208
##
2209
proxyUrl: ""
2210
## Enable scraping kube-scheduler over https.
2211
## Requires proper certs (not self-signed) and delegated authentication/authorization checks.
2212
## If null or unset, the value is determined dynamically based on target Kubernetes version.
2213
##
2214
https: null
2215
## port: Name of the port the metrics will be scraped from
2216
##
2217
port: http-metrics
2218
jobLabel: jobLabel
2219
selector: {}
2220
# matchLabels:
2221
# component: kube-scheduler
2222
2223
## Skip TLS certificate validation when scraping
2224
insecureSkipVerify: null
2225
## Name of the server to use when validating TLS certificate
2226
serverName: null
2227
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2228
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2229
##
2230
metricRelabelings: []
2231
# - action: keep
2232
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2233
# sourceLabels: [__name__]
2234
2235
## RelabelConfigs to apply to samples before scraping
2236
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2237
##
2238
relabelings: []
2239
# - sourceLabels: [__meta_kubernetes_pod_node_name]
2240
# separator: ;
2241
# regex: ^(.*)$
2242
# targetLabel: nodename
2243
# replacement: $1
2244
# action: replace
2245
2246
## Additional labels
2247
##
2248
additionalLabels: {}
2249
# foo: bar
2250
2251
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2252
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2253
targetLabels: []
2254
## Component scraping kube proxy
2255
##
2256
kubeProxy:
2257
enabled: true
2258
# Overrides the job selector in Grafana dashboards and Prometheus rules
2259
# For k3s clusters, change to k3s-server
2260
jobNameOverride: ""
2261
## If your kube proxy is not deployed as a pod, specify IPs it can be found on
2262
##
2263
endpoints: []
2264
# - 10.141.4.22
2265
# - 10.141.4.23
2266
# - 10.141.4.24
2267
2268
service:
2269
enabled: true
2270
port: 10249
2271
targetPort: 10249
2272
ipDualStack:
2273
enabled: false
2274
ipFamilies: ["IPv6", "IPv4"]
2275
ipFamilyPolicy: "PreferDualStack"
2276
# selector:
2277
# k8s-app: kube-proxy
2278
serviceMonitor:
2279
enabled: true
2280
## Scrape interval. If not set, the Prometheus default scrape interval is used.
2281
##
2282
interval: ""
2283
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2284
##
2285
sampleLimit: 0
2286
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2287
##
2288
targetLimit: 0
2289
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2290
##
2291
labelLimit: 0
2292
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2293
##
2294
labelNameLengthLimit: 0
2295
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2296
##
2297
labelValueLengthLimit: 0
2298
## proxyUrl: URL of a proxy that should be used for scraping.
2299
##
2300
proxyUrl: ""
2301
## port: Name of the port the metrics will be scraped from
2302
##
2303
port: http-metrics
2304
jobLabel: jobLabel
2305
selector: {}
2306
# matchLabels:
2307
# k8s-app: kube-proxy
2308
2309
## Enable scraping kube-proxy over https.
2310
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
2311
##
2312
https: false
2313
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2314
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2315
##
2316
metricRelabelings: []
2317
# - action: keep
2318
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2319
# sourceLabels: [__name__]
2320
2321
## RelabelConfigs to apply to samples before scraping
2322
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2323
##
2324
relabelings: []
2325
# - action: keep
2326
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2327
# sourceLabels: [__name__]
2328
2329
## Additional labels
2330
##
2331
additionalLabels: {}
2332
# foo: bar
2333
2334
## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2335
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2336
targetLabels: []
2337
## File containing bearer token to be used when scraping targets
2338
## Empty value do not send any bearer token.
2339
##
2340
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2341
## Component scraping kube state metrics
2342
##
2343
kubeStateMetrics:
2344
enabled: true
2345
## Configuration for kube-state-metrics subchart
2346
##
2347
kube-state-metrics:
2348
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
2349
releaseLabel: true
2350
## Enable scraping via kubernetes-service-endpoints
2351
## Disabled by default as we service monitor is enabled below
2352
##
2353
prometheusScrape: false
2354
prometheus:
2355
monitor:
2356
## Enable scraping via service monitor
2357
## Disable to prevent duplication if you enable prometheusScrape above
2358
enabled: true
2359
## kube-state-metrics endpoint
2360
http:
2361
## Keep labels from scraped data, overriding server-side labels
2362
honorLabels: true
2363
## selfMonitor endpoint
2364
metrics:
2365
## Keep labels from scraped data, overriding server-side labels
2366
honorLabels: true
2367
## Deploy node exporter as a daemonset to all nodes
2368
##
2369
nodeExporter:
2370
enabled: true
2371
operatingSystems:
2372
linux:
2373
enabled: true
2374
aix:
2375
enabled: true
2376
darwin:
2377
enabled: true
2378
## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled
2379
##
2380
forceDeployDashboards: false
2381
## Configuration for prometheus-node-exporter subchart
2382
##
2383
prometheus-node-exporter:
2384
namespaceOverride: ""
2385
podLabels:
2386
## Add the 'node-exporter' label to be used by serviceMonitor and podMonitor to match standard common usage in rules and grafana dashboards
2387
##
2388
jobLabel: node-exporter
2389
releaseLabel: true
2390
extraArgs:
2391
- --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/containerd/.+|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
2392
- --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$
2393
service:
2394
portName: http-metrics
2395
ipDualStack:
2396
enabled: false
2397
ipFamilies: ["IPv6", "IPv4"]
2398
ipFamilyPolicy: "PreferDualStack"
2399
labels:
2400
jobLabel: node-exporter
2401
image:
2402
distroless: true
2403
prometheus:
2404
monitor:
2405
enabled: true
2406
jobLabel: jobLabel
2407
## Scrape interval. If not set, the Prometheus default scrape interval is used.
2408
##
2409
interval: ""
2410
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2411
##
2412
sampleLimit: 0
2413
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2414
##
2415
targetLimit: 0
2416
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2417
##
2418
labelLimit: 0
2419
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2420
##
2421
labelNameLengthLimit: 0
2422
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2423
##
2424
labelValueLengthLimit: 0
2425
## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.
2426
##
2427
scrapeTimeout: ""
2428
## proxyUrl: URL of a proxy that should be used for scraping.
2429
##
2430
proxyUrl: ""
2431
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2432
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2433
##
2434
metricRelabelings: []
2435
# - sourceLabels: [__name__]
2436
# separator: ;
2437
# regex: ^node_mountstats_nfs_(event|operations|transport)_.+
2438
# replacement: $1
2439
# action: drop
2440
2441
## RelabelConfigs to apply to samples before scraping
2442
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2443
##
2444
relabelings: []
2445
# - sourceLabels: [__meta_kubernetes_pod_node_name]
2446
# separator: ;
2447
# regex: ^(.*)$
2448
# targetLabel: nodename
2449
# replacement: $1
2450
# action: replace
2451
## Attach node metadata to discovered targets. Requires Prometheus v2.35.0 and above.
2452
##
2453
# attachMetadata:
2454
# node: false
2455
2456
podMonitor:
2457
enabled: false
2458
jobLabel: jobLabel
2459
rbac:
2460
## If true, create PSPs for node-exporter
2461
##
2462
pspEnabled: false
2463
## Manages Prometheus and Alertmanager components
2464
##
2465
prometheusOperator:
2466
enabled: true
2467
## Use '{{ template "kube-prometheus-stack.fullname" . }}-operator' by default
2468
fullnameOverride: ""
2469
## Number of old replicasets to retain ##
2470
## The default value is 10, 0 will garbage-collect old replicasets ##
2471
revisionHistoryLimit: 10
2472
## Strategy of the deployment
2473
##
2474
strategy: {}
2475
## Prometheus-Operator v0.39.0 and later support TLS natively.
2476
##
2477
tls:
2478
enabled: true
2479
# Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants
2480
tlsMinVersion: VersionTLS13
2481
# The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
2482
internalPort: 10250
2483
## Liveness probe for the prometheusOperator deployment
2484
##
2485
livenessProbe:
2486
enabled: true
2487
failureThreshold: 3
2488
initialDelaySeconds: 0
2489
periodSeconds: 10
2490
successThreshold: 1
2491
timeoutSeconds: 1
2492
## Readiness probe for the prometheusOperator deployment
2493
##
2494
readinessProbe:
2495
enabled: true
2496
failureThreshold: 3
2497
initialDelaySeconds: 0
2498
periodSeconds: 10
2499
successThreshold: 1
2500
timeoutSeconds: 1
2501
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
2502
## rules from making their way into prometheus and potentially preventing the container from starting
2503
admissionWebhooks:
2504
## Valid values: Fail, Ignore, IgnoreOnInstallOnly
2505
## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail"
2506
failurePolicy: ""
2507
## The default timeoutSeconds is 10 and the maximum value is 30.
2508
timeoutSeconds: 10
2509
enabled: true
2510
## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
2511
## If unspecified, system trust roots on the apiserver are used.
2512
caBundle: ""
2513
## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
2514
## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
2515
## certs ahead of time if you wish.
2516
##
2517
annotations: {}
2518
# argocd.argoproj.io/hook: PreSync
2519
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
2520
2521
namespaceSelector: {}
2522
objectSelector: {}
2523
matchConditions: {}
2524
mutatingWebhookConfiguration:
2525
annotations: {}
2526
# argocd.argoproj.io/hook: PreSync
2527
validatingWebhookConfiguration:
2528
annotations: {}
2529
# argocd.argoproj.io/hook: PreSync
2530
deployment:
2531
enabled: false
2532
## Number of replicas
2533
##
2534
replicas: 1
2535
## Strategy of the deployment
2536
##
2537
strategy: {}
2538
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2539
podDisruptionBudget:
2540
enabled: false
2541
minAvailable: 1
2542
# maxUnavailable: ""
2543
unhealthyPodEvictionPolicy: AlwaysAllow
2544
## Number of old replicasets to retain ##
2545
## The default value is 10, 0 will garbage-collect old replicasets ##
2546
revisionHistoryLimit: 10
2547
## Prometheus-Operator v0.39.0 and later support TLS natively.
2548
##
2549
tls:
2550
enabled: true
2551
# Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants
2552
tlsMinVersion: VersionTLS13
2553
# The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
2554
internalPort: 10250
2555
## Service account for Prometheus Operator Webhook to use.
2556
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2557
##
2558
serviceAccount:
2559
annotations: {}
2560
automountServiceAccountToken: false
2561
create: true
2562
name: ""
2563
## Configuration for Prometheus operator Webhook service
2564
##
2565
service:
2566
annotations: {}
2567
labels: {}
2568
clusterIP: ""
2569
ipDualStack:
2570
enabled: false
2571
ipFamilies: ["IPv6", "IPv4"]
2572
ipFamilyPolicy: "PreferDualStack"
2573
## Port to expose on each node
2574
## Only used if service.type is 'NodePort'
2575
##
2576
nodePort: 31080
2577
nodePortTls: 31443
2578
## Additional ports to open for Prometheus operator Webhook service
2579
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
2580
##
2581
additionalPorts: []
2582
## Loadbalancer IP
2583
## Only use if service.type is "LoadBalancer"
2584
##
2585
loadBalancerIP: ""
2586
loadBalancerSourceRanges: []
2587
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2588
##
2589
externalTrafficPolicy: Cluster
2590
## Service type
2591
## NodePort, ClusterIP, LoadBalancer
2592
##
2593
type: ClusterIP
2594
## List of IP addresses at which the Prometheus server service is available
2595
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
2596
##
2597
externalIPs: []
2598
# ## Labels to add to the operator webhook deployment
2599
# ##
2600
labels: {}
2601
## Annotations to add to the operator webhook deployment
2602
##
2603
annotations: {}
2604
## Labels to add to the operator webhook pod
2605
##
2606
podLabels: {}
2607
## Annotations to add to the operator webhook pod
2608
##
2609
podAnnotations: {}
2610
## Assign a PriorityClassName to pods if set
2611
# priorityClassName: ""
2612
2613
## Define Log Format
2614
# Use logfmt (default) or json logging
2615
# logFormat: logfmt
2616
2617
## Decrease log verbosity to errors only
2618
# logLevel: error
2619
2620
## Prometheus-operator webhook image
2621
##
2622
image:
2623
registry: cgr.dev
2624
repository: scratch-images/test-tmp/prometheus-admission-webhook
2625
# if not set appVersion field from Chart.yaml is used
2626
tag: 0.92.1-r2
2627
sha: sha256:b97d78f3ba70c2ae5fa7f08156ec66b1bb665dacd32b049247fe90b03e99166f
2628
pullPolicy: IfNotPresent
2629
## Define Log Format
2630
# Use logfmt (default) or json logging
2631
# logFormat: logfmt
2632
2633
## Decrease log verbosity to errors only
2634
# logLevel: error
2635
2636
## PromQL parser options to enable for the admission webhook when validating PrometheusRule resources.
2637
## The options are passed to the prometheus-operator admission-webhook binary as a comma-separated --promql-options value.
2638
## Requires prometheus-operator admission-webhook v0.91.0 or newer.
2639
## Valid values: experimental-functions, duration-expression-parsing, extended-range-selectors, binop-fill-modifiers.
2640
##
2641
promqlOptions: []
2642
## Liveness probe
2643
##
2644
livenessProbe:
2645
enabled: true
2646
failureThreshold: 3
2647
initialDelaySeconds: 30
2648
periodSeconds: 10
2649
successThreshold: 1
2650
timeoutSeconds: 1
2651
## Readiness probe
2652
##
2653
readinessProbe:
2654
enabled: true
2655
failureThreshold: 3
2656
initialDelaySeconds: 5
2657
periodSeconds: 10
2658
successThreshold: 1
2659
timeoutSeconds: 1
2660
## Resource limits & requests
2661
##
2662
resources: {}
2663
# limits:
2664
# cpu: 200m
2665
# memory: 200Mi
2666
# requests:
2667
# cpu: 100m
2668
# memory: 100Mi
2669
2670
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
2671
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
2672
##
2673
hostNetwork: false
2674
## Define which Nodes the Pods are scheduled on.
2675
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
2676
##
2677
nodeSelector: {}
2678
## Tolerations for use with node taints
2679
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
2680
##
2681
tolerations: []
2682
# - key: "key"
2683
# operator: "Equal"
2684
# value: "value"
2685
# effect: "NoSchedule"
2686
2687
## Assign custom affinity rules to the prometheus operator
2688
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2689
##
2690
affinity: {}
2691
# nodeAffinity:
2692
# requiredDuringSchedulingIgnoredDuringExecution:
2693
# nodeSelectorTerms:
2694
# - matchExpressions:
2695
# - key: kubernetes.io/e2e-az-name
2696
# operator: In
2697
# values:
2698
# - e2e-az1
2699
# - e2e-az2
2700
dnsConfig: {}
2701
# nameservers:
2702
# - 1.2.3.4
2703
# searches:
2704
# - ns1.svc.cluster-domain.example
2705
# - my.dns.search.suffix
2706
# options:
2707
# - name: ndots
2708
# value: "2"
2709
# - name: edns0
2710
securityContext:
2711
fsGroup: 65534
2712
runAsGroup: 65534
2713
runAsNonRoot: true
2714
runAsUser: 65534
2715
seccompProfile:
2716
type: RuntimeDefault
2717
## Container-specific security context configuration
2718
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
2719
##
2720
containerSecurityContext:
2721
allowPrivilegeEscalation: false
2722
readOnlyRootFilesystem: true
2723
capabilities:
2724
drop:
2725
- ALL
2726
## If false then the user will opt out of automounting API credentials.
2727
##
2728
automountServiceAccountToken: true
2729
patch:
2730
enabled: true
2731
image:
2732
registry: cgr.dev
2733
repository: chainguard-private/kube-webhook-certgen
2734
tag: latest
2735
sha: sha256:10743ad03243cf91c3fbafee168a55b394e84a3f72ce93058089b4f684fa0790
2736
pullPolicy: IfNotPresent
2737
resources: {}
2738
## Provide a priority class name to the webhook patching job
2739
##
2740
priorityClassName: ""
2741
ttlSecondsAfterFinished: 60
2742
annotations: {}
2743
# argocd.argoproj.io/hook: PreSync
2744
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
2745
podAnnotations: {}
2746
nodeSelector: {}
2747
affinity: {}
2748
tolerations: []
2749
## SecurityContext holds pod-level security attributes and common container settings.
2750
## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false
2751
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
2752
##
2753
securityContext:
2754
runAsGroup: 2000
2755
runAsNonRoot: true
2756
runAsUser: 2000
2757
seccompProfile:
2758
type: RuntimeDefault
2759
## Service account for Prometheus Operator Webhook Job Patch to use.
2760
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2761
##
2762
serviceAccount:
2763
create: true
2764
annotations: {}
2765
automountServiceAccountToken: true
2766
# Security context for create job container
2767
createSecretJob:
2768
securityContext:
2769
allowPrivilegeEscalation: false
2770
readOnlyRootFilesystem: true
2771
capabilities:
2772
drop:
2773
- ALL
2774
# Security context for patch job container
2775
patchWebhookJob:
2776
securityContext:
2777
allowPrivilegeEscalation: false
2778
readOnlyRootFilesystem: true
2779
capabilities:
2780
drop:
2781
- ALL
2782
# Use certmanager to generate webhook certs
2783
certManager:
2784
enabled: false
2785
# self-signed root certificate
2786
rootCert:
2787
duration: "" # default to be 5y
2788
# -- Set the revisionHistoryLimit on the Certificate. See
2789
# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
2790
# Defaults to nil.
2791
revisionHistoryLimit:
2792
admissionCert:
2793
duration: "" # default to be 1y
2794
# -- Set the revisionHistoryLimit on the Certificate. See
2795
# https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
2796
# Defaults to nil.
2797
revisionHistoryLimit:
2798
# issuerRef:
2799
# name: "issuer"
2800
# kind: "ClusterIssuer"
2801
## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).
2802
## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration
2803
##
2804
namespaces: {}
2805
# releaseNamespace: true
2806
# additional:
2807
# - kube-system
2808
2809
## Namespaces not to scope the interaction of the Prometheus Operator (deny list).
2810
##
2811
denyNamespaces: []
2812
## Filter namespaces to look for prometheus-operator custom resources
2813
##
2814
alertmanagerInstanceNamespaces: []
2815
alertmanagerConfigNamespaces: []
2816
prometheusInstanceNamespaces: []
2817
thanosRulerInstanceNamespaces: []
2818
## The clusterDomain value will be added to the cluster.peer option of the alertmanager.
2819
## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value)
2820
## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094
2821
##
2822
# clusterDomain: "cluster.local"
2823
networkPolicy:
2824
## Enable creation of NetworkPolicy resources.
2825
##
2826
enabled: false
2827
## Flavor of the network policy to use.
2828
# Can be:
2829
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
2830
# * cilium for cilium.io/v2/CiliumNetworkPolicy
2831
flavor: kubernetes
2832
# cilium:
2833
# egress:
2834
2835
## match labels used in selector
2836
# matchLabels: {}
2837
## Service account for Prometheus Operator to use.
2838
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2839
##
2840
serviceAccount:
2841
create: true
2842
name: ""
2843
automountServiceAccountToken: true
2844
annotations: {}
2845
# -- terminationGracePeriodSeconds for container lifecycle hook
2846
terminationGracePeriodSeconds: 30
2847
# -- Specify lifecycle hooks for the controller
2848
lifecycle: {}
2849
## Configuration for Prometheus operator service
2850
##
2851
service:
2852
annotations: {}
2853
labels: {}
2854
clusterIP: ""
2855
ipDualStack:
2856
enabled: false
2857
ipFamilies: ["IPv6", "IPv4"]
2858
ipFamilyPolicy: "PreferDualStack"
2859
## Port to expose on each node
2860
## Only used if service.type is 'NodePort'
2861
##
2862
nodePort: 30080
2863
nodePortTls: 30443
2864
## Additional ports to open for Prometheus operator service
2865
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
2866
##
2867
additionalPorts: []
2868
## Loadbalancer IP
2869
## Only use if service.type is "LoadBalancer"
2870
##
2871
loadBalancerIP: ""
2872
loadBalancerSourceRanges: []
2873
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2874
##
2875
externalTrafficPolicy: Cluster
2876
## Service type
2877
## NodePort, ClusterIP, LoadBalancer
2878
##
2879
type: ClusterIP
2880
## List of IP addresses at which the Prometheus server service is available
2881
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
2882
##
2883
externalIPs: []
2884
# ## Labels to add to the operator deployment
2885
# ##
2886
labels: {}
2887
## Annotations to add to the operator deployment
2888
##
2889
annotations: {}
2890
## Labels to add to the operator pod
2891
##
2892
podLabels: {}
2893
## Annotations to add to the operator pod
2894
##
2895
podAnnotations: {}
2896
## Assign a podDisruptionBudget to the operator
2897
##
2898
podDisruptionBudget:
2899
enabled: false
2900
minAvailable: 1
2901
# maxUnavailable: ""
2902
unhealthyPodEvictionPolicy: AlwaysAllow
2903
## Assign a PriorityClassName to pods if set
2904
# priorityClassName: ""
2905
2906
## Define Log Format
2907
# Use logfmt (default) or json logging
2908
# logFormat: logfmt
2909
2910
## Decrease log verbosity to errors only
2911
# logLevel: error
2912
kubeletService:
2913
## If true, the operator will create and maintain a service for scraping kubelets
2914
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md
2915
##
2916
enabled: true
2917
namespace: kube-system
2918
selector: ""
2919
## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default
2920
name: ""
2921
## Create Endpoints objects for kubelet targets.
2922
kubeletEndpointsEnabled: true
2923
## Create EndpointSlice objects for kubelet targets.
2924
kubeletEndpointSliceEnabled: false
2925
## Extra arguments to pass to prometheusOperator
2926
# https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/operator.md
2927
extraArgs: []
2928
# - --labels="cluster=talos-cluster"
2929
2930
## Create a servicemonitor for the operator
2931
##
2932
serviceMonitor:
2933
## If true, create a serviceMonitor for prometheus operator
2934
##
2935
selfMonitor: true
2936
## Labels for ServiceMonitor
2937
additionalLabels: {}
2938
## Scrape interval. If not set, the Prometheus default scrape interval is used.
2939
##
2940
interval: ""
2941
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2942
##
2943
sampleLimit: 0
2944
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2945
##
2946
targetLimit: 0
2947
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2948
##
2949
labelLimit: 0
2950
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2951
##
2952
labelNameLengthLimit: 0
2953
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2954
##
2955
labelValueLengthLimit: 0
2956
## Scrape timeout. If not set, the Prometheus default scrape timeout is used.
2957
scrapeTimeout: ""
2958
## Metric relabel configs to apply to samples before ingestion.
2959
##
2960
metricRelabelings: []
2961
# - action: keep
2962
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2963
# sourceLabels: [__name__]
2964
2965
# relabel configs to apply to samples before ingestion.
2966
##
2967
relabelings: []
2968
# - sourceLabels: [__meta_kubernetes_pod_node_name]
2969
# separator: ;
2970
# regex: ^(.*)$
2971
# targetLabel: nodename
2972
# replacement: $1
2973
# action: replace
2974
## Resource limits & requests
2975
##
2976
resources: {}
2977
# limits:
2978
# cpu: 200m
2979
# memory: 200Mi
2980
# requests:
2981
# cpu: 100m
2982
# memory: 100Mi
2983
2984
## Operator Environment
2985
## env:
2986
## VARIABLE: value
2987
env:
2988
GOGC: "30"
2989
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
2990
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
2991
##
2992
hostNetwork: false
2993
## Define which Nodes the Pods are scheduled on.
2994
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
2995
##
2996
nodeSelector: {}
2997
## Tolerations for use with node taints
2998
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
2999
##
3000
tolerations: []
3001
# - key: "key"
3002
# operator: "Equal"
3003
# value: "value"
3004
# effect: "NoSchedule"
3005
3006
## Assign custom affinity rules to the prometheus operator
3007
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3008
##
3009
affinity: {}
3010
# nodeAffinity:
3011
# requiredDuringSchedulingIgnoredDuringExecution:
3012
# nodeSelectorTerms:
3013
# - matchExpressions:
3014
# - key: kubernetes.io/e2e-az-name
3015
# operator: In
3016
# values:
3017
# - e2e-az1
3018
# - e2e-az2
3019
dnsConfig: {}
3020
# nameservers:
3021
# - 1.2.3.4
3022
# searches:
3023
# - ns1.svc.cluster-domain.example
3024
# - my.dns.search.suffix
3025
# options:
3026
# - name: ndots
3027
# value: "2"
3028
# - name: edns0
3029
securityContext:
3030
fsGroup: 65534
3031
runAsGroup: 65534
3032
runAsNonRoot: true
3033
runAsUser: 65534
3034
seccompProfile:
3035
type: RuntimeDefault
3036
## Setup hostUsers for prometheus-operator
3037
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
3038
hostUsers: ~
3039
## Container-specific security context configuration
3040
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
3041
##
3042
containerSecurityContext:
3043
allowPrivilegeEscalation: false
3044
readOnlyRootFilesystem: true
3045
capabilities:
3046
drop:
3047
- ALL
3048
# Enable vertical pod autoscaler support for prometheus-operator
3049
verticalPodAutoscaler:
3050
enabled: false
3051
# Recommender responsible for generating recommendation for the object.
3052
# List should be empty (then the default recommender will generate the recommendation)
3053
# or contain exactly one recommender.
3054
# recommenders:
3055
# - name: custom-recommender-performance
3056
3057
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
3058
controlledResources: []
3059
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
3060
# controlledValues: RequestsAndLimits
3061
3062
# Define the max allowed resources for the pod
3063
maxAllowed: {}
3064
# cpu: 200m
3065
# memory: 100Mi
3066
# Define the min allowed resources for the pod
3067
minAllowed: {}
3068
# cpu: 200m
3069
# memory: 100Mi
3070
3071
updatePolicy:
3072
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
3073
# minReplicas: 1
3074
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
3075
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".
3076
updateMode: Recreate
3077
## Prometheus-operator image
3078
##
3079
image:
3080
registry: cgr.dev
3081
repository: scratch-images/test-tmp/prometheus-operator
3082
# if not set appVersion field from Chart.yaml is used
3083
tag: 0.92.1-r2
3084
sha: sha256:7e977c40599eed2d39b8aa5c1d2386a1e6bc5658c74750e0d4f7f1ad61dbd106
3085
pullPolicy: IfNotPresent
3086
## Prometheus image to use for prometheuses managed by the operator
3087
##
3088
# prometheusDefaultBaseImage: prometheus/prometheus
3089
3090
## Prometheus image registry to use for prometheuses managed by the operator
3091
##
3092
# prometheusDefaultBaseImageRegistry: quay.io
3093
3094
## Alertmanager image to use for alertmanagers managed by the operator
3095
##
3096
# alertmanagerDefaultBaseImage: prometheus/alertmanager
3097
3098
## Alertmanager image registry to use for alertmanagers managed by the operator
3099
##
3100
# alertmanagerDefaultBaseImageRegistry: quay.io
3101
3102
## Prometheus-config-reloader
3103
##
3104
prometheusConfigReloader:
3105
image:
3106
registry: cgr.dev
3107
repository: scratch-images/test-tmp/prometheus-config-reloader
3108
# if not set appVersion field from Chart.yaml is used
3109
tag: 0.92.1-r2
3110
sha: sha256:31fa527e880df1c7f8b4f395397527c45889ff1435a73d77f67e8811d7da0599
3111
# add prometheus config reloader liveness and readiness probe. Default: false
3112
enableProbe: false
3113
# resource config for prometheusConfigReloader
3114
resources: {}
3115
# requests:
3116
# cpu: 200m
3117
# memory: 50Mi
3118
# limits:
3119
# cpu: 200m
3120
# memory: 50Mi
3121
## Thanos side-car image when configured
3122
##
3123
thanosImage:
3124
registry: cgr.dev
3125
repository: scratch-images/test-tmp/thanos
3126
tag: 0.42.0-r0
3127
sha: sha256:2be9cce4b0e959142151f3c38b00bcae28fc43952103306e2ee9f838dafb2a56
3128
## Set a Label Selector to filter watched prometheus and prometheusAgent
3129
##
3130
prometheusInstanceSelector: ""
3131
## Set a Label Selector to filter watched alertmanager
3132
##
3133
alertmanagerInstanceSelector: ""
3134
## Set a Label Selector to filter watched thanosRuler
3135
thanosRulerInstanceSelector: ""
3136
## Set a Field Selector to filter watched secrets
3137
##
3138
secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1"
3139
## Feature gates to enable/disable operator features, rendered as --feature-gates=<key>=<value>.
3140
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/feature-gates.md
3141
## Example:
3142
## featureGates:
3143
## PrometheusAgentDaemonSet: true
3144
## StatusForConfigurationResources: true
3145
featureGates: {}
3146
## If false then the user will opt out of automounting API credentials.
3147
##
3148
automountServiceAccountToken: true
3149
## Additional volumes
3150
##
3151
extraVolumes: []
3152
## Additional volume mounts
3153
##
3154
extraVolumeMounts: []
3155
## Deploy a Prometheus instance
3156
##
3157
prometheus:
3158
enabled: true
3159
## Toggle prometheus into agent mode
3160
## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode.
3161
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/prometheus-agent.md
3162
##
3163
agentMode: false
3164
## Annotations for Prometheus
3165
##
3166
annotations: {}
3167
## Additional labels for Prometheus
3168
##
3169
additionalLabels: {}
3170
## Configure network policy for the prometheus
3171
networkPolicy:
3172
enabled: false
3173
## Flavor of the network policy to use.
3174
# Can be:
3175
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
3176
# * cilium for cilium.io/v2/CiliumNetworkPolicy
3177
flavor: kubernetes
3178
namespace:
3179
# cilium:
3180
# endpointSelector:
3181
# egress:
3182
# ingress:
3183
3184
# egress:
3185
# - {}
3186
# ingress:
3187
# - {}
3188
# podSelector:
3189
# matchLabels:
3190
# app: prometheus
3191
## Service account for Prometheuses to use.
3192
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3193
##
3194
serviceAccount:
3195
create: true
3196
name: ""
3197
annotations: {}
3198
automountServiceAccountToken: true
3199
# Service for thanos service discovery on sidecar
3200
# Enable this can make Thanos Query can use
3201
# `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery
3202
# Thanos sidecar on prometheus nodes
3203
# (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!)
3204
thanosService:
3205
enabled: false
3206
annotations: {}
3207
labels: {}
3208
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3209
##
3210
externalTrafficPolicy: Cluster
3211
## Service type
3212
##
3213
type: ClusterIP
3214
## Service dual stack
3215
##
3216
ipDualStack:
3217
enabled: false
3218
ipFamilies: ["IPv6", "IPv4"]
3219
ipFamilyPolicy: "PreferDualStack"
3220
## gRPC port config
3221
portName: grpc
3222
port: 10901
3223
targetPort: "grpc"
3224
## HTTP port config (for metrics)
3225
httpPortName: http
3226
httpPort: 10902
3227
targetHttpPort: "http"
3228
## ClusterIP to assign
3229
# Default is to make this a headless service ("None")
3230
clusterIP: "None"
3231
## Port to expose on each node, if service type is NodePort
3232
##
3233
nodePort: 30901
3234
httpNodePort: 30902
3235
# ServiceMonitor to scrape Sidecar metrics
3236
# Needs thanosService to be enabled as well
3237
thanosServiceMonitor:
3238
enabled: false
3239
interval: ""
3240
## Additional labels
3241
##
3242
additionalLabels: {}
3243
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
3244
scheme: ""
3245
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
3246
## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
3247
tlsConfig: {}
3248
bearerTokenFile:
3249
## Metric relabel configs to apply to samples before ingestion.
3250
metricRelabelings: []
3251
## relabel configs to apply to samples before ingestion.
3252
relabelings: []
3253
# Service for external access to sidecar
3254
# Enabling this creates a service to expose thanos-sidecar outside the cluster.
3255
thanosServiceExternal:
3256
enabled: false
3257
annotations: {}
3258
labels: {}
3259
loadBalancerIP: ""
3260
loadBalancerSourceRanges: []
3261
## gRPC port config
3262
portName: grpc
3263
port: 10901
3264
targetPort: "grpc"
3265
## HTTP port config (for metrics)
3266
httpPortName: http
3267
httpPort: 10902
3268
targetHttpPort: "http"
3269
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3270
##
3271
externalTrafficPolicy: Cluster
3272
## Service type
3273
##
3274
type: LoadBalancer
3275
## Port to expose on each node
3276
##
3277
nodePort: 30901
3278
httpNodePort: 30902
3279
## Configuration for Prometheus service
3280
##
3281
service:
3282
enabled: true
3283
annotations: {}
3284
labels: {}
3285
clusterIP: ""
3286
ipDualStack:
3287
enabled: false
3288
ipFamilies: ["IPv6", "IPv4"]
3289
ipFamilyPolicy: "PreferDualStack"
3290
## Port for Prometheus Service to listen on
3291
##
3292
port: 9090
3293
## To be used with a proxy extraContainer port
3294
targetPort: 9090
3295
## Port for Prometheus Reloader to listen on
3296
##
3297
reloaderWebPort: 8080
3298
## Port to expose for Prometheus Reloader
3299
## Only used if service.type is 'NodePort'
3300
##
3301
reloaderWebNodePort: null
3302
## List of IP addresses at which the Prometheus server service is available
3303
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
3304
##
3305
externalIPs: []
3306
## Port to expose on each node
3307
## Only used if service.type is 'NodePort'
3308
##
3309
nodePort: 30090
3310
## Loadbalancer IP
3311
## Only use if service.type is "LoadBalancer"
3312
loadBalancerIP: ""
3313
loadBalancerSourceRanges: []
3314
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3315
##
3316
externalTrafficPolicy: Cluster
3317
## Service type
3318
##
3319
type: ClusterIP
3320
## Additional ports to open for Prometheus service
3321
##
3322
additionalPorts: []
3323
# additionalPorts:
3324
# - name: oauth-proxy
3325
# port: 8081
3326
# targetPort: 8081
3327
# - name: oauth-metrics
3328
# port: 8082
3329
# targetPort: 8082
3330
3331
## Consider that all endpoints are considered "ready" even if the Pods themselves are not
3332
## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
3333
publishNotReadyAddresses: false
3334
## If you want to make sure that connections from a particular client are passed to the same Pod each time
3335
## Accepts 'ClientIP' or 'None'
3336
##
3337
sessionAffinity: None
3338
## If you want to modify the ClientIP sessionAffinity timeout
3339
## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP"
3340
##
3341
sessionAffinityConfig:
3342
clientIP:
3343
timeoutSeconds: 10800
3344
## Configuration for creating a separate Service for each statefulset Prometheus replica
3345
##
3346
servicePerReplica:
3347
enabled: false
3348
annotations: {}
3349
## Port for Prometheus Service per replica to listen on
3350
##
3351
port: 9090
3352
## To be used with a proxy extraContainer port
3353
targetPort: 9090
3354
## Port to expose on each node
3355
## Only used if servicePerReplica.type is 'NodePort'
3356
##
3357
nodePort: 30091
3358
## Loadbalancer source IP ranges
3359
## Only used if servicePerReplica.type is "LoadBalancer"
3360
loadBalancerSourceRanges: []
3361
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3362
##
3363
externalTrafficPolicy: Cluster
3364
## Service type
3365
##
3366
type: ClusterIP
3367
## Service dual stack
3368
##
3369
ipDualStack:
3370
enabled: false
3371
ipFamilies: ["IPv6", "IPv4"]
3372
ipFamilyPolicy: "PreferDualStack"
3373
## Configure pod disruption budgets for Prometheus
3374
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
3375
##
3376
podDisruptionBudget:
3377
enabled: false
3378
minAvailable: 1
3379
# maxUnavailable: ""
3380
unhealthyPodEvictionPolicy: AlwaysAllow
3381
## Enable vertical pod autoscaler support for Prometheus
3382
## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
3383
##
3384
verticalPodAutoscaler:
3385
enabled: false
3386
# Recommender responsible for generating recommendation for the object.
3387
# List should be empty (then the default recommender will generate the recommendation)
3388
# or contain exactly one recommender.
3389
# recommenders:
3390
# - name: custom-recommender-performance
3391
3392
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
3393
controlledResources: []
3394
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
3395
# controlledValues: RequestsAndLimits
3396
3397
# Define the max allowed resources for the pod
3398
maxAllowed: {}
3399
# cpu: 200m
3400
# memory: 100Mi
3401
# Define the min allowed resources for the pod
3402
minAllowed: {}
3403
# cpu: 200m
3404
# memory: 100Mi
3405
3406
updatePolicy:
3407
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
3408
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".
3409
updateMode: Recreate
3410
# Ingress exposes thanos sidecar outside the cluster
3411
thanosIngress:
3412
enabled: false
3413
ingressClassName: ""
3414
annotations: {}
3415
labels: {}
3416
servicePort: 10901
3417
## Port to expose on each node
3418
## Only used if service.type is 'NodePort'
3419
##
3420
nodePort: 30901
3421
## Hosts must be provided if Ingress is enabled.
3422
##
3423
hosts: []
3424
# - thanos-gateway.domain.com
3425
3426
## Paths to use for ingress rules
3427
##
3428
paths: []
3429
# - /
3430
3431
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
3432
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
3433
# pathType: ImplementationSpecific
3434
3435
## TLS configuration for Thanos Ingress
3436
## Secret must be manually created in the namespace
3437
##
3438
tls: []
3439
# - secretName: thanos-gateway-tls
3440
# hosts:
3441
# - thanos-gateway.domain.com
3442
#
3443
## ExtraSecret can be used to store various data in an extra secret
3444
## (use it for example to store hashed basic auth credentials)
3445
extraSecret:
3446
## if not set, name will be auto generated
3447
# name: ""
3448
annotations: {}
3449
data: {}
3450
# auth: |
3451
# foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
3452
# someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
3453
3454
ingress:
3455
enabled: false
3456
ingressClassName: ""
3457
annotations: {}
3458
labels: {}
3459
## Redirect ingress to an additional defined port on the service
3460
# servicePort: 8081
3461
3462
## Hostnames.
3463
## Must be provided if Ingress is enabled.
3464
##
3465
# hosts:
3466
# - prometheus.domain.com
3467
hosts: []
3468
## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix
3469
##
3470
paths: []
3471
# - /
3472
3473
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
3474
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
3475
# pathType: ImplementationSpecific
3476
3477
## TLS configuration for Prometheus Ingress
3478
## Secret must be manually created in the namespace
3479
##
3480
tls: []
3481
# - secretName: prometheus-general-tls
3482
# hosts:
3483
# - prometheus.example.com
3484
# -- BETA: Configure the gateway routes for the chart here.
3485
# More routes can be added by adding a dictionary key like the 'main' route.
3486
# Be aware that this is an early beta of this feature,
3487
# kube-prometheus-stack does not guarantee this works and is subject to change.
3488
# Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
3489
# [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)
3490
route:
3491
main:
3492
# -- Enables or disables the route
3493
enabled: false
3494
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
3495
apiVersion: gateway.networking.k8s.io/v1
3496
# -- Set the route kind
3497
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
3498
kind: HTTPRoute
3499
annotations: {}
3500
labels: {}
3501
hostnames: []
3502
# - my-filter.example.com
3503
parentRefs: []
3504
# - name: acme-gw
3505
3506
# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
3507
## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
3508
## matches, filters and additionalRules will be ignored if this is set to true. Be are
3509
httpsRedirect: false
3510
matches:
3511
- path:
3512
type: PathPrefix
3513
value: /
3514
## Filters define the filters that are applied to requests that match this rule.
3515
filters: []
3516
## Session persistence configuration for the route rule.
3517
sessionPersistence: {}
3518
# sessionName: route
3519
# type: Cookie
3520
# absoluteTimeout: 12h
3521
# cookieConfig:
3522
# lifetimeType: Permanent
3523
3524
## Additional custom rules that can be added to the route
3525
additionalRules: []
3526
## Configuration for creating an Ingress that will map to each Prometheus replica service
3527
## prometheus.servicePerReplica must be enabled
3528
##
3529
ingressPerReplica:
3530
enabled: false
3531
ingressClassName: ""
3532
annotations: {}
3533
labels: {}
3534
## Final form of the hostname for each per replica ingress is
3535
## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
3536
##
3537
## Prefix for the per replica ingress that will have `-$replicaNumber`
3538
## appended to the end
3539
hostPrefix: ""
3540
## Domain that will be used for the per replica ingress
3541
hostDomain: ""
3542
## Paths to use for ingress rules
3543
##
3544
paths: []
3545
# - /
3546
3547
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
3548
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
3549
# pathType: ImplementationSpecific
3550
3551
## Secret name containing the TLS certificate for Prometheus per replica ingress
3552
## Secret must be manually created in the namespace
3553
tlsSecretName: ""
3554
## Separated secret for each per replica Ingress. Can be used together with cert-manager
3555
##
3556
tlsSecretPerReplica:
3557
enabled: false
3558
## Final form of the secret for each per replica ingress is
3559
## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
3560
##
3561
prefix: "prometheus"
3562
## Configuration for creating a Gateway API route that will map to each Prometheus replica service
3563
## prometheus.servicePerReplica must be enabled
3564
##
3565
routePerReplica:
3566
main:
3567
# -- Enables or disables the routePerReplica
3568
enabled: false
3569
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
3570
apiVersion: gateway.networking.k8s.io/v1
3571
# -- Set the route kind
3572
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
3573
kind: HTTPRoute
3574
annotations: {}
3575
labels: {}
3576
## Final form of the hostname for each per replica route is
3577
## {{ routePerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ routePerReplica.hostDomain }}
3578
##
3579
## Prefix for the per replica route that will have `-$replicaNumber` appended to the end
3580
hostPrefix: ""
3581
## Domain that will be used for the per replica route
3582
hostDomain: ""
3583
parentRefs: []
3584
# - name: acme-gw
3585
3586
# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
3587
## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
3588
## matches, filters and additionalRules will be ignored if this is set to true.
3589
httpsRedirect: false
3590
## Filters define the filters that are applied to requests that match this rule.
3591
filters: []
3592
matches:
3593
- path:
3594
type: PathPrefix
3595
value: /
3596
## Session persistence configuration for the route rule.
3597
sessionPersistence: {}
3598
# sessionName: route
3599
# type: Cookie
3600
# absoluteTimeout: 12h
3601
# cookieConfig:
3602
# lifetimeType: Permanent
3603
3604
## Additional custom rules that can be added to the route
3605
additionalRules: []
3606
serviceMonitor:
3607
## If true, create a serviceMonitor for prometheus
3608
##
3609
selfMonitor: true
3610
## Scrape interval. If not set, the Prometheus default scrape interval is used.
3611
##
3612
interval: ""
3613
## Additional labels
3614
##
3615
additionalLabels: {}
3616
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
3617
##
3618
sampleLimit: 0
3619
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
3620
##
3621
targetLimit: 0
3622
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
3623
##
3624
labelLimit: 0
3625
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
3626
##
3627
labelNameLengthLimit: 0
3628
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
3629
##
3630
labelValueLengthLimit: 0
3631
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
3632
scheme: ""
3633
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
3634
## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
3635
tlsConfig: {}
3636
bearerTokenFile:
3637
## Metric relabel configs to apply to samples before ingestion.
3638
##
3639
metricRelabelings: []
3640
# - action: keep
3641
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
3642
# sourceLabels: [__name__]
3643
3644
# relabel configs to apply to samples before ingestion.
3645
##
3646
relabelings: []
3647
# - sourceLabels: [__meta_kubernetes_pod_node_name]
3648
# separator: ;
3649
# regex: ^(.*)$
3650
# targetLabel: nodename
3651
# replacement: $1
3652
# action: replace
3653
3654
## Additional Endpoints
3655
##
3656
additionalEndpoints: []
3657
# - port: oauth-metrics
3658
# path: /metrics
3659
## Settings affecting prometheusSpec
3660
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheusspec
3661
##
3662
prometheusSpec:
3663
## Statefulset's persistent volume claim retention policy
3664
## whenDeleted and whenScaled determine whether
3665
## statefulset's PVCs are deleted (true) or retained (false)
3666
## on scaling down and deleting statefulset, respectively.
3667
## Requires Kubernetes version 1.27.0+.
3668
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
3669
persistentVolumeClaimRetentionPolicy: {}
3670
# whenDeleted: Retain
3671
# whenScaled: Retain
3672
3673
## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos
3674
##
3675
disableCompaction: false
3676
## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod,
3677
## If the field isn't set, the operator mounts the service account token by default.
3678
## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery,
3679
## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container.
3680
automountServiceAccountToken: true
3681
## APIServerConfig
3682
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#apiserverconfig
3683
##
3684
apiserverConfig: {}
3685
## Allows setting additional arguments for the Prometheus container
3686
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus
3687
additionalArgs: []
3688
## Convert all classic histograms to native histograms with custom buckets.
3689
## This corresponds to the 'convert_classic_histograms_to_nhcb' field in Prometheus configuration.
3690
##
3691
convertClassicHistogramsToNHCB: false
3692
## Enable scraping of classic histograms that are also exposed as native histograms.
3693
## This corresponds to the 'always_scrape_classic_histograms' field in Prometheus configuration.
3694
##
3695
scrapeClassicHistograms: false
3696
## Enable scraping of native histograms.
3697
## This corresponds to the 'scrape_native_histograms' field in Prometheus configuration.
3698
##
3699
scrapeNativeHistograms: false
3700
## File to which scrape failures are logged.
3701
## Reloading the configuration will reopen the file.
3702
## Defaults to empty (disabled)
3703
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus
3704
##
3705
scrapeFailureLogFile: ""
3706
## Interval between consecutive scrapes.
3707
## Defaults to 30s.
3708
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183
3709
##
3710
scrapeInterval: ""
3711
## Number of seconds to wait for target to respond before erroring
3712
##
3713
scrapeTimeout: ""
3714
## List of scrape classes to expose to scraping objects such as
3715
## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.
3716
##
3717
scrapeClasses: []
3718
# - name: istio-mtls
3719
# default: false
3720
# tlsConfig:
3721
# caFile: /etc/prometheus/secrets/istio.default/root-cert.pem
3722
# certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem
3723
3724
## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects.
3725
##
3726
podTargetLabels: []
3727
# - customlabel
3728
3729
## Interval between consecutive evaluations.
3730
##
3731
evaluationInterval: ""
3732
## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
3733
##
3734
listenLocal: false
3735
## enableOTLPReceiver enables the OTLP receiver for Prometheus.
3736
enableOTLPReceiver: false
3737
## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series.
3738
## This is disabled by default.
3739
## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
3740
##
3741
enableAdminAPI: false
3742
## Sets version of Prometheus overriding the Prometheus version as derived
3743
## from the image tag. Useful in cases where the tag does not follow semver v2.
3744
version: ""
3745
## WebTLSConfig defines the TLS parameters for HTTPS
3746
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#webtlsconfig
3747
web: {}
3748
## Exemplars related settings that are runtime reloadable.
3749
## It requires to enable the exemplar storage feature to be effective.
3750
exemplars: {}
3751
## Maximum number of exemplars stored in memory for all series.
3752
## If not set, Prometheus uses its default value.
3753
## A value of zero or less than zero disables the storage.
3754
# maxSize: 100000
3755
3756
# EnableFeatures API enables access to Prometheus disabled features.
3757
# ref: https://prometheus.io/docs/prometheus/latest/feature_flags/
3758
enableFeatures: []
3759
# - exemplar-storage
3760
3761
## https://prometheus.io/docs/guides/opentelemetry
3762
##
3763
otlp: {}
3764
# promoteResourceAttributes: []
3765
# keepIdentifyingResourceAttributes: false
3766
# translationStrategy: NoUTF8EscapingWithSuffixes
3767
# convertHistogramsToNHCB: false
3768
3769
##
3770
serviceName:
3771
## Image of Prometheus.
3772
##
3773
image:
3774
registry: cgr.dev
3775
repository: scratch-images/test-tmp/prometheus
3776
tag: 3.12.0-r5
3777
sha: sha256:591ad319717a7eac56c89dedf513efad51ad27c36da3f33573c23f166db8df93
3778
pullPolicy: IfNotPresent
3779
## Tolerations for use with node taints
3780
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
3781
##
3782
tolerations: []
3783
# - key: "key"
3784
# operator: "Equal"
3785
# value: "value"
3786
# effect: "NoSchedule"
3787
3788
## If specified, the pod's topology spread constraints.
3789
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
3790
##
3791
topologySpreadConstraints: []
3792
# - maxSkew: 1
3793
# topologyKey: topology.kubernetes.io/zone
3794
# whenUnsatisfiable: DoNotSchedule
3795
# labelSelector:
3796
# matchLabels:
3797
# app: prometheus
3798
3799
## Disable alerting
3800
##
3801
disableAlerting: false
3802
## Alertmanagers to which alerts will be sent
3803
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerendpoints
3804
##
3805
## Default configuration will connect to the alertmanager deployed as part of this release
3806
##
3807
alertingEndpoints: []
3808
# - name: ""
3809
# namespace: ""
3810
# port: http
3811
# scheme: http
3812
# pathPrefix: ""
3813
# tlsConfig: {}
3814
# bearerTokenFile: ""
3815
# apiVersion: v2
3816
3817
## External labels to add to any time series or alerts when communicating with external systems
3818
##
3819
externalLabels: {}
3820
## enable --web.enable-remote-write-receiver flag on prometheus-server
3821
##
3822
enableRemoteWriteReceiver: false
3823
## Name of the external label used to denote replica name
3824
##
3825
replicaExternalLabelName: ""
3826
## If true, the Operator won't add the external label used to denote replica name
3827
##
3828
replicaExternalLabelNameClear: false
3829
## Name of the external label used to denote Prometheus instance name
3830
##
3831
prometheusExternalLabelName: ""
3832
## If true, the Operator won't add the external label used to denote Prometheus instance name
3833
##
3834
prometheusExternalLabelNameClear: false
3835
## External URL at which Prometheus will be reachable.
3836
##
3837
externalUrl: ""
3838
## Define which Nodes the Pods are scheduled on.
3839
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
3840
##
3841
nodeSelector: {}
3842
## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
3843
## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
3844
## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated
3845
## with the new list of secrets.
3846
##
3847
secrets: []
3848
## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
3849
## The ConfigMaps are mounted into /etc/prometheus/configmaps/.
3850
##
3851
configMaps: []
3852
## QuerySpec defines the query command line flags when starting Prometheus.
3853
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#queryspec
3854
##
3855
query: {}
3856
## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery.
3857
ruleNamespaceSelector: {}
3858
## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel"
3859
# ruleNamespaceSelector:
3860
# matchLabels:
3861
# prometheus: somelabel
3862
3863
## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
3864
## prometheus resource to be created with selectors based on values in the helm deployment,
3865
## which will also match the PrometheusRule resources created
3866
##
3867
ruleSelectorNilUsesHelmValues: true
3868
## PrometheusRules to be selected for target discovery.
3869
## If {}, select all PrometheusRules
3870
##
3871
ruleSelector: {}
3872
## Example which select all PrometheusRules resources
3873
## with label "prometheus" with values any of "example-rules" or "example-rules-2"
3874
# ruleSelector:
3875
# matchExpressions:
3876
# - key: prometheus
3877
# operator: In
3878
# values:
3879
# - example-rules
3880
# - example-rules-2
3881
#
3882
## Example which select all PrometheusRules resources with label "role" set to "example-rules"
3883
# ruleSelector:
3884
# matchLabels:
3885
# role: example-rules
3886
3887
## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the
3888
## prometheus resource to be created with selectors based on values in the helm deployment,
3889
## which will also match the servicemonitors created
3890
##
3891
serviceMonitorSelectorNilUsesHelmValues: true
3892
## ServiceMonitors to be selected for target discovery.
3893
## If {}, select all ServiceMonitors
3894
##
3895
serviceMonitorSelector: {}
3896
## Example which selects ServiceMonitors with label "prometheus" set to "somelabel"
3897
# serviceMonitorSelector:
3898
# matchLabels:
3899
# prometheus: somelabel
3900
3901
## Namespaces to be selected for ServiceMonitor discovery.
3902
##
3903
serviceMonitorNamespaceSelector: {}
3904
## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel"
3905
# serviceMonitorNamespaceSelector:
3906
# matchLabels:
3907
# prometheus: somelabel
3908
3909
## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the
3910
## prometheus resource to be created with selectors based on values in the helm deployment,
3911
## which will also match the podmonitors created
3912
##
3913
podMonitorSelectorNilUsesHelmValues: true
3914
## PodMonitors to be selected for target discovery.
3915
## If {}, select all PodMonitors
3916
##
3917
podMonitorSelector: {}
3918
## Example which selects PodMonitors with label "prometheus" set to "somelabel"
3919
# podMonitorSelector:
3920
# matchLabels:
3921
# prometheus: somelabel
3922
3923
## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery.
3924
podMonitorNamespaceSelector: {}
3925
## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel"
3926
# podMonitorNamespaceSelector:
3927
# matchLabels:
3928
# prometheus: somelabel
3929
3930
## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
3931
## prometheus resource to be created with selectors based on values in the helm deployment,
3932
## which will also match the probes created
3933
##
3934
probeSelectorNilUsesHelmValues: true
3935
## Probes to be selected for target discovery.
3936
## If {}, select all Probes
3937
##
3938
probeSelector: {}
3939
## Example which selects Probes with label "prometheus" set to "somelabel"
3940
# probeSelector:
3941
# matchLabels:
3942
# prometheus: somelabel
3943
3944
## If nil, select own namespace. Namespaces to be selected for Probe discovery.
3945
probeNamespaceSelector: {}
3946
## Example which selects Probe in namespaces with label "prometheus" set to "somelabel"
3947
# probeNamespaceSelector:
3948
# matchLabels:
3949
# prometheus: somelabel
3950
3951
## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the
3952
## prometheus resource to be created with selectors based on values in the helm deployment,
3953
## which will also match the scrapeConfigs created
3954
##
3955
## If null and scrapeConfigSelector is also null, exclude field from the prometheusSpec
3956
## (keeping downward compatibility with older versions of CRD)
3957
##
3958
scrapeConfigSelectorNilUsesHelmValues: true
3959
## scrapeConfigs to be selected for target discovery.
3960
## If {}, select all scrapeConfigs
3961
##
3962
scrapeConfigSelector: {}
3963
## Example which selects scrapeConfigs with label "prometheus" set to "somelabel"
3964
# scrapeConfigSelector:
3965
# matchLabels:
3966
# prometheus: somelabel
3967
3968
## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery.
3969
## If null, exclude the field from the prometheusSpec (keeping downward compatibility with older versions of CRD)
3970
scrapeConfigNamespaceSelector: {}
3971
## Example which selects scrapeConfig in namespaces with label "prometheus" set to "somelabel"
3972
# scrapeConfigNamespaceSelector:
3973
# matchLabels:
3974
# prometheus: somelabel
3975
3976
## How long to retain metrics
3977
##
3978
retention: 10d
3979
## Maximum size of metrics
3980
## Unit format should be in the form of "50GiB"
3981
retentionSize: ""
3982
## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration
3983
## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb
3984
tsdb:
3985
outOfOrderTimeWindow: 0s
3986
## Enable compression of the write-ahead log using Snappy.
3987
##
3988
walCompression: true
3989
## If true, the Operator won't process any Prometheus configuration changes
3990
##
3991
paused: false
3992
## Number of replicas of each shard to deploy for a Prometheus deployment.
3993
## Number of replicas multiplied by shards is the total number of Pods created.
3994
##
3995
replicas: 1
3996
## EXPERIMENTAL: Number of shards to distribute targets onto.
3997
## Number of replicas multiplied by shards is the total number of Pods created.
3998
## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved.
3999
## Increasing shards will not reshard data either but it will continue to be available from the same instances.
4000
## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location.
4001
## Sharding is done on the content of the `__address__` target meta-label.
4002
## Set shards to null to omit spec.shards from the Prometheus custom resource (the operator then
4003
## defaults to 1 shard). Omitting the field lets an external autoscaler such as an HPA or a KEDA
4004
## ScaledObject own spec.shards through the /scale subresource without Helm reverting it.
4005
##
4006
shards: 1
4007
## Log level for Prometheus be configured in
4008
##
4009
logLevel: info
4010
## Log format for Prometheus be configured in
4011
##
4012
logFormat: logfmt
4013
## Prefix used to register routes, overriding externalUrl route.
4014
## Useful for proxies that rewrite URLs.
4015
##
4016
routePrefix: /
4017
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
4018
## Metadata Labels and Annotations gets propagated to the prometheus pods.
4019
##
4020
podMetadata: {}
4021
# labels:
4022
# app: prometheus
4023
# k8s-app: prometheus
4024
4025
## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
4026
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
4027
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
4028
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
4029
podAntiAffinity: "soft"
4030
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
4031
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
4032
##
4033
podAntiAffinityTopologyKey: kubernetes.io/hostname
4034
## Assign custom affinity rules to the prometheus instance
4035
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
4036
##
4037
affinity: {}
4038
# nodeAffinity:
4039
# requiredDuringSchedulingIgnoredDuringExecution:
4040
# nodeSelectorTerms:
4041
# - matchExpressions:
4042
# - key: kubernetes.io/e2e-az-name
4043
# operator: In
4044
# values:
4045
# - e2e-az1
4046
# - e2e-az2
4047
4048
## The remote_read spec configuration for Prometheus.
4049
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotereadspec
4050
remoteRead: []
4051
# - url: http://remote1/read
4052
## additionalRemoteRead is appended to remoteRead
4053
additionalRemoteRead: []
4054
## The remote_write spec configuration for Prometheus.
4055
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotewritespec
4056
remoteWrite: []
4057
# - url: http://remote1/push
4058
## additionalRemoteWrite is appended to remoteWrite
4059
additionalRemoteWrite: []
4060
## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature
4061
remoteWriteDashboards: false
4062
## Resource limits & requests
4063
##
4064
resources: {}
4065
# requests:
4066
# memory: 400Mi
4067
4068
## Prometheus StorageSpec for persistent data
4069
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md
4070
##
4071
storageSpec: {}
4072
## Using PersistentVolumeClaim
4073
##
4074
# volumeClaimTemplate:
4075
# spec:
4076
# storageClassName: gluster
4077
# accessModes: ["ReadWriteOnce"]
4078
# resources:
4079
# requests:
4080
# storage: 50Gi
4081
# selector: {}
4082
4083
## Using tmpfs volume
4084
##
4085
# emptyDir:
4086
# medium: Memory
4087
4088
# Additional volumes on the output StatefulSet definition.
4089
volumes: []
4090
# Additional VolumeMounts on the output StatefulSet definition.
4091
volumeMounts: []
4092
## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations
4093
## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form
4094
## as specified in the official Prometheus documentation:
4095
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are
4096
## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility
4097
## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible
4098
## scrape configs are going to break Prometheus after the upgrade.
4099
## AdditionalScrapeConfigs can be defined as a list or as a templated string.
4100
##
4101
## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the
4102
## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes
4103
##
4104
additionalScrapeConfigs: []
4105
# - job_name: kube-etcd
4106
# kubernetes_sd_configs:
4107
# - role: node
4108
# scheme: https
4109
# tls_config:
4110
# ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
4111
# cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client
4112
# key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
4113
# relabel_configs:
4114
# - action: labelmap
4115
# regex: __meta_kubernetes_node_label_(.+)
4116
# - source_labels: [__address__]
4117
# action: replace
4118
# target_label: __address__
4119
# regex: ([^:;]+):(\d+)
4120
# replacement: ${1}:2379
4121
# - source_labels: [__meta_kubernetes_node_name]
4122
# action: keep
4123
# regex: .*mst.*
4124
# - source_labels: [__meta_kubernetes_node_name]
4125
# action: replace
4126
# target_label: node
4127
# regex: (.*)
4128
# replacement: ${1}
4129
# metric_relabel_configs:
4130
# - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)
4131
# action: labeldrop
4132
#
4133
## If scrape config contains a repetitive section, you may want to use a template.
4134
## In the following example, you can see how to define `gce_sd_configs` for multiple zones
4135
# additionalScrapeConfigs: |
4136
# - job_name: "node-exporter"
4137
# gce_sd_configs:
4138
# {{range $zone := .Values.gcp_zones}}
4139
# - project: "project1"
4140
# zone: "{{$zone}}"
4141
# port: 9100
4142
# {{end}}
4143
# relabel_configs:
4144
# ...
4145
4146
## If additional scrape configurations are already deployed in a single secret file you can use this section.
4147
## Expected values are the secret name and key
4148
## Cannot be used with additionalScrapeConfigs
4149
additionalScrapeConfigsSecret: {}
4150
# enabled: false
4151
# name:
4152
# key:
4153
4154
## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful
4155
## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false'
4156
additionalPrometheusSecretsAnnotations: {}
4157
## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified
4158
## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.
4159
## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.
4160
## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this
4161
## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release
4162
## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
4163
##
4164
additionalAlertManagerConfigs: []
4165
# - consul_sd_configs:
4166
# - server: consul.dev.test:8500
4167
# scheme: http
4168
# datacenter: dev
4169
# tag_separator: ','
4170
# services:
4171
# - metrics-prometheus-alertmanager
4172
4173
## If additional alertmanager configurations are already deployed in a single secret, or you want to manage
4174
## them separately from the helm deployment, you can use this section.
4175
## Expected values are the secret name and key
4176
## Cannot be used with additionalAlertManagerConfigs
4177
additionalAlertManagerConfigsSecret: {}
4178
# name:
4179
# key:
4180
# optional: false
4181
4182
## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended
4183
## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the
4184
## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
4185
## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the
4186
## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel
4187
## configs are going to break Prometheus after the upgrade.
4188
##
4189
additionalAlertRelabelConfigs: []
4190
# - separator: ;
4191
# regex: prometheus_replica
4192
# replacement: $1
4193
# action: labeldrop
4194
4195
## If additional alert relabel configurations are already deployed in a single secret, or you want to manage
4196
## them separately from the helm deployment, you can use this section.
4197
## Expected values are the secret name and key
4198
## Cannot be used with additionalAlertRelabelConfigs
4199
additionalAlertRelabelConfigsSecret: {}
4200
# name:
4201
# key:
4202
4203
## SecurityContext holds pod-level security attributes and common container settings.
4204
## This defaults to non root user with uid 1000 and gid 2000.
4205
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md
4206
##
4207
securityContext:
4208
runAsGroup: 2000
4209
runAsNonRoot: true
4210
runAsUser: 1000
4211
fsGroup: 2000
4212
seccompProfile:
4213
type: RuntimeDefault
4214
## DNS configuration for Prometheus.
4215
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig
4216
dnsConfig: {}
4217
## DNS policy for Prometheus.
4218
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias
4219
dnsPolicy: ""
4220
## Priority class assigned to the Pods
4221
##
4222
priorityClassName: ""
4223
## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.
4224
## This section is experimental, it may change significantly without deprecation notice in any release.
4225
## This is experimental and may change significantly without backward compatibility in any release.
4226
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosspec
4227
##
4228
thanos: {}
4229
# image: quay.io/thanos/thanos
4230
# secretProviderClass:
4231
# provider: gcp
4232
# parameters:
4233
# secrets: |
4234
# - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest"
4235
# fileName: "objstore.yaml"
4236
## ObjectStorageConfig configures object storage in Thanos.
4237
# objectStorageConfig:
4238
# # use existing secret, if configured, objectStorageConfig.secret will not be used
4239
# existingSecret: {}
4240
# # name: ""
4241
# # key: ""
4242
# # will render objectStorageConfig secret data and configure it to be used by Thanos custom resource,
4243
# # ignored when prometheusspec.thanos.objectStorageConfig.existingSecret is set
4244
# # https://thanos.io/tip/thanos/storage.md/#s3
4245
# secret: {}
4246
# # type: S3
4247
# # config:
4248
# # bucket: ""
4249
# # endpoint: ""
4250
# # region: ""
4251
# # access_key: ""
4252
# # secret_key: ""
4253
4254
## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
4255
## if using proxy extraContainer update targetPort with proxy container port
4256
containers: []
4257
# containers:
4258
# - name: oauth-proxy
4259
# image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
4260
# args:
4261
# - --upstream=http://127.0.0.1:9090
4262
# - --http-address=0.0.0.0:8081
4263
# - --metrics-address=0.0.0.0:8082
4264
# - ...
4265
# ports:
4266
# - containerPort: 8081
4267
# name: oauth-proxy
4268
# protocol: TCP
4269
# - containerPort: 8082
4270
# name: oauth-metrics
4271
# protocol: TCP
4272
# resources: {}
4273
4274
## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
4275
## (permissions, dir tree) on mounted volumes before starting prometheus
4276
initContainers: []
4277
## PortName to use for Prometheus.
4278
##
4279
portName: "http-web"
4280
## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files
4281
## on the file system of the Prometheus container e.g. bearer token files.
4282
arbitraryFSAccessThroughSMs: false
4283
## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor
4284
## or PodMonitor to true, this overrides honor_labels to false.
4285
overrideHonorLabels: false
4286
## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
4287
overrideHonorTimestamps: false
4288
## When ignoreNamespaceSelectors is set to true, namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored,
4289
## they will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object,
4290
## and servicemonitors will be installed in the default service namespace.
4291
## Defaults to false.
4292
ignoreNamespaceSelectors: false
4293
## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created.
4294
## The label value will always be the namespace of the object that is being created.
4295
## Disabled by default
4296
enforcedNamespaceLabel: ""
4297
## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels.
4298
## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair
4299
## Deprecated, use `excludedFromEnforcement` instead
4300
prometheusRulesExcludedFromEnforce: []
4301
## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
4302
## to be excluded from enforcing a namespace label of origin.
4303
## Works only if enforcedNamespaceLabel set to true.
4304
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#objectreference
4305
excludedFromEnforcement: []
4306
## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable,
4307
## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such
4308
## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions
4309
## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)
4310
queryLogFile: false
4311
# Use to set global sample_limit for Prometheus. This act as default SampleLimit for ServiceMonitor or/and PodMonitor.
4312
# Set to 'false' to disable global sample_limit. or set to a number to override the default value.
4313
sampleLimit: false
4314
## TargetLimit defines a global limit on the number of scraped targets. 0 means no limit.
4315
targetLimit: 0
4316
## Per-scrape limit on number of labels that will be accepted for a sample. 0 means no limit.
4317
labelLimit: 0
4318
## Per-scrape limit on length of labels name that will be accepted for a sample. 0 means no limit.
4319
labelNameLengthLimit: 0
4320
## Per-scrape limit on length of labels value that will be accepted for a sample. 0 means no limit.
4321
labelValueLengthLimit: 0
4322
## Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.
4323
keepDroppedTargets: 0
4324
## BodySizeLimit defines a global limit on the size of uncompressed response body that will be accepted. Example: 100MB.
4325
bodySizeLimit: ""
4326
## EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted, overriding any
4327
## value set per ServiceMonitor/PodMonitor. Example: 100MB. Empty means no limit.
4328
enforcedBodySizeLimit: ""
4329
# EnforcedKeepDroppedTargetsLimit defines on the number of targets dropped by relabeling that will be kept in memory.
4330
# The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets
4331
# is greater than zero and less than spec.enforcedKeepDroppedTargets. 0 means no limit.
4332
enforcedKeepDroppedTargets: 0
4333
## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit
4334
## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall
4335
## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.
4336
enforcedSampleLimit: false
4337
## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set
4338
## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall
4339
## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except
4340
## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.
4341
enforcedTargetLimit: false
4342
## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present
4343
## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions
4344
## 2.27.0 and newer.
4345
enforcedLabelLimit: false
4346
## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number
4347
## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions
4348
## 2.27.0 and newer.
4349
enforcedLabelNameLengthLimit: false
4350
## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this
4351
## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus
4352
## versions 2.27.0 and newer.
4353
enforcedLabelValueLengthLimit: false
4354
## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental
4355
## in Prometheus so it may change in any upcoming release.
4356
allowOverlappingBlocks: false
4357
## Specifies the validation scheme for metric and label names.
4358
## Supported values are: Legacy, UTF8
4359
nameValidationScheme: ""
4360
## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
4361
## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
4362
minReadySeconds: 0
4363
## Duration in seconds the pod needs to terminate gracefully.
4364
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
4365
terminationGracePeriodSeconds: ~
4366
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
4367
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
4368
# Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it.
4369
# When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically.
4370
hostNetwork: false
4371
## Use the host's user namespace for Prometheus pods.
4372
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
4373
hostUsers: ~
4374
# HostAlias holds the mapping between IP and hostnames that will be injected
4375
# as an entry in the pod's hosts file.
4376
hostAliases: []
4377
# - ip: 10.10.0.100
4378
# hostnames:
4379
# - a1.app.local
4380
# - b1.app.local
4381
4382
## TracingConfig configures tracing in Prometheus.
4383
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheustracingconfig
4384
tracingConfig: {}
4385
## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.
4386
## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role.
4387
serviceDiscoveryRole: ""
4388
## EnableServiceLinks indicates whether information about services should be injected into the pod's environment
4389
## variables. Uses the operator/Kubernetes default when left unset (~).
4390
enableServiceLinks: ~
4391
## Set the scheduler name to use for the Prometheus pods.
4392
schedulerName: ""
4393
## Specifies the character escaping scheme applied to metric and label names.
4394
## Supported values are: AllowUTF8, Underscores, Dots, Values
4395
nameEscapingScheme: ""
4396
## Defines the strategy used to reload the Prometheus configuration.
4397
## Supported values are: HTTP, ProcessSignal
4398
reloadStrategy: ""
4399
## Defines the offset the rule evaluation timestamp of the rule evaluation queries is shifted backwards.
4400
## ref: https://github.com/prometheus-community/helm-charts/issues/5843
4401
ruleQueryOffset: ""
4402
## RuntimeConfig configures the values for the Prometheus process behavior.
4403
runtime: {}
4404
# goGC: 75
4405
4406
## Defines the sharding strategy applied by the operator.
4407
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ShardingStrategy
4408
shardingStrategy: {}
4409
## Defines the retention policy for the resources of stale shards after a scale-down.
4410
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ShardRetentionPolicy
4411
shardRetentionPolicy: {}
4412
## List of the protobuf message versions to accept when receiving the remote writes. Example: [V1.0, V2.0].
4413
remoteWriteReceiverMessageVersions: []
4414
## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.
4415
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
4416
podManagementPolicy: ""
4417
## Update strategy for the StatefulSet.
4418
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
4419
updateStrategy: {}
4420
# type: RollingUpdate
4421
# rollingUpdate:
4422
# maxUnavailable: 1
4423
4424
## Additional configuration which is not covered by the properties above. (passed through tpl)
4425
additionalConfig: {}
4426
## Additional configuration which is not covered by the properties above.
4427
## Useful, if you need advanced templating inside alertmanagerSpec.
4428
## Otherwise, use prometheus.prometheusSpec.additionalConfig (passed through tpl)
4429
additionalConfigString: ""
4430
## Defines the maximum time that the `prometheus` container's startup probe
4431
## will wait before being considered failed. The startup probe will return
4432
## success after the WAL replay is complete. If set, the value should be
4433
## greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15
4434
## minutes).
4435
maximumStartupDurationSeconds: 0
4436
## Set default scrapeProtocols for Prometheus instances
4437
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias
4438
scrapeProtocols: []
4439
additionalRulesForClusterRole: []
4440
# - apiGroups: [ "" ]
4441
# resources:
4442
# - nodes/proxy
4443
# verbs: [ "get", "list", "watch" ]
4444
4445
additionalServiceMonitors: []
4446
## Name of the ServiceMonitor to create
4447
##
4448
# - name: ""
4449
4450
## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from
4451
## the chart
4452
##
4453
# additionalLabels: {}
4454
4455
## Service label for use in assembling a job name of the form <label value>-<port>
4456
## If no label is specified, the service name is used.
4457
##
4458
# jobLabel: ""
4459
4460
## labels to transfer from the kubernetes service to the target
4461
##
4462
# targetLabels: []
4463
4464
## labels to transfer from the kubernetes pods to the target
4465
##
4466
# podTargetLabels: []
4467
4468
## Label selector for services to which this ServiceMonitor applies
4469
##
4470
# selector: {}
4471
## Example which selects all services to be monitored
4472
## with label "monitoredby" with values any of "example-service-1" or "example-service-2"
4473
# matchExpressions:
4474
# - key: "monitoredby"
4475
# operator: In
4476
# values:
4477
# - example-service-1
4478
# - example-service-2
4479
4480
## label selector for services
4481
##
4482
# matchLabels: {}
4483
4484
## Namespaces from which services are selected
4485
##
4486
# namespaceSelector:
4487
## Match any namespace
4488
##
4489
# any: false
4490
4491
## Explicit list of namespace names to select
4492
##
4493
# matchNames: []
4494
4495
## Endpoints of the selected service to be monitored
4496
##
4497
# endpoints: []
4498
## Name of the endpoint's service port
4499
## Mutually exclusive with targetPort
4500
# - port: ""
4501
4502
## Name or number of the endpoint's target port
4503
## Mutually exclusive with port
4504
# - targetPort: ""
4505
4506
## File containing bearer token to be used when scraping targets
4507
##
4508
# bearerTokenFile: ""
4509
4510
## Interval at which metrics should be scraped
4511
##
4512
# interval: 30s
4513
4514
## HTTP path to scrape for metrics
4515
##
4516
# path: /metrics
4517
4518
## HTTP scheme to use for scraping
4519
##
4520
# scheme: http
4521
4522
## TLS configuration to use when scraping the endpoint
4523
##
4524
# tlsConfig:
4525
4526
## Path to the CA file
4527
##
4528
# caFile: ""
4529
4530
## Path to client certificate file
4531
##
4532
# certFile: ""
4533
4534
## Skip certificate verification
4535
##
4536
# insecureSkipVerify: false
4537
4538
## Path to client key file
4539
##
4540
# keyFile: ""
4541
4542
## Server name used to verify host name
4543
##
4544
# serverName: ""
4545
4546
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
4547
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4548
##
4549
# metricRelabelings: []
4550
# - action: keep
4551
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
4552
# sourceLabels: [__name__]
4553
4554
## RelabelConfigs to apply to samples before scraping
4555
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4556
##
4557
# relabelings: []
4558
# - sourceLabels: [__meta_kubernetes_pod_node_name]
4559
# separator: ;
4560
# regex: ^(.*)$
4561
# targetLabel: nodename
4562
# replacement: $1
4563
# action: replace
4564
4565
## Fallback scrape protocol used by Prometheus for scraping metrics
4566
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol
4567
##
4568
# fallbackScrapeProtocol: ""
4569
4570
## Attaches node metadata to the discovered targets
4571
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata
4572
##
4573
# attachMetadata:
4574
# node: true
4575
additionalPodMonitors: []
4576
## Name of the PodMonitor to create
4577
##
4578
# - name: ""
4579
## Additional labels to set used for the PodMonitorSelector. Together with standard labels from
4580
## the chart
4581
##
4582
# additionalLabels: {}
4583
4584
## Pod label for use in assembling a job name of the form <label value>-<port>
4585
## If no label is specified, the pod endpoint name is used.
4586
##
4587
# jobLabel: ""
4588
4589
## Label selector for pods to which this PodMonitor applies
4590
##
4591
# selector: {}
4592
## Example which selects all Pods to be monitored
4593
## with label "monitoredby" with values any of "example-pod-1" or "example-pod-2"
4594
# matchExpressions:
4595
# - key: "monitoredby"
4596
# operator: In
4597
# values:
4598
# - example-pod-1
4599
# - example-pod-2
4600
4601
## label selector for pods
4602
##
4603
# matchLabels: {}
4604
4605
## PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
4606
##
4607
# podTargetLabels: {}
4608
4609
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
4610
##
4611
# sampleLimit: 0
4612
4613
## Namespaces from which pods are selected
4614
##
4615
# namespaceSelector:
4616
## Match any namespace
4617
##
4618
# any: false
4619
4620
## Explicit list of namespace names to select
4621
##
4622
# matchNames: []
4623
4624
## Endpoints of the selected pods to be monitored
4625
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmetricsendpoint
4626
##
4627
# podMetricsEndpoints: []
4628
4629
## Fallback scrape protocol used by Prometheus for scraping metrics
4630
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol
4631
##
4632
# fallbackScrapeProtocol: ""
4633
4634
## Attaches node metadata to the discovered targets
4635
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata
4636
##
4637
# attachMetadata:
4638
# node: true
4639
4640
## Configuration for thanosRuler
4641
## ref: https://thanos.io/tip/components/rule.md/
4642
##
4643
thanosRuler:
4644
## Deploy thanosRuler
4645
##
4646
enabled: false
4647
## Annotations for ThanosRuler
4648
##
4649
annotations: {}
4650
## Service account for ThanosRuler to use.
4651
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
4652
##
4653
serviceAccount:
4654
create: true
4655
name: ""
4656
annotations: {}
4657
## Configure pod disruption budgets for ThanosRuler
4658
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
4659
##
4660
podDisruptionBudget:
4661
enabled: false
4662
minAvailable: 1
4663
# maxUnavailable: ""
4664
unhealthyPodEvictionPolicy: AlwaysAllow
4665
ingress:
4666
enabled: false
4667
ingressClassName: ""
4668
annotations: {}
4669
labels: {}
4670
## Hosts must be provided if Ingress is enabled.
4671
##
4672
hosts: []
4673
# - thanosruler.domain.com
4674
4675
## Paths to use for ingress rules - one path should match the thanosruler.routePrefix
4676
##
4677
paths: []
4678
# - /
4679
4680
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
4681
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
4682
# pathType: ImplementationSpecific
4683
4684
## TLS configuration for ThanosRuler Ingress
4685
## Secret must be manually created in the namespace
4686
##
4687
tls: []
4688
# - secretName: thanosruler-general-tls
4689
# hosts:
4690
# - thanosruler.example.com
4691
# -- BETA: Configure the gateway routes for the chart here.
4692
# More routes can be added by adding a dictionary key like the 'main' route.
4693
# Be aware that this is an early beta of this feature,
4694
# kube-prometheus-stack does not guarantee this works and is subject to change.
4695
# Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
4696
# [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)
4697
route:
4698
main:
4699
# -- Enables or disables the route
4700
enabled: false
4701
# -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
4702
apiVersion: gateway.networking.k8s.io/v1
4703
# -- Set the route kind
4704
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
4705
kind: HTTPRoute
4706
annotations: {}
4707
labels: {}
4708
hostnames: []
4709
# - my-filter.example.com
4710
parentRefs: []
4711
# - name: acme-gw
4712
4713
# -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
4714
## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
4715
## matches, filters and additionalRules will be ignored if this is set to true. Be are
4716
httpsRedirect: false
4717
matches:
4718
- path:
4719
type: PathPrefix
4720
value: /
4721
## Filters define the filters that are applied to requests that match this rule.
4722
filters: []
4723
## Session persistence configuration for the route rule.
4724
sessionPersistence: {}
4725
# sessionName: route
4726
# type: Cookie
4727
# absoluteTimeout: 12h
4728
# cookieConfig:
4729
# lifetimeType: Permanent
4730
4731
## Additional custom rules that can be added to the route
4732
additionalRules: []
4733
## Configuration for ThanosRuler service
4734
##
4735
service:
4736
enabled: true
4737
annotations: {}
4738
labels: {}
4739
clusterIP: ""
4740
ipDualStack:
4741
enabled: false
4742
ipFamilies: ["IPv6", "IPv4"]
4743
ipFamilyPolicy: "PreferDualStack"
4744
## Port for ThanosRuler Service to listen on
4745
##
4746
port: 10902
4747
## To be used with a proxy extraContainer port
4748
##
4749
targetPort: 10902
4750
## Port to expose on each node
4751
## Only used if service.type is 'NodePort'
4752
##
4753
nodePort: 30905
4754
## List of IP addresses at which the Prometheus server service is available
4755
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
4756
##
4757
4758
## Additional ports to open for ThanosRuler service
4759
additionalPorts: []
4760
externalIPs: []
4761
loadBalancerIP: ""
4762
loadBalancerSourceRanges: []
4763
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
4764
##
4765
externalTrafficPolicy: Cluster
4766
## Service type
4767
##
4768
type: ClusterIP
4769
## Configuration for creating a ServiceMonitor for the ThanosRuler service
4770
##
4771
serviceMonitor:
4772
## If true, create a serviceMonitor for thanosRuler
4773
##
4774
selfMonitor: true
4775
## Scrape interval. If not set, the Prometheus default scrape interval is used.
4776
##
4777
interval: ""
4778
## Additional labels
4779
##
4780
additionalLabels: {}
4781
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
4782
##
4783
sampleLimit: 0
4784
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
4785
##
4786
targetLimit: 0
4787
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
4788
##
4789
labelLimit: 0
4790
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
4791
##
4792
labelNameLengthLimit: 0
4793
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
4794
##
4795
labelValueLengthLimit: 0
4796
## proxyUrl: URL of a proxy that should be used for scraping.
4797
##
4798
proxyUrl: ""
4799
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
4800
scheme: ""
4801
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
4802
## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
4803
tlsConfig: {}
4804
bearerTokenFile:
4805
## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
4806
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4807
##
4808
metricRelabelings: []
4809
# - action: keep
4810
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
4811
# sourceLabels: [__name__]
4812
4813
## RelabelConfigs to apply to samples before scraping
4814
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4815
##
4816
relabelings: []
4817
# - sourceLabels: [__meta_kubernetes_pod_node_name]
4818
# separator: ;
4819
# regex: ^(.*)$
4820
# targetLabel: nodename
4821
# replacement: $1
4822
# action: replace
4823
4824
## Additional Endpoints
4825
##
4826
additionalEndpoints: []
4827
# - port: oauth-metrics
4828
# path: /metrics
4829
## Settings affecting thanosRulerpec
4830
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerspec
4831
##
4832
thanosRulerSpec:
4833
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
4834
## Metadata Labels and Annotations gets propagated to the ThanosRuler pods.
4835
##
4836
podMetadata: {}
4837
##
4838
serviceName:
4839
## Image of ThanosRuler
4840
##
4841
image:
4842
registry: cgr.dev
4843
repository: scratch-images/test-tmp/thanos
4844
tag: 0.42.0-r0
4845
sha: sha256:2be9cce4b0e959142151f3c38b00bcae28fc43952103306e2ee9f838dafb2a56
4846
## Namespaces to be selected for PrometheusRules discovery.
4847
## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
4848
## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#namespaceselector for usage
4849
##
4850
ruleNamespaceSelector: {}
4851
## If true, a nil or {} value for thanosRuler.thanosRulerSpec.ruleSelector will cause the
4852
## prometheus resource to be created with selectors based on values in the helm deployment,
4853
## which will also match the PrometheusRule resources created
4854
##
4855
ruleSelectorNilUsesHelmValues: true
4856
## PrometheusRules to be selected for target discovery.
4857
## If {}, select all PrometheusRules
4858
##
4859
ruleSelector: {}
4860
## Example which select all PrometheusRules resources
4861
## with label "prometheus" with values any of "example-rules" or "example-rules-2"
4862
# ruleSelector:
4863
# matchExpressions:
4864
# - key: prometheus
4865
# operator: In
4866
# values:
4867
# - example-rules
4868
# - example-rules-2
4869
#
4870
## Example which select all PrometheusRules resources with label "role" set to "example-rules"
4871
# ruleSelector:
4872
# matchLabels:
4873
# role: example-rules
4874
4875
## Define Log Format
4876
# Use logfmt (default) or json logging
4877
logFormat: logfmt
4878
## Log level for ThanosRuler to be configured with.
4879
##
4880
logLevel: info
4881
## Size is the expected size of the thanosRuler cluster. The controller will eventually make the size of the
4882
## running cluster equal to the expected size.
4883
replicas: 1
4884
## Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression
4885
## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
4886
##
4887
retention: 24h
4888
## Interval between consecutive evaluations.
4889
##
4890
evaluationInterval: ""
4891
## Storage is the definition of how storage will be used by the ThanosRuler instances.
4892
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md
4893
##
4894
storage: {}
4895
# volumeClaimTemplate:
4896
# spec:
4897
# storageClassName: gluster
4898
# accessModes: ["ReadWriteOnce"]
4899
# resources:
4900
# requests:
4901
# storage: 50Gi
4902
# selector: {}
4903
4904
## AlertmanagerConfig define configuration for connecting to alertmanager.
4905
## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg.
4906
alertmanagersConfig:
4907
# use existing secret, if configured, alertmanagersConfig.secret will not be used
4908
existingSecret: {}
4909
# name: ""
4910
# key: ""
4911
# will render alertmanagersConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when alertmanagersConfig.existingSecret is set
4912
# https://thanos.io/tip/components/rule.md/#alertmanager
4913
secret: {}
4914
# alertmanagers:
4915
# - api_version: v2
4916
# http_config:
4917
# basic_auth:
4918
# username: some_user
4919
# password: some_pass
4920
# static_configs:
4921
# - alertmanager.thanos.io
4922
# scheme: http
4923
# timeout: 10s
4924
## DEPRECATED. Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, alertmanagersConfig should be used instead.
4925
## Note: this field will be ignored if alertmanagersConfig is specified. Maps to the alertmanagers.url Thanos Ruler arg.
4926
# alertmanagersUrl:
4927
4928
## The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. string false
4929
##
4930
externalPrefix:
4931
## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}
4932
## will be used as value for externalPrefix
4933
externalPrefixNilUsesHelmValues: true
4934
## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
4935
## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
4936
##
4937
routePrefix: /
4938
## ObjectStorageConfig configures object storage in Thanos
4939
objectStorageConfig:
4940
# use existing secret, if configured, objectStorageConfig.secret will not be used
4941
existingSecret: {}
4942
# name: ""
4943
# key: ""
4944
# will render objectStorageConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when objectStorageConfig.existingSecret is set
4945
# https://thanos.io/tip/thanos/storage.md/#s3
4946
secret: {}
4947
# type: S3
4948
# config:
4949
# bucket: ""
4950
# endpoint: ""
4951
# region: ""
4952
# access_key: ""
4953
# secret_key: ""
4954
## Labels by name to drop before sending to alertmanager
4955
## Maps to the --alert.label-drop flag of thanos ruler.
4956
alertDropLabels: []
4957
## QueryEndpoints defines Thanos querier endpoints from which to query metrics.
4958
## Maps to the --query flag of thanos ruler.
4959
queryEndpoints: []
4960
## Define configuration for connecting to thanos query instances. If this is defined, the queryEndpoints field will be ignored.
4961
## Maps to the query.config CLI argument. Only available with thanos v0.11.0 and higher.
4962
queryConfig:
4963
# use existing secret, if configured, queryConfig.secret will not be used
4964
existingSecret: {}
4965
# name: ""
4966
# key: ""
4967
# render queryConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when queryConfig.existingSecret is set
4968
# https://thanos.io/tip/components/rule.md/#query-api
4969
secret: {}
4970
# - http_config:
4971
# basic_auth:
4972
# username: some_user
4973
# password: some_pass
4974
# static_configs:
4975
# - URL
4976
# scheme: http
4977
# timeout: 10s
4978
## Labels configure the external label pairs to ThanosRuler. A default replica
4979
## label `thanos_ruler_replica` will be always added as a label with the value
4980
## of the pod's name and it will be dropped in the alerts.
4981
labels: {}
4982
## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
4983
##
4984
paused: false
4985
## Allows setting additional arguments for the ThanosRuler container
4986
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosruler
4987
##
4988
additionalArgs: []
4989
# - name: remote-write.config
4990
# value: |-
4991
# "remote_write":
4992
# - "name": "receiver-0"
4993
# "remote_timeout": "30s"
4994
# "url": "http://thanos-receiver-0.thanos-receiver:8081/api/v1/receive"
4995
4996
## Define which Nodes the Pods are scheduled on.
4997
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
4998
##
4999
nodeSelector: {}
5000
## Define resources requests and limits for single Pods.
5001
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
5002
##
5003
resources: {}
5004
# requests:
5005
# memory: 400Mi
5006
5007
## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
5008
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
5009
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
5010
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
5011
##
5012
podAntiAffinity: "soft"
5013
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
5014
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
5015
##
5016
podAntiAffinityTopologyKey: kubernetes.io/hostname
5017
## Assign custom affinity rules to the thanosRuler instance
5018
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
5019
##
5020
affinity: {}
5021
# nodeAffinity:
5022
# requiredDuringSchedulingIgnoredDuringExecution:
5023
# nodeSelectorTerms:
5024
# - matchExpressions:
5025
# - key: kubernetes.io/e2e-az-name
5026
# operator: In
5027
# values:
5028
# - e2e-az1
5029
# - e2e-az2
5030
5031
## If specified, the pod's tolerations.
5032
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
5033
##
5034
tolerations: []
5035
# - key: "key"
5036
# operator: "Equal"
5037
# value: "value"
5038
# effect: "NoSchedule"
5039
5040
## If specified, the pod's topology spread constraints.
5041
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
5042
##
5043
topologySpreadConstraints: []
5044
# - maxSkew: 1
5045
# topologyKey: topology.kubernetes.io/zone
5046
# whenUnsatisfiable: DoNotSchedule
5047
# labelSelector:
5048
# matchLabels:
5049
# app: thanos-ruler
5050
5051
## SecurityContext holds pod-level security attributes and common container settings.
5052
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
5053
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
5054
##
5055
securityContext:
5056
runAsGroup: 2000
5057
runAsNonRoot: true
5058
runAsUser: 1000
5059
fsGroup: 2000
5060
seccompProfile:
5061
type: RuntimeDefault
5062
## Use the host's user namespace for ThanosRuler pods.
5063
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
5064
hostUsers: ~
5065
## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP.
5066
## Note this is only for the ThanosRuler UI, not the gossip communication.
5067
##
5068
listenLocal: false
5069
## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an ThanosRuler pod.
5070
##
5071
containers: []
5072
## Additional environment variables to set on the ThanosRuler container.
5073
## This is rendered through the Prometheus Operator strategic merge patch.
5074
##
5075
extraEnv: []
5076
# - name: EXAMPLE
5077
# value: test
5078
5079
# Additional volumes on the output StatefulSet definition.
5080
volumes: []
5081
# Additional VolumeMounts on the output StatefulSet definition.
5082
volumeMounts: []
5083
## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
5084
## (permissions, dir tree) on mounted volumes before starting prometheus
5085
initContainers: []
5086
## Priority class assigned to the Pods
5087
##
5088
priorityClassName: ""
5089
## PortName to use for ThanosRuler.
5090
##
5091
portName: "web"
5092
## Duration in seconds the pod needs to terminate gracefully.
5093
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
5094
terminationGracePeriodSeconds: ~
5095
## WebTLSConfig defines the TLS parameters for HTTPS
5096
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerwebspec
5097
web: {}
5098
## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.
5099
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
5100
podManagementPolicy: ""
5101
## Update strategy for the StatefulSet.
5102
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
5103
updateStrategy: {}
5104
# type: RollingUpdate
5105
# rollingUpdate:
5106
# maxUnavailable: 1
5107
5108
## Version of Thanos Ruler to deploy. Overrides the version derived from the image tag when set.
5109
version: ""
5110
## Image pull policy for the Thanos Ruler container.
5111
imagePullPolicy: ""
5112
## EnableFeatures API enables access to Thanos Ruler disabled features.
5113
enableFeatures: []
5114
## EnableServiceLinks indicates whether information about services should be injected into the
5115
## pod's environment variables. Uses the operator/Kubernetes default when left unset (~).
5116
enableServiceLinks: ~
5117
## Minimum number of seconds for which a newly created pod should be ready without any of its
5118
## containers crashing/restarting for it to be considered available.
5119
minReadySeconds: ~
5120
## Defines the DNS configuration for the pods.
5121
dnsConfig: {}
5122
# nameservers:
5123
# - 1.2.3.4
5124
# searches:
5125
# - ns1.svc.cluster-domain.example
5126
# options:
5127
# - name: ndots
5128
# value: "2"
5129
5130
## Defines the DNS policy for the pods.
5131
dnsPolicy: ""
5132
## Pods' hostAliases configuration
5133
## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
5134
hostAliases: []
5135
# - ip: 10.10.0.100
5136
# hostnames:
5137
# - a1.app.local
5138
5139
## Defines the list of remote write configurations. When not empty, the Thanos Ruler operates in stateless mode.
5140
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.RemoteWriteSpec
5141
remoteWrite: []
5142
## Configures tracing for Thanos Ruler. Maps to the tracing.config CLI argument.
5143
tracingConfig:
5144
# use existing secret, if configured, tracingConfig.secret will not be used
5145
existingSecret: {}
5146
# name: ""
5147
# key: ""
5148
# render tracingConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when tracingConfig.existingSecret is set
5149
secret: {}
5150
## Path to a tracing configuration file on disk (e.g. mounted through a volume). Takes precedence over tracingConfig.
5151
tracingConfigFile: ""
5152
## Configures alert relabeling for Thanos Ruler. Maps to the alert.relabel-config CLI argument.
5153
alertRelabelConfigs:
5154
# use existing secret, if configured, alertRelabelConfigs.secret will not be used
5155
existingSecret: {}
5156
# name: ""
5157
# key: ""
5158
# render alertRelabelConfigs secret data and configure it to be used by Thanos Ruler custom resource, ignored when alertRelabelConfigs.existingSecret is set
5159
secret: {}
5160
## Path to an alert relabel configuration file on disk. Takes precedence over alertRelabelConfigs.
5161
alertRelabelConfigFile: ""
5162
## Configures the gRPC server TLS for Thanos Ruler.
5163
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.TLSConfig
5164
grpcServerTlsConfig: {}
5165
## Path to an object storage configuration file on disk. Takes precedence over objectStorageConfig.
5166
objectStorageConfigFile: ""
5167
## Number of concurrent rule evaluations.
5168
ruleConcurrentEval: ~
5169
## Maximum time to tolerate outage for restoring "for" state of alert.
5170
ruleOutageTolerance: ""
5171
## Minimum duration between alert and restored "for" state. Maintained only for alerts with a configured "for"
5172
## time greater than the grace period.
5173
ruleGracePeriod: ""
5174
## The default rule group's query offset duration to shift the evaluation time of rules backwards.
5175
## ref: https://github.com/prometheus-community/helm-charts/issues/5843
5176
ruleQueryOffset: ""
5177
## Minimum amount of time to wait before resending an alert to Alertmanager.
5178
resendDelay: ""
5179
## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric.
5180
enforcedNamespaceLabel: ""
5181
## List of references to PrometheusRule objects to be excluded from enforcement (requires enforcedNamespaceLabel).
5182
## Can be a list of objects, or a string that is passed through tpl.
5183
excludedFromEnforcement: []
5184
## Additional configuration which is not covered by the properties above. (passed through tpl)
5185
additionalConfig: {}
5186
## Additional configuration which is not covered by the properties above.
5187
## Useful, if you need advanced templating
5188
additionalConfigString: ""
5189
## ExtraSecret can be used to store various data in an extra secret
5190
## (use it for example to store hashed basic auth credentials)
5191
extraSecret:
5192
## if not set, name will be auto generated
5193
# name: ""
5194
annotations: {}
5195
data: {}
5196
# auth: |
5197
# foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
5198
# someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
5199
## Setting to true produces cleaner resource names, but requires a data migration because the name of the persistent volume changes. Therefore this should only be set once on initial installation.
5200
##
5201
cleanPrometheusOperatorObjectNames: false
5202
## Extra manifests to deploy. Can be of type dict or list.
5203
## If dict, keys are ignored and only values are used.
5204
## Items contained within extraObjects can be defined as dict or string and are passed through tpl.
5205
extraManifests: null
5206
# - apiVersion: v1
5207
# kind: ConfigMap
5208
# metadata:
5209
# labels:
5210
# name: prometheus-extra
5211
# data:
5212
# extra-data: "value"
5213
#
5214
# can also be defined as a string, useful for templating field names
5215
# - |
5216
# apiVersion: v1
5217
# kind: Secret
5218
# type: Opaque
5219
# metadata:
5220
# name: super-secret
5221
# labels:
5222
# {{- range $key, $value := .Values.commonLabels }}
5223
# {{ $key }}: {{ $value }}
5224
# {{- end }}
5225
# data:
5226
# plaintext: Zm9vYmFy
5227
# templated: '{{ print "foobar" | upper | b64enc }}'
5228

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.