1# Default values for kube-prometheus-stack.
2# This is a YAML-formatted file.
3# Declare variables to be passed into your templates.
5## Provide a name in place of kube-prometheus-stack for `app:` labels
8## Override the deployment namespace
11## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6
13kubeTargetVersionOverride: ""
14## Allow kubeVersion to be overridden while creating the ingress
16kubeVersionOverride: ""
17## Provide a name to substitute for the full names of resources
20## Labels to apply to all resources
26## Install Prometheus Operator CRDs
30 ## The CRD upgrade job mitigates the limitation of helm not being able to upgrade CRDs.
31 ## The job will apply the CRDs to the cluster before the operator is deployed, using helm hooks.
32 ## It deploys a corresponding clusterrole, clusterrolebinding and serviceaccount to apply the CRDs.
33 ## This feature is in preview, off by default and may change in the future.
40 repository: scratch-images/test-tmp/busybox
41 tag: glibc-1.37.0-r61@sha256:19f59085b5a760212ec01b00a67b16b4dc5f8e633e6cac6f72cc232de62e5f3c
43 pullPolicy: IfNotPresent
46 repository: scratch-images/test-tmp/kubectl
48 sha: sha256:31b8e0d54fe3d9eef194cb082bbfc82e5595c428479ed68609cb38b46469605a
49 pullPolicy: IfNotPresent
51 ## Define resources requests and limits for single Pods.
52 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
58 ## Additional volume mounts
61 ## Define which Nodes the Pods are scheduled on.
62 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
65 ## Assign custom affinity rules to the upgrade-crd job
66 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
70 # requiredDuringSchedulingIgnoredDuringExecution:
73 # - key: kubernetes.io/e2e-az-name
79 ## If specified, the pod's tolerations.
80 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
86 # effect: "NoSchedule"
88 ## If specified, the pod's topology spread constraints.
89 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
91 topologySpreadConstraints: []
93 # topologyKey: topology.kubernetes.io/zone
94 # whenUnsatisfiable: DoNotSchedule
99 # ## Labels to add to the upgrade-crd job
102 ## Annotations to add to the upgrade-crd job
105 ## Labels to add to the upgrade-crd pod
108 ## Annotations to add to the upgrade-crd pod
111 ## Service account for upgrade crd job to use.
112 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
119 automountServiceAccountToken: true
120 ## Automounting API credentials for upgrade crd job pod.
122 automountServiceAccountToken: true
123 ## Container-specific security context configuration
124 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
126 containerSecurityContext:
127 allowPrivilegeEscalation: false
128 readOnlyRootFilesystem: true
132 ## SecurityContext holds pod-level security attributes and common container settings.
133 ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
134 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
143## Custom rules to override "for" and "severity" in defaultRules
146# AlertmanagerFailedReload:
148# AlertmanagerMembersInconsistent:
152## Create default rules for monitoring the cluster
159 configReloaders: true
161 k8sContainerCpuUsageSecondsTotal: true
162 k8sContainerMemoryCache: true
163 k8sContainerMemoryRss: true
164 k8sContainerMemorySwap: true
165 k8sContainerResource: true
166 k8sContainerMemoryWorkingSetBytes: true
168 kubeApiserverAvailability: true
169 kubeApiserverBurnrate: true
170 kubeApiserverHistogram: true
171 kubeApiserverSlos: true
172 kubeControllerManager: true
175 kubePrometheusGeneral: true
176 kubePrometheusNodeRecording: true
178 kubernetesResources: true
179 kubernetesStorage: true
180 kubernetesSystem: true
181 kubeSchedulerAlerting: true
182 kubeSchedulerRecording: true
183 kubeStateMetrics: true
186 nodeExporterAlerting: true
187 nodeExporterRecording: true
189 prometheusOperator: true
191 # Defines the operator for namespace selection in rules
192 # Use "=~" to include namespaces matching the pattern (default)
193 # Use "!~" to exclude namespaces matching the pattern
194 appNamespacesOperator: "=~"
195 ## Reduce app namespace alert scope
196 appNamespacesTarget: ".*"
197 ## Set keep_firing_for for all alerts
199 ## Labels for default rules
201 ## Annotations for default rules
203 ## Additional labels for PrometheusRule alerts
204 additionalRuleLabels: {}
205 ## Additional annotations for specific PrometheusRule alerts by alert name
206 additionalRuleAnnotations: {}
207 ## Additional labels for specific PrometheusRule alert groups
208 additionalRuleGroupLabels:
213 k8sContainerCpuUsageSecondsTotal: {}
214 k8sContainerMemoryCache: {}
215 k8sContainerMemoryRss: {}
216 k8sContainerMemorySwap: {}
217 k8sContainerResource: {}
219 kubeApiserverAvailability: {}
220 kubeApiserverBurnrate: {}
221 kubeApiserverHistogram: {}
222 kubeApiserverSlos: {}
223 kubeControllerManager: {}
226 kubePrometheusGeneral: {}
227 kubePrometheusNodeRecording: {}
229 kubernetesResources: {}
230 kubernetesStorage: {}
232 kubeSchedulerAlerting: {}
233 kubeSchedulerRecording: {}
237 nodeExporterAlerting: {}
238 nodeExporterRecording: {}
240 prometheusOperator: {}
241 ## Additional annotations for specific PrometheusRule alert groups
242 additionalRuleGroupAnnotations:
247 k8sContainerCpuUsageSecondsTotal: {}
248 k8sContainerMemoryCache: {}
249 k8sContainerMemoryRss: {}
250 k8sContainerMemorySwap: {}
251 k8sContainerResource: {}
253 kubeApiserverAvailability: {}
254 kubeApiserverBurnrate: {}
255 kubeApiserverHistogram: {}
256 kubeApiserverSlos: {}
257 kubeControllerManager: {}
260 kubePrometheusGeneral: {}
261 kubePrometheusNodeRecording: {}
263 kubernetesResources: {}
264 kubernetesStorage: {}
266 kubeSchedulerAlerting: {}
267 kubeSchedulerRecording: {}
271 nodeExporterAlerting: {}
272 nodeExporterRecording: {}
274 prometheusOperator: {}
275 additionalAggregationLabels: []
276 ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules.
277 runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks"
278 ## Thresholds for kubelet certificate expiration alerts (in seconds)
279 kubeletServerCertificateExpiration:
280 warning: 604800 # 7 days
281 critical: 86400 # 1 day
282 kubeletClientCertificateExpiration:
283 warning: 604800 # 7 days
284 critical: 86400 # 1 day
286 fsSelector: 'fstype!=""'
287 # fsSelector: 'fstype=~"ext[234]|btrfs|xfs|zfs"'
288 ## Disabled PrometheusRule alerts
291 # NodeRAIDDegraded: true
292## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster.
294# additionalPrometheusRules: []
295# - name: my-rule-file
300# expr: 100 * my_record
302## Provide custom recording or alerting rules to be deployed into the cluster.
304additionalPrometheusRulesMap: {}
310# expr: 100 * my_record
316 ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs
317 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
318 createAggregateClusterRoles: false
319 ## Global image registry to use if it needs to be overridden for some specific use cases (e.g. local registries, custom images, ...)
322 ## Reference to one or more secrets to be used when pulling images
323 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
326 # - name: "image-pull-secret"
328 # - "image-pull-secret"
330 ## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter')
332## Configuration for prometheus-windows-exporter
333## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter
335prometheus-windows-exporter:
336 ## Enable ServiceMonitor and set Kubernetes label to use as a job label
343 ## Set job label to 'windows-exporter' as required by the default Prometheus rules and Grafana dashboards
346 jobLabel: windows-exporter
347 ## Enable memory and container metrics as required by the default Prometheus rules and Grafana dashboards
351 enabled: '[defaults],memory,container'
352## Configuration for alertmanager
353## ref: https://prometheus.io/docs/alerting/alertmanager/
356 ## Deploy alertmanager
359 # Optional: Override the namespace where Alertmanager will be deployed.
360 namespaceOverride: ""
361 ## Annotations for Alertmanager
364 ## Additional labels for Alertmanager
367 ## API that Prometheus will use to communicate with alertmanager. Possible values are v1, v2
370 ## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features.
373 ## Create dashboard configmap even if alertmanager deployment has been disabled
375 forceDeployDashboards: false
376 ## Network Policy configuration
379 # -- Enable network policy for Alertmanager
381 # -- Define policy types. If egress is enabled, both Ingress and Egress will be used
382 # Valid values are ["Ingress"] or ["Ingress", "Egress"]
386 # -- Gateway (formerly ingress controller) configuration
389 # -- Gateway namespace
392 # -- Gateway pod labels
395 # app.kubernetes.io/name: ingress-nginx
396 # -- Additional custom ingress rules
398 additionalIngress: []
400 # - namespaceSelector:
402 # name: another-namespace
409 # app.kubernetes.io/name: loki
414 # -- Configure egress rules
417 # -- Enable egress rules. When enabled, policyTypes will include Egress
420 # -- Custom egress rules
424 # - namespaceSelector: {}
431 # -- Enable rules for alertmanager cluster traffic
433 enableClusterRules: true
434 # -- Configure monitoring component rules
437 # -- Enable ingress from Prometheus
440 # -- Enable ingress for config reloader metrics
443 ## Service account for Alertmanager to use.
444 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
450 automountServiceAccountToken: true
451 ## Configure pod disruption budgets for Alertmanager
452 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
458 unhealthyPodEvictionPolicy: AlwaysAllow
459 ## Enable vertical pod autoscaler support for Alertmanager
460 ## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
462 verticalPodAutoscaler:
464 # Recommender responsible for generating recommendation for the object.
465 # List should be empty (then the default recommender will generate the recommendation)
466 # or contain exactly one recommender.
468 # - name: custom-recommender-performance
470 # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
471 controlledResources: []
472 # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
473 # controlledValues: RequestsAndLimits
475 # Define the max allowed resources for the pod
479 # Define the min allowed resources for the pod
485 # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
486 # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".
488 ## Alertmanager configuration directives
489 ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
490 ## https://prometheus.io/webtools/alerting/routing-tree-editor/
497 - 'severity = critical'
499 - 'severity =~ warning|info'
504 - 'severity = warning'
511 - 'alertname = InfoInhibitor'
517 - 'alertname = InfoInhibitor'
519 group_by: ['namespace']
527 - alertname = "Watchdog"
531 - '/etc/alertmanager/config/*.tmpl'
532 ## Alertmanager configuration directives (as string type, preferred over the config hash map)
533 ## stringConfig will be used only if tplConfig is true
534 ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
535 ## https://prometheus.io/webtools/alerting/routing-tree-editor/
538 ## Pass the Alertmanager configuration directives through Helm's templating
539 ## engine. If the Alertmanager configuration contains Alertmanager templates,
540 ## they'll need to be properly escaped so that they are not interpreted by
542 ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
543 ## https://prometheus.io/docs/alerting/configuration/#tmpl_string
544 ## https://prometheus.io/docs/alerting/notifications/
545 ## https://prometheus.io/docs/alerting/notification_examples/
547 ## Alertmanager template files to format alerts
548 ## By default, templateFiles are placed in /etc/alertmanager/config/ and if
549 ## they have a .tmpl file suffix will be loaded. See config.templates above
550 ## to change, add other suffixes. If adding other suffixes, be sure to update
551 ## config.templates above to include those suffixes.
552 ## ref: https://prometheus.io/docs/alerting/notifications/
553 ## https://prometheus.io/docs/alerting/notification_examples/
557 ## An example template:
558 # template_1.tmpl: |-
559 # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}
561 # {{ define "slack.myorg.text" }}
563 # {{ range .Alerts }}
564 # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
565 # *Cluster:* {{ template "cluster" $root }}
566 # *Description:* {{ .Annotations.description }}
567 # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
568 # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
570 # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`
580 ## Override ingress to a different defined port on the service
582 ## Override ingress to a different service then the default, this is useful if you need to
583 ## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0)
584 # serviceName: kube-prometheus-stack-alertmanager-0
586 ## Hosts must be provided if Ingress is enabled.
589 # - alertmanager.domain.com
591 ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix
596 ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
597 ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
598 # pathType: ImplementationSpecific
600 ## TLS configuration for Alertmanager Ingress
601 ## Secret must be manually created in the namespace
604 # - secretName: alertmanager-general-tls
606 # - alertmanager.example.com
607 # -- BETA: Configure the gateway routes for the chart here.
608 # More routes can be added by adding a dictionary key like the 'main' route.
609 # Be aware that this is an early beta of this feature,
610 # kube-prometheus-stack does not guarantee this works and is subject to change.
611 # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
612 # [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)
615 # -- Enables or disables the route
617 # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
618 apiVersion: gateway.networking.k8s.io/v1
619 # -- Set the route kind
620 # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
625 # - my-filter.example.com
629 # -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
630 ## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
631 ## matches, filters and additionalRules will be ignored if this is set to true. Be are
637 ## Filters define the filters that are applied to requests that match this rule.
639 ## Session persistence configuration for the route rule.
640 sessionPersistence: {}
643 # absoluteTimeout: 12h
645 # lifetimeType: Permanent
647 ## Additional custom rules that can be added to the route
649 ## Configuration for Alertmanager secret
653 ## Configuration for creating an Ingress that will map to each Alertmanager replica service
654 ## alertmanager.servicePerReplica must be enabled
661 ## Final form of the hostname for each per replica ingress is
662 ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
664 ## Prefix for the per replica ingress that will have `-$replicaNumber`
665 ## appended to the end
667 ## Domain that will be used for the per replica ingress
669 ## Paths to use for ingress rules
674 ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
675 ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
676 # pathType: ImplementationSpecific
678 ## Secret name containing the TLS certificate for alertmanager per replica ingress
679 ## Secret must be manually created in the namespace
681 ## Separated secret for each per replica Ingress. Can be used together with cert-manager
685 ## Final form of the secret for each per replica ingress is
686 ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
688 prefix: "alertmanager"
689 ## Configuration for creating a Gateway API route that will map to each Alertmanager replica service
690 ## alertmanager.servicePerReplica must be enabled
694 # -- Enables or disables the routePerReplica
696 # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
697 apiVersion: gateway.networking.k8s.io/v1
698 # -- Set the route kind
699 # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
703 ## Final form of the hostname for each per replica route is
704 ## {{ routePerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ routePerReplica.hostDomain }}
706 ## Prefix for the per replica route that will have `-$replicaNumber` appended to the end
708 ## Domain that will be used for the per replica route
713 # -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
714 ## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
715 ## matches, filters and additionalRules will be ignored if this is set to true.
717 ## Filters define the filters that are applied to requests that match this rule.
723 ## Session persistence configuration for the route rule.
724 sessionPersistence: {}
727 # absoluteTimeout: 12h
729 # lifetimeType: Permanent
731 ## Additional custom rules that can be added to the route
733 ## Configuration for Alertmanager service
742 ipFamilies: ["IPv6", "IPv4"]
743 ipFamilyPolicy: "PreferDualStack"
744 ## Port for Alertmanager Service to listen on
747 ## Port for Alertmanager cluster communication
750 ## To be used with a proxy extraContainer port
753 ## Port to expose on each node
754 ## Only used if service.type is 'NodePort'
757 ## List of IP addresses at which the Prometheus server service is available
758 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
761 ## Additional ports to open for Alertmanager service
764 # - name: oauth-proxy
767 # - name: oauth-metrics
773 loadBalancerSourceRanges: []
774 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
776 externalTrafficPolicy: Cluster
777 ## If you want to make sure that connections from a particular client are passed to the same Pod each time
778 ## Accepts 'ClientIP' or 'None'
780 sessionAffinity: None
781 ## If you want to modify the ClientIP sessionAffinity timeout
782 ## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP"
784 sessionAffinityConfig:
786 timeoutSeconds: 10800
790 ## Configuration for creating a separate Service for each statefulset Alertmanager replica
795 ## Port for Alertmanager Service per replica to listen on
798 ## To be used with a proxy extraContainer port
800 ## Port to expose on each node
801 ## Only used if servicePerReplica.type is 'NodePort'
804 ## Loadbalancer source IP ranges
805 ## Only used if servicePerReplica.type is "LoadBalancer"
806 loadBalancerSourceRanges: []
807 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
809 externalTrafficPolicy: Cluster
813 ## Configuration for creating a ServiceMonitor for AlertManager
816 ## If true, a ServiceMonitor will be created for the AlertManager service.
819 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
825 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
828 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
831 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
834 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
836 labelNameLengthLimit: 0
837 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
839 labelValueLengthLimit: 0
840 ## proxyUrl: URL of a proxy that should be used for scraping.
843 ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
845 ## enableHttp2: Whether to enable HTTP2.
846 ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#endpoint
848 ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
849 ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
852 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
853 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
855 metricRelabelings: []
857 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
858 # sourceLabels: [__name__]
860 ## RelabelConfigs to apply to samples before scraping
861 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
864 # - sourceLabels: [__meta_kubernetes_pod_node_name]
867 # targetLabel: nodename
871 ## Additional Endpoints
873 additionalEndpoints: []
874 # - port: oauth-metrics
876 ## Settings affecting alertmanagerSpec
877 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerspec
880 ## Statefulset's persistent volume claim retention policy
881 ## whenDeleted and whenScaled determine whether
882 ## statefulset's PVCs are deleted (true) or retained (false)
883 ## on scaling down and deleting statefulset, respectively.
884 ## Requires Kubernetes version 1.27.0+.
885 ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
886 persistentVolumeClaimRetentionPolicy: {}
887 # whenDeleted: Retain
890 ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
891 ## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
896 ## Image of Alertmanager
900 repository: scratch-images/test-tmp/prometheus-alertmanager
902 sha: sha256:6d3c29114ffd83c091743e460db3dbeaec1fdc3060e3cf80a41cdaf3cfc50537
903 pullPolicy: IfNotPresent
904 ## If true then the user will be responsible to provide a secret with alertmanager configuration
905 ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used
907 useExistingSecret: false
908 ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the
909 ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
912 ## If false then the user will opt out of automounting API credentials.
914 automountServiceAccountToken: true
915 ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.
916 ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
919 ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for
920 ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config.
924 ## WebTLSConfig defines the TLS parameters for HTTPS
925 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerwebspec
927 ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with.
929 alertmanagerConfigSelector: {}
930 ## Example which selects all alertmanagerConfig resources
931 ## with label "alertconfig" with values any of "example-config" or "example-config-2"
932 # alertmanagerConfigSelector:
940 ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config"
941 # alertmanagerConfigSelector:
943 # role: example-config
945 ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.
947 alertmanagerConfigNamespaceSelector: {}
948 ## Example which selects all namespaces
949 ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2"
950 # alertmanagerConfigNamespaceSelector:
952 # - key: alertmanagerconfig
955 # - example-namespace
956 # - example-namespace-2
958 ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled"
959 # alertmanagerConfigNamespaceSelector:
961 # alertmanagerconfig: enabled
963 ## AlermanagerConfig to be used as top level configuration
965 alertmanagerConfiguration: {}
966 ## Example with select a global alertmanagerconfig
967 # alertmanagerConfiguration:
968 # name: global-alertmanager-Configuration
970 ## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg:
972 alertmanagerConfigMatcherStrategy: {}
973 ## Example with use OnNamespace strategy
974 # alertmanagerConfigMatcherStrategy:
977 ## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart)
980 # Use logfmt (default) or json logging
982 ## Log level for Alertmanager to be configured with.
985 ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the
986 ## running cluster equal to the expected size.
988 ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression
989 ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
992 ## Storage is the definition of how storage will be used by the Alertmanager instances.
993 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md
996 # volumeClaimTemplate:
998 # storageClassName: gluster
999 # accessModes: ["ReadWriteOnce"]
1005 ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false
1008 ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
1009 ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
1012 ## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS.
1014 ## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS.
1015 ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
1017 ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
1020 ## Define which Nodes the Pods are scheduled on.
1021 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
1024 ## Define resources requests and limits for single Pods.
1025 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
1031 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
1032 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
1033 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
1034 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
1036 podAntiAffinity: "soft"
1037 ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
1038 ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
1040 podAntiAffinityTopologyKey: kubernetes.io/hostname
1041 ## Assign custom affinity rules to the alertmanager instance
1042 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1046 # requiredDuringSchedulingIgnoredDuringExecution:
1047 # nodeSelectorTerms:
1048 # - matchExpressions:
1049 # - key: kubernetes.io/e2e-az-name
1055 ## If specified, the pod's tolerations.
1056 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
1062 # effect: "NoSchedule"
1064 ## If specified, the pod's topology spread constraints.
1065 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1067 topologySpreadConstraints: []
1069 # topologyKey: topology.kubernetes.io/zone
1070 # whenUnsatisfiable: DoNotSchedule
1075 ## SecurityContext holds pod-level security attributes and common container settings.
1076 ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
1077 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1085 type: RuntimeDefault
1086 ## Use the host's user namespace for Alertmanager pods.
1087 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
1089 ## DNS configuration for Alertmanager.
1090 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig
1092 ## DNS policy for Alertmanager.
1093 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias
1095 ## Enable hostNetwork for Alertmanager.
1097 ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.
1098 ## Note this is only for the Alertmanager UI, not the gossip communication.
1101 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.
1105 # - name: oauth-proxy
1106 # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
1108 # - --upstream=http://127.0.0.1:9093
1109 # - --http-address=0.0.0.0:8081
1110 # - --metrics-address=0.0.0.0:8082
1113 # - containerPort: 8081
1116 # - containerPort: 8082
1117 # name: oauth-metrics
1121 # Additional volumes on the output StatefulSet definition.
1123 # Additional VolumeMounts on the output StatefulSet definition.
1125 ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
1126 ## (permissions, dir tree) on mounted volumes before starting prometheus
1128 ## Priority class assigned to the Pods
1130 priorityClassName: ""
1131 ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
1134 ## PortName to use for Alert Manager.
1136 portName: "http-web"
1137 ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918
1139 clusterAdvertiseAddress: false
1140 ## clusterGossipInterval determines interval between gossip attempts.
1141 ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)
1142 clusterGossipInterval: ""
1143 ## clusterPeerTimeout determines timeout for cluster peering.
1144 ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)
1145 clusterPeerTimeout: ""
1146 ## clusterPushpullInterval determines interval between pushpull attempts.
1147 ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)
1148 clusterPushpullInterval: ""
1149 ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster.
1151 ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.
1152 ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.
1153 forceEnableClusterMode: false
1154 ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
1155 ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
1157 ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.
1158 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1159 podManagementPolicy: ""
1160 ## Update strategy for the StatefulSet.
1161 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1163 # type: RollingUpdate
1167 ## Duration in seconds the pod needs to terminate gracefully.
1168 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
1169 terminationGracePeriodSeconds: ~
1170 ## EnableServiceLinks indicates whether information about services should be injected into the
1171 ## pod's environment variables. Uses the operator/Kubernetes default when left unset (~).
1172 enableServiceLinks: ~
1173 ## Set the scheduler name to use for the Alertmanager pods.
1175 ## Pods' hostAliases configuration
1176 ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1182 ## Limits defines the Alertmanager limits command line flags. Requires Alertmanager >= v0.28.0.
1183 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AlertmanagerLimitsSpec
1186 # maxPerSilenceBytes: 1MB
1188 ## ClusterTLS defines the mutual TLS configuration for the Alertmanager cluster's gossip protocol.
1189 ## Requires Alertmanager >= v0.24.0.
1190 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ClusterTLSConfig
1192 ## Additional configuration which is not covered by the properties above. (passed through tpl)
1193 additionalConfig: {}
1194 ## Additional configuration which is not covered by the properties above.
1195 ## Useful, if you need advanced templating inside alertmanagerSpec.
1196 ## Otherwise, use alertmanager.alertmanagerSpec.additionalConfig (passed through tpl)
1197 additionalConfigString: ""
1198 ## ExtraSecret can be used to store various data in an extra secret
1199 ## (use it for example to store hashed basic auth credentials)
1201 ## if not set, name will be auto generated
1206 # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
1207 # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
1208## Using default values from https://github.com/grafana-community/helm-charts/blob/main/charts/grafana/values.yaml
1212 namespaceOverride: ""
1213 ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
1215 forceDeployDatasources: false
1216 ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled
1218 forceDeployDashboards: false
1219 ## Deploy default dashboards
1221 defaultDashboardsEnabled: true
1222 ## Deploy GrafanaDashboard CRDs that reference dashboards from ConfigMaps when grafana-operator is used
1223 ## These settings control how dashboards are integrated with the Grafana Operator
1224 ## Note: End user still need to create is own kind: GrafanaDataSource for Prometheus
1226 ## apiVersion: grafana.integreatly.org/v1beta1
1227 ## kind: GrafanaDatasource
1232 ## allowCrossNamespaceImport: true
1233 ## instanceSelector:
1240 ## url: http://prometheus-operated.prometheus-stack.svc.cluster.local:9090
1243 ## "tlsSkipVerify": true
1244 ## "timeInterval": "5s"
1247 ## Enable references to ConfigMaps containing dashboards in GrafanaDashboard CRs
1248 ## Set to true to allow dashboards to be loaded from ConfigMap references
1249 dashboardsConfigMapRefEnabled: false
1250 ## Annotations for GrafanaDashboard Cr
1253 ## Labels that should be matched kind: Grafana instance
1254 ## Example: { app: grafana, category: dashboard }
1257 ## How frequently the operator should resync resources (in duration format)
1258 ## Controls how often dashboards are reconciled by the operator
1261 ## Which folder contains all dashboards in Grafana
1262 ## This folder will be created on the Root level
1263 ## Only one of 'folder', 'folderUID' or 'folderRef' can be set
1266 ## Which UID of the target folder contains all dashboards in Grafana
1267 ## This allows you to use subfolder hierarchy
1268 ## Only one of 'folder', 'folderUID' or 'folderRef' can be set
1271 ## Which GrafanaFolder reference contains all dashboards in Grafana
1272 ## This allows you to use subfolder hierarchy.
1273 ## Only one of 'folder', 'folderUID' or 'folderRef' can be set
1276 ## Timezone for the default dashboards
1277 ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg
1279 defaultDashboardsTimezone: utc
1280 ## Editable flag for the default dashboards
1282 defaultDashboardsEditable: true
1283 ## Default interval for Grafana dashboards
1285 defaultDashboardsInterval: 1m
1286 # Administrator credentials when not using an existing secret (see below)
1288 # adminPassword: strongpassword
1290 # Use an existing secret for the admin user.
1292 ## Name of the secret. Can be templated.
1295 passwordKey: admin-password
1297 ## If true, Grafana PSPs will be created
1301 ## If true, Grafana Ingress will be created
1304 ## IngressClassName for Grafana Ingress.
1305 ## Should be provided if Ingress is enable.
1307 # ingressClassName: nginx
1309 ## Annotations for Grafana Ingress
1312 # kubernetes.io/ingress.class: nginx
1313 # kubernetes.io/tls-acme: "true"
1315 ## Labels to be added to the Ingress
1319 ## Must be provided if Ingress is enable.
1322 # - grafana.domain.com
1324 ## Path for grafana ingress
1326 ## TLS configuration for grafana Ingress
1327 ## Secret must be manually created in the namespace
1330 # - secretName: grafana-general-tls
1332 # - grafana.example.com
1333 # # To make Grafana persistent (Using Statefulset)
1338 # storageClassName: "storageClassName"
1343 # - kubernetes.io/pvc-protection
1350 label: grafana_dashboard
1352 # Allow discovery in all namespaces for dashboards
1353 searchNamespace: ALL
1354 # Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels
1355 enableNewTablePanelSyntax: false
1356 ## Annotations for Grafana dashboard configmaps
1365 allowUiUpdates: false
1368 defaultDatasourceEnabled: true
1369 isDefaultDatasource: true
1372 ## Extra jsonData properties to add to the datasource
1374 # prometheusType: Prometheus
1376 ## URL of prometheus datasource
1378 # url: http://prometheus-stack-prometheus:9090/
1380 ## Prometheus request timeout in seconds
1383 ## Query parameters to add, as a URL-encoded string,
1384 ## to query Prometheus
1385 # customQueryParameters: ""
1387 # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
1388 # defaultDatasourceScrapeInterval: 15s
1390 ## Annotations for Grafana datasource configmaps
1393 ## Set method for HTTP to send query to datasource
1395 ## Create datasource for each Pod of Prometheus StatefulSet;
1396 ## this uses by default the headless service `prometheus-operated` which is
1397 ## created by Prometheus Operator. In case you deployed your own Service for your
1398 ## Prometheus instance, you can specify it with the field `prometheusServiceName`
1399 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286
1400 createPrometheusReplicasDatasources: false
1401 prometheusServiceName: prometheus-operated
1402 label: grafana_datasource
1404 ## Field with internal link pointing to existing data source in Grafana.
1405 ## Can be provisioned via additionalDataSources
1406 exemplarTraceIdDestinations: {}
1407 # datasourceUid: Jaeger
1408 # traceIdLabelName: trace_id
1409 # urlDisplayLabel: View traces
1414 handleGrafanaManagedAlerts: false
1415 implementation: prometheus
1416 extraConfigmapMounts: []
1417 # - name: certs-configmap
1418 # mountPath: /etc/grafana/ssl/
1419 # configMap: certs-configmap
1422 deleteDatasources: []
1423 # - name: example-datasource
1426 ## Configure additional grafana datasources (passed through tpl)
1427 ## ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources
1428 additionalDataSources: []
1429 # - name: prometheus-sample
1433 # basicAuthPassword: pass
1434 # basicAuthUser: daco
1437 # tlsSkipVerify: true
1440 # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090
1443 ## Configure additional grafana datasources as a templated string (passed through tpl)
1444 ## Useful when you need Helm flow control or templating inside the datasource definition
1445 additionalDataSourcesString: ""
1446 # Flag to mark provisioned data sources for deletion if they are no longer configured.
1447 # It takes no effect if data sources are already listed in the deleteDatasources section.
1448 # ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-configuration-file
1450 ## Passed to grafana subchart and used by servicemonitor below
1457 # If true, a ServiceMonitor CRD is created for a prometheus operator
1458 # https://github.com/prometheus-operator/prometheus-operator
1461 # Path to use for scraping metrics. Might be different if server.root_url is set
1465 # namespace: monitoring (defaults to use the namespace this chart is deployed to)
1467 # labels for the ServiceMonitor
1470 # Extra scrape settings.
1474 # scrapeTimeout: 30s
1476 ## RelabelConfigs to apply to samples before scraping
1477 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1480 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1483 # targetLabel: nodename
1486## Flag to disable all the kubernetes component scrapers
1488kubernetesServiceMonitors:
1490## Component scraping the kube api server
1495 serverName: kubernetes
1496 insecureSkipVerify: false
1499 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
1502 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1505 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1508 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1511 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1513 labelNameLengthLimit: 0
1514 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1516 labelValueLengthLimit: 0
1517 ## proxyUrl: URL of a proxy that should be used for scraping.
1523 component: apiserver
1524 provider: kubernetes
1525 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1526 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1529 # Drop excessively noisy apiserver buckets.
1531 regex: (etcd_request|apiserver_request_slo|apiserver_request_sli|apiserver_request)_duration_seconds_bucket;(0\.15|0\.2|0\.3|0\.35|0\.4|0\.45|0\.6|0\.7|0\.8|0\.9|1\.25|1\.5|1\.75|2|3|3\.5|4|4\.5|6|7|8|9|15|20|40|45|50)(\.0)?
1536 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
1537 # sourceLabels: [__name__]
1539 ## RelabelConfigs to apply to samples before scraping
1540 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1544 # - __meta_kubernetes_namespace
1545 # - __meta_kubernetes_service_name
1546 # - __meta_kubernetes_endpoint_port_name
1548 # regex: default;kubernetes;https
1549 # - targetLabel: __address__
1550 # replacement: kubernetes.default.svc:443
1552 ## Additional labels
1554 additionalLabels: {}
1557 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1558 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1560 ## Override the job label used for the apiserver.
1561 ## This allows users who scrape apiserver metrics under a different job name (e.g. k3s-server via PushProx)
1562 ## to align the recording rules and alerts with their actual job label.
1564## Component scraping the kubelet and kubelet-hosted cAdvisor
1568 namespace: kube-system
1569 # Overrides the job selector in Grafana dashboards and Prometheus rules
1570 # For k3s clusters, change to k3s-server
1574 ## Enable scraping /metrics from kubelet's service
1576 ## Attach metadata to discovered targets. Requires Prometheus v2.45 for endpoints created by the operator.
1580 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
1583 ## If true, Prometheus use (respect) labels provided by exporter.
1586 ## If true, Prometheus ingests metrics with timestamp provided by exporter. If false, Prometheus ingests metrics with timestamp of scrape.
1588 honorTimestamps: true
1589 ## If true, defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false.
1590 ## We recommend enabling this if you want the best possible accuracy for container_ metrics scraped from cadvisor.
1591 ## For more details see: https://github.com/prometheus-community/helm-charts/pull/5063#issuecomment-2545374849
1592 trackTimestampsStaleness: true
1593 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1596 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1599 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1602 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1604 labelNameLengthLimit: 0
1605 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1607 labelValueLengthLimit: 0
1608 ## proxyUrl: URL of a proxy that should be used for scraping.
1611 ## Enable scraping the kubelet over https. For requirements to enable this see
1612 ## https://github.com/prometheus-operator/prometheus-operator/issues/926
1615 ## Skip TLS certificate validation when scraping.
1616 ## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed
1617 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs
1619 insecureSkipVerify: true
1620 ## Enable scraping /metrics/probes from kubelet's service
1623 ## Enable scraping /metrics/resource from kubelet's service
1624 ## This is disabled by default because container metrics are already exposed by cAdvisor
1627 # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource
1628 resourcePath: "/metrics/resource/v1alpha1"
1629 ## Configure the scrape interval for resource metrics. This is configured to the default Kubelet cAdvisor
1630 ## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored
1631 ## if kubelet.serviceMonitor.interval is not empty.
1632 resourceInterval: 10s
1633 ## Enable scraping /metrics/cadvisor from kubelet's service
1636 ## Configure the scrape interval for cAdvisor. This is configured to the default Kubelet cAdvisor
1637 ## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored
1638 ## if kubelet.serviceMonitor.interval is not empty.
1639 cAdvisorInterval: 10s
1640 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1641 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1643 cAdvisorMetricRelabelings:
1644 # Drop less useful container CPU metrics.
1645 - sourceLabels: [__name__]
1647 regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)'
1648 # Drop less useful container / always zero filesystem metrics.
1649 - sourceLabels: [__name__]
1651 regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)'
1652 # Drop less useful / always zero container memory metrics.
1653 - sourceLabels: [__name__]
1655 regex: 'container_memory_(mapped_file|swap)'
1656 # Drop less useful container process metrics.
1657 - sourceLabels: [__name__]
1659 regex: 'container_(file_descriptors|tasks_state|threads_max)'
1660 # Drop container_memory_failures_total{scope="hierarchy"} metrics,
1661 # we only need the container scope.
1662 - sourceLabels: [__name__, scope]
1664 regex: 'container_memory_failures_total;hierarchy'
1665 # Drop container_network_... metrics that match various interfaces that
1666 # correspond to CNI and similar interfaces. This avoids capturing network
1667 # metrics for host network containers.
1668 - sourceLabels: [__name__, interface]
1670 regex: 'container_network_.*;(cali|cilium|cni|lxc|nodelocaldns|tunl).*'
1671 # Drop container spec metrics that overlap with kube-state-metrics.
1672 - sourceLabels: [__name__]
1674 regex: 'container_spec.*'
1675 # Drop cgroup metrics with no pod.
1676 - sourceLabels: [id, pod]
1679 # - sourceLabels: [__name__, image]
1681 # regex: container_([a-z_]+);
1684 # - sourceLabels: [__name__]
1686 # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
1690 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1691 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1693 probesMetricRelabelings: []
1694 # - sourceLabels: [__name__, image]
1696 # regex: container_([a-z_]+);
1699 # - sourceLabels: [__name__]
1701 # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
1705 ## RelabelConfigs to apply to samples before scraping
1706 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1708 ## metrics_path is required to match upstream rules and charts
1709 cAdvisorRelabelings:
1711 sourceLabels: [__metrics_path__]
1712 targetLabel: metrics_path
1713 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1716 # targetLabel: nodename
1720 ## RelabelConfigs to apply to samples before scraping
1721 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1725 sourceLabels: [__metrics_path__]
1726 targetLabel: metrics_path
1727 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1730 # targetLabel: nodename
1734 ## RelabelConfigs to apply to samples before scraping
1735 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1737 resourceRelabelings:
1739 sourceLabels: [__metrics_path__]
1740 targetLabel: metrics_path
1741 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1744 # targetLabel: nodename
1748 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1749 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1752 # Reduce bucket cardinality of kubelet storage operations.
1754 sourceLabels: [__name__, le]
1755 regex: (csi_operations|storage_operation_duration)_seconds_bucket;(0.25|2.5|15|25|120|600)(\.0)?
1756 # - sourceLabels: [__name__, image]
1758 # regex: container_([a-z_]+);
1761 # - sourceLabels: [__name__]
1763 # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
1767 ## RelabelConfigs to apply to samples before scraping
1768 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1770 ## metrics_path is required to match upstream rules and charts
1773 sourceLabels: [__metrics_path__]
1774 targetLabel: metrics_path
1775 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1778 # targetLabel: nodename
1782 ## Additional labels
1784 additionalLabels: {}
1787 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1788 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1790## Component scraping the kube controller manager
1792kubeControllerManager:
1794 # Overrides the job selector in Grafana dashboards and Prometheus rules
1795 # For k3s clusters, change to k3s-server
1797 ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
1804 ## If using kubeControllerManager.endpoints only the port and targetPort are used
1808 ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change
1809 ## of default port in Kubernetes 1.22.
1815 ipFamilies: ["IPv6", "IPv4"]
1816 ipFamilyPolicy: "PreferDualStack"
1818 # component: kube-controller-manager
1821 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
1824 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1827 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1830 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1833 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1835 labelNameLengthLimit: 0
1836 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1838 labelValueLengthLimit: 0
1839 ## proxyUrl: URL of a proxy that should be used for scraping.
1842 ## port: Name of the port the metrics will be scraped from
1848 # component: kube-controller-manager
1850 ## Enable scraping kube-controller-manager over https.
1851 ## Requires proper certs (not self-signed) and delegated authentication/authorization checks.
1852 ## If null or unset, the value is determined dynamically based on target Kubernetes version.
1855 # Skip TLS certificate validation when scraping
1856 insecureSkipVerify: null
1857 # Name of the server to use when validating TLS certificate
1859 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1860 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1862 metricRelabelings: []
1864 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
1865 # sourceLabels: [__name__]
1867 ## RelabelConfigs to apply to samples before scraping
1868 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1871 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1874 # targetLabel: nodename
1878 ## Additional labels
1880 additionalLabels: {}
1883 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1884 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1886## Component scraping coreDns. Use either this or kubeDns
1896 ipFamilies: ["IPv6", "IPv4"]
1897 ipFamilyPolicy: "PreferDualStack"
1902 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
1905 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1908 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1911 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1914 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1916 labelNameLengthLimit: 0
1917 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1919 labelValueLengthLimit: 0
1920 ## proxyUrl: URL of a proxy that should be used for scraping.
1923 ## port: Name of the port the metrics will be scraped from
1931 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
1932 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1934 metricRelabelings: []
1936 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
1937 # sourceLabels: [__name__]
1939 ## RelabelConfigs to apply to samples before scraping
1940 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
1943 # - sourceLabels: [__meta_kubernetes_pod_node_name]
1946 # targetLabel: nodename
1950 ## Additional labels
1952 additionalLabels: {}
1955 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
1956 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
1958 ## File containing bearer token to be used when scraping targets
1959 ## Empty value do not send any bearer token.
1961 bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
1962## Component scraping kubeDns. Use either this or coreDns
1975 ipFamilies: ["IPv6", "IPv4"]
1976 ipFamilyPolicy: "PreferDualStack"
1980 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
1983 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
1986 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
1989 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1992 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1994 labelNameLengthLimit: 0
1995 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
1997 labelValueLengthLimit: 0
1998 ## proxyUrl: URL of a proxy that should be used for scraping.
2006 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2007 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2009 metricRelabelings: []
2011 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2012 # sourceLabels: [__name__]
2014 ## RelabelConfigs to apply to samples before scraping
2015 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2018 # - sourceLabels: [__meta_kubernetes_pod_node_name]
2021 # targetLabel: nodename
2025 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2026 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2028 dnsmasqMetricRelabelings: []
2030 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2031 # sourceLabels: [__name__]
2033 ## RelabelConfigs to apply to samples before scraping
2034 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2036 dnsmasqRelabelings: []
2037 # - sourceLabels: [__meta_kubernetes_pod_node_name]
2040 # targetLabel: nodename
2044 ## Additional labels
2046 additionalLabels: {}
2049 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2050 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2052 ## File containing bearer token to be used when scraping targets
2053 ## Empty value do not send any bearer token.
2055 bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2056## Component scraping etcd
2060 ## If your etcd is not deployed as a pod, specify IPs it can be found on
2067 ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
2075 ipFamilies: ["IPv6", "IPv4"]
2076 ipFamilyPolicy: "PreferDualStack"
2079 ## Configure secure access to the etcd cluster by loading a secret into prometheus and
2080 ## specifying security configuration below. For example, with a secret named etcd-client-cert
2084 ## insecureSkipVerify: false
2085 ## serverName: localhost
2086 ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
2087 ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
2088 ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
2092 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
2095 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2098 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2101 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2104 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2106 labelNameLengthLimit: 0
2107 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2109 labelValueLengthLimit: 0
2110 ## proxyUrl: URL of a proxy that should be used for scraping.
2114 insecureSkipVerify: false
2119 ## port: Name of the port the metrics will be scraped from
2127 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2128 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2130 metricRelabelings: []
2132 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2133 # sourceLabels: [__name__]
2135 ## RelabelConfigs to apply to samples before scraping
2136 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2139 # - sourceLabels: [__meta_kubernetes_pod_node_name]
2142 # targetLabel: nodename
2146 ## Additional labels
2148 additionalLabels: {}
2151 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2152 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2154 ## File containing bearer token to be used when scraping targets
2155 ## Empty value do not send any bearer token.
2157 bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2158## Component scraping kube scheduler
2162 # Overrides the job selector in Grafana dashboards and Prometheus rules
2163 # For k3s clusters, change to k3s-server
2165 ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
2172 ## If using kubeScheduler.endpoints only the port and targetPort are used
2176 ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change
2177 ## of default port in Kubernetes 1.23.
2183 ipFamilies: ["IPv6", "IPv4"]
2184 ipFamilyPolicy: "PreferDualStack"
2186 # component: kube-scheduler
2189 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
2192 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2195 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2198 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2201 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2203 labelNameLengthLimit: 0
2204 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2206 labelValueLengthLimit: 0
2207 ## proxyUrl: URL of a proxy that should be used for scraping.
2210 ## Enable scraping kube-scheduler over https.
2211 ## Requires proper certs (not self-signed) and delegated authentication/authorization checks.
2212 ## If null or unset, the value is determined dynamically based on target Kubernetes version.
2215 ## port: Name of the port the metrics will be scraped from
2221 # component: kube-scheduler
2223 ## Skip TLS certificate validation when scraping
2224 insecureSkipVerify: null
2225 ## Name of the server to use when validating TLS certificate
2227 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2228 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2230 metricRelabelings: []
2232 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2233 # sourceLabels: [__name__]
2235 ## RelabelConfigs to apply to samples before scraping
2236 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2239 # - sourceLabels: [__meta_kubernetes_pod_node_name]
2242 # targetLabel: nodename
2246 ## Additional labels
2248 additionalLabels: {}
2251 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2252 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2254## Component scraping kube proxy
2258 # Overrides the job selector in Grafana dashboards and Prometheus rules
2259 # For k3s clusters, change to k3s-server
2261 ## If your kube proxy is not deployed as a pod, specify IPs it can be found on
2274 ipFamilies: ["IPv6", "IPv4"]
2275 ipFamilyPolicy: "PreferDualStack"
2277 # k8s-app: kube-proxy
2280 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
2283 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2286 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2289 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2292 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2294 labelNameLengthLimit: 0
2295 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2297 labelValueLengthLimit: 0
2298 ## proxyUrl: URL of a proxy that should be used for scraping.
2301 ## port: Name of the port the metrics will be scraped from
2307 # k8s-app: kube-proxy
2309 ## Enable scraping kube-proxy over https.
2310 ## Requires proper certs (not self-signed) and delegated authentication/authorization checks
2313 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2314 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2316 metricRelabelings: []
2318 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2319 # sourceLabels: [__name__]
2321 ## RelabelConfigs to apply to samples before scraping
2322 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2326 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2327 # sourceLabels: [__name__]
2329 ## Additional labels
2331 additionalLabels: {}
2334 ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.
2335 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor
2337 ## File containing bearer token to be used when scraping targets
2338 ## Empty value do not send any bearer token.
2340 bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2341## Component scraping kube state metrics
2345## Configuration for kube-state-metrics subchart
2348 ## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
2350 ## Enable scraping via kubernetes-service-endpoints
2351 ## Disabled by default as we service monitor is enabled below
2353 prometheusScrape: false
2356 ## Enable scraping via service monitor
2357 ## Disable to prevent duplication if you enable prometheusScrape above
2359 ## kube-state-metrics endpoint
2361 ## Keep labels from scraped data, overriding server-side labels
2363 ## selfMonitor endpoint
2365 ## Keep labels from scraped data, overriding server-side labels
2367## Deploy node exporter as a daemonset to all nodes
2378 ## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled
2380 forceDeployDashboards: false
2381## Configuration for prometheus-node-exporter subchart
2383prometheus-node-exporter:
2384 namespaceOverride: ""
2386 ## Add the 'node-exporter' label to be used by serviceMonitor and podMonitor to match standard common usage in rules and grafana dashboards
2388 jobLabel: node-exporter
2391 - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/containerd/.+|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
2392 - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$
2394 portName: http-metrics
2397 ipFamilies: ["IPv6", "IPv4"]
2398 ipFamilyPolicy: "PreferDualStack"
2400 jobLabel: node-exporter
2407 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
2410 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2413 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2416 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2419 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2421 labelNameLengthLimit: 0
2422 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2424 labelValueLengthLimit: 0
2425 ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.
2428 ## proxyUrl: URL of a proxy that should be used for scraping.
2431 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
2432 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2434 metricRelabelings: []
2435 # - sourceLabels: [__name__]
2437 # regex: ^node_mountstats_nfs_(event|operations|transport)_.+
2441 ## RelabelConfigs to apply to samples before scraping
2442 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
2445 # - sourceLabels: [__meta_kubernetes_pod_node_name]
2448 # targetLabel: nodename
2451 ## Attach node metadata to discovered targets. Requires Prometheus v2.35.0 and above.
2460 ## If true, create PSPs for node-exporter
2463## Manages Prometheus and Alertmanager components
2467 ## Use '{{ template "kube-prometheus-stack.fullname" . }}-operator' by default
2468 fullnameOverride: ""
2469 ## Number of old replicasets to retain ##
2470 ## The default value is 10, 0 will garbage-collect old replicasets ##
2471 revisionHistoryLimit: 10
2472 ## Strategy of the deployment
2475 ## Prometheus-Operator v0.39.0 and later support TLS natively.
2479 # Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants
2480 tlsMinVersion: VersionTLS13
2481 # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
2483 ## Liveness probe for the prometheusOperator deployment
2488 initialDelaySeconds: 0
2492 ## Readiness probe for the prometheusOperator deployment
2497 initialDelaySeconds: 0
2501 ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
2502 ## rules from making their way into prometheus and potentially preventing the container from starting
2504 ## Valid values: Fail, Ignore, IgnoreOnInstallOnly
2505 ## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail"
2507 ## The default timeoutSeconds is 10 and the maximum value is 30.
2510 ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
2511 ## If unspecified, system trust roots on the apiserver are used.
2513 ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
2514 ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
2515 ## certs ahead of time if you wish.
2518 # argocd.argoproj.io/hook: PreSync
2519 # argocd.argoproj.io/hook-delete-policy: HookSucceeded
2521 namespaceSelector: {}
2524 mutatingWebhookConfiguration:
2526 # argocd.argoproj.io/hook: PreSync
2527 validatingWebhookConfiguration:
2529 # argocd.argoproj.io/hook: PreSync
2532 ## Number of replicas
2535 ## Strategy of the deployment
2538 # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2539 podDisruptionBudget:
2542 # maxUnavailable: ""
2543 unhealthyPodEvictionPolicy: AlwaysAllow
2544 ## Number of old replicasets to retain ##
2545 ## The default value is 10, 0 will garbage-collect old replicasets ##
2546 revisionHistoryLimit: 10
2547 ## Prometheus-Operator v0.39.0 and later support TLS natively.
2551 # Value must match version names from https://pkg.go.dev/crypto/tls#pkg-constants
2552 tlsMinVersion: VersionTLS13
2553 # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
2555 ## Service account for Prometheus Operator Webhook to use.
2556 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2560 automountServiceAccountToken: false
2563 ## Configuration for Prometheus operator Webhook service
2571 ipFamilies: ["IPv6", "IPv4"]
2572 ipFamilyPolicy: "PreferDualStack"
2573 ## Port to expose on each node
2574 ## Only used if service.type is 'NodePort'
2578 ## Additional ports to open for Prometheus operator Webhook service
2579 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
2583 ## Only use if service.type is "LoadBalancer"
2586 loadBalancerSourceRanges: []
2587 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2589 externalTrafficPolicy: Cluster
2591 ## NodePort, ClusterIP, LoadBalancer
2594 ## List of IP addresses at which the Prometheus server service is available
2595 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
2598 # ## Labels to add to the operator webhook deployment
2601 ## Annotations to add to the operator webhook deployment
2604 ## Labels to add to the operator webhook pod
2607 ## Annotations to add to the operator webhook pod
2610 ## Assign a PriorityClassName to pods if set
2611 # priorityClassName: ""
2613 ## Define Log Format
2614 # Use logfmt (default) or json logging
2617 ## Decrease log verbosity to errors only
2620 ## Prometheus-operator webhook image
2624 repository: scratch-images/test-tmp/prometheus-admission-webhook
2625 # if not set appVersion field from Chart.yaml is used
2627 sha: sha256:b97d78f3ba70c2ae5fa7f08156ec66b1bb665dacd32b049247fe90b03e99166f
2628 pullPolicy: IfNotPresent
2629 ## Define Log Format
2630 # Use logfmt (default) or json logging
2633 ## Decrease log verbosity to errors only
2636 ## PromQL parser options to enable for the admission webhook when validating PrometheusRule resources.
2637 ## The options are passed to the prometheus-operator admission-webhook binary as a comma-separated --promql-options value.
2638 ## Requires prometheus-operator admission-webhook v0.91.0 or newer.
2639 ## Valid values: experimental-functions, duration-expression-parsing, extended-range-selectors, binop-fill-modifiers.
2647 initialDelaySeconds: 30
2656 initialDelaySeconds: 5
2660 ## Resource limits & requests
2670 # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
2671 # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
2674 ## Define which Nodes the Pods are scheduled on.
2675 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
2678 ## Tolerations for use with node taints
2679 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
2685 # effect: "NoSchedule"
2687 ## Assign custom affinity rules to the prometheus operator
2688 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2692 # requiredDuringSchedulingIgnoredDuringExecution:
2693 # nodeSelectorTerms:
2694 # - matchExpressions:
2695 # - key: kubernetes.io/e2e-az-name
2704 # - ns1.svc.cluster-domain.example
2705 # - my.dns.search.suffix
2716 type: RuntimeDefault
2717 ## Container-specific security context configuration
2718 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
2720 containerSecurityContext:
2721 allowPrivilegeEscalation: false
2722 readOnlyRootFilesystem: true
2726 ## If false then the user will opt out of automounting API credentials.
2728 automountServiceAccountToken: true
2733 repository: chainguard-private/kube-webhook-certgen
2735 sha: sha256:10743ad03243cf91c3fbafee168a55b394e84a3f72ce93058089b4f684fa0790
2736 pullPolicy: IfNotPresent
2738 ## Provide a priority class name to the webhook patching job
2740 priorityClassName: ""
2741 ttlSecondsAfterFinished: 60
2743 # argocd.argoproj.io/hook: PreSync
2744 # argocd.argoproj.io/hook-delete-policy: HookSucceeded
2749 ## SecurityContext holds pod-level security attributes and common container settings.
2750 ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false
2751 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
2758 type: RuntimeDefault
2759 ## Service account for Prometheus Operator Webhook Job Patch to use.
2760 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2765 automountServiceAccountToken: true
2766 # Security context for create job container
2769 allowPrivilegeEscalation: false
2770 readOnlyRootFilesystem: true
2774 # Security context for patch job container
2777 allowPrivilegeEscalation: false
2778 readOnlyRootFilesystem: true
2782 # Use certmanager to generate webhook certs
2785 # self-signed root certificate
2787 duration: "" # default to be 5y
2788 # -- Set the revisionHistoryLimit on the Certificate. See
2789 # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
2791 revisionHistoryLimit:
2793 duration: "" # default to be 1y
2794 # -- Set the revisionHistoryLimit on the Certificate. See
2795 # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
2797 revisionHistoryLimit:
2800 # kind: "ClusterIssuer"
2801 ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).
2802 ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration
2805 # releaseNamespace: true
2809 ## Namespaces not to scope the interaction of the Prometheus Operator (deny list).
2812 ## Filter namespaces to look for prometheus-operator custom resources
2814 alertmanagerInstanceNamespaces: []
2815 alertmanagerConfigNamespaces: []
2816 prometheusInstanceNamespaces: []
2817 thanosRulerInstanceNamespaces: []
2818 ## The clusterDomain value will be added to the cluster.peer option of the alertmanager.
2819 ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value)
2820 ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094
2822 # clusterDomain: "cluster.local"
2824 ## Enable creation of NetworkPolicy resources.
2827 ## Flavor of the network policy to use.
2829 # * kubernetes for networking.k8s.io/v1/NetworkPolicy
2830 # * cilium for cilium.io/v2/CiliumNetworkPolicy
2835 ## match labels used in selector
2837 ## Service account for Prometheus Operator to use.
2838 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2843 automountServiceAccountToken: true
2845 # -- terminationGracePeriodSeconds for container lifecycle hook
2846 terminationGracePeriodSeconds: 30
2847 # -- Specify lifecycle hooks for the controller
2849 ## Configuration for Prometheus operator service
2857 ipFamilies: ["IPv6", "IPv4"]
2858 ipFamilyPolicy: "PreferDualStack"
2859 ## Port to expose on each node
2860 ## Only used if service.type is 'NodePort'
2864 ## Additional ports to open for Prometheus operator service
2865 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
2869 ## Only use if service.type is "LoadBalancer"
2872 loadBalancerSourceRanges: []
2873 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2875 externalTrafficPolicy: Cluster
2877 ## NodePort, ClusterIP, LoadBalancer
2880 ## List of IP addresses at which the Prometheus server service is available
2881 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
2884 # ## Labels to add to the operator deployment
2887 ## Annotations to add to the operator deployment
2890 ## Labels to add to the operator pod
2893 ## Annotations to add to the operator pod
2896 ## Assign a podDisruptionBudget to the operator
2898 podDisruptionBudget:
2901 # maxUnavailable: ""
2902 unhealthyPodEvictionPolicy: AlwaysAllow
2903 ## Assign a PriorityClassName to pods if set
2904 # priorityClassName: ""
2906 ## Define Log Format
2907 # Use logfmt (default) or json logging
2910 ## Decrease log verbosity to errors only
2913 ## If true, the operator will create and maintain a service for scraping kubelets
2914 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md
2917 namespace: kube-system
2919 ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default
2921 ## Create Endpoints objects for kubelet targets.
2922 kubeletEndpointsEnabled: true
2923 ## Create EndpointSlice objects for kubelet targets.
2924 kubeletEndpointSliceEnabled: false
2925 ## Extra arguments to pass to prometheusOperator
2926 # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/operator.md
2928 # - --labels="cluster=talos-cluster"
2930 ## Create a servicemonitor for the operator
2933 ## If true, create a serviceMonitor for prometheus operator
2936 ## Labels for ServiceMonitor
2937 additionalLabels: {}
2938 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
2941 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
2944 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
2947 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2950 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2952 labelNameLengthLimit: 0
2953 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
2955 labelValueLengthLimit: 0
2956 ## Scrape timeout. If not set, the Prometheus default scrape timeout is used.
2958 ## Metric relabel configs to apply to samples before ingestion.
2960 metricRelabelings: []
2962 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
2963 # sourceLabels: [__name__]
2965 # relabel configs to apply to samples before ingestion.
2968 # - sourceLabels: [__meta_kubernetes_pod_node_name]
2971 # targetLabel: nodename
2974 ## Resource limits & requests
2984 ## Operator Environment
2989 # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
2990 # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
2993 ## Define which Nodes the Pods are scheduled on.
2994 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
2997 ## Tolerations for use with node taints
2998 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
3004 # effect: "NoSchedule"
3006 ## Assign custom affinity rules to the prometheus operator
3007 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3011 # requiredDuringSchedulingIgnoredDuringExecution:
3012 # nodeSelectorTerms:
3013 # - matchExpressions:
3014 # - key: kubernetes.io/e2e-az-name
3023 # - ns1.svc.cluster-domain.example
3024 # - my.dns.search.suffix
3035 type: RuntimeDefault
3036 ## Setup hostUsers for prometheus-operator
3037 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
3039 ## Container-specific security context configuration
3040 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
3042 containerSecurityContext:
3043 allowPrivilegeEscalation: false
3044 readOnlyRootFilesystem: true
3048 # Enable vertical pod autoscaler support for prometheus-operator
3049 verticalPodAutoscaler:
3051 # Recommender responsible for generating recommendation for the object.
3052 # List should be empty (then the default recommender will generate the recommendation)
3053 # or contain exactly one recommender.
3055 # - name: custom-recommender-performance
3057 # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
3058 controlledResources: []
3059 # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
3060 # controlledValues: RequestsAndLimits
3062 # Define the max allowed resources for the pod
3066 # Define the min allowed resources for the pod
3072 # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
3074 # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
3075 # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".
3076 updateMode: Recreate
3077 ## Prometheus-operator image
3081 repository: scratch-images/test-tmp/prometheus-operator
3082 # if not set appVersion field from Chart.yaml is used
3084 sha: sha256:7e977c40599eed2d39b8aa5c1d2386a1e6bc5658c74750e0d4f7f1ad61dbd106
3085 pullPolicy: IfNotPresent
3086 ## Prometheus image to use for prometheuses managed by the operator
3088 # prometheusDefaultBaseImage: prometheus/prometheus
3090 ## Prometheus image registry to use for prometheuses managed by the operator
3092 # prometheusDefaultBaseImageRegistry: quay.io
3094 ## Alertmanager image to use for alertmanagers managed by the operator
3096 # alertmanagerDefaultBaseImage: prometheus/alertmanager
3098 ## Alertmanager image registry to use for alertmanagers managed by the operator
3100 # alertmanagerDefaultBaseImageRegistry: quay.io
3102 ## Prometheus-config-reloader
3104 prometheusConfigReloader:
3107 repository: scratch-images/test-tmp/prometheus-config-reloader
3108 # if not set appVersion field from Chart.yaml is used
3110 sha: sha256:31fa527e880df1c7f8b4f395397527c45889ff1435a73d77f67e8811d7da0599
3111 # add prometheus config reloader liveness and readiness probe. Default: false
3113 # resource config for prometheusConfigReloader
3121 ## Thanos side-car image when configured
3125 repository: scratch-images/test-tmp/thanos
3127 sha: sha256:2be9cce4b0e959142151f3c38b00bcae28fc43952103306e2ee9f838dafb2a56
3128 ## Set a Label Selector to filter watched prometheus and prometheusAgent
3130 prometheusInstanceSelector: ""
3131 ## Set a Label Selector to filter watched alertmanager
3133 alertmanagerInstanceSelector: ""
3134 ## Set a Label Selector to filter watched thanosRuler
3135 thanosRulerInstanceSelector: ""
3136 ## Set a Field Selector to filter watched secrets
3138 secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1"
3139 ## Feature gates to enable/disable operator features, rendered as --feature-gates=<key>=<value>.
3140 ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/feature-gates.md
3143 ## PrometheusAgentDaemonSet: true
3144 ## StatusForConfigurationResources: true
3146 ## If false then the user will opt out of automounting API credentials.
3148 automountServiceAccountToken: true
3149 ## Additional volumes
3152 ## Additional volume mounts
3154 extraVolumeMounts: []
3155## Deploy a Prometheus instance
3159 ## Toggle prometheus into agent mode
3160 ## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode.
3161 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/prometheus-agent.md
3164 ## Annotations for Prometheus
3167 ## Additional labels for Prometheus
3169 additionalLabels: {}
3170 ## Configure network policy for the prometheus
3173 ## Flavor of the network policy to use.
3175 # * kubernetes for networking.k8s.io/v1/NetworkPolicy
3176 # * cilium for cilium.io/v2/CiliumNetworkPolicy
3191 ## Service account for Prometheuses to use.
3192 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3198 automountServiceAccountToken: true
3199 # Service for thanos service discovery on sidecar
3200 # Enable this can make Thanos Query can use
3201 # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery
3202 # Thanos sidecar on prometheus nodes
3203 # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!)
3208 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3210 externalTrafficPolicy: Cluster
3214 ## Service dual stack
3218 ipFamilies: ["IPv6", "IPv4"]
3219 ipFamilyPolicy: "PreferDualStack"
3224 ## HTTP port config (for metrics)
3227 targetHttpPort: "http"
3228 ## ClusterIP to assign
3229 # Default is to make this a headless service ("None")
3231 ## Port to expose on each node, if service type is NodePort
3235 # ServiceMonitor to scrape Sidecar metrics
3236 # Needs thanosService to be enabled as well
3237 thanosServiceMonitor:
3240 ## Additional labels
3242 additionalLabels: {}
3243 ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
3245 ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
3246 ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
3249 ## Metric relabel configs to apply to samples before ingestion.
3250 metricRelabelings: []
3251 ## relabel configs to apply to samples before ingestion.
3253 # Service for external access to sidecar
3254 # Enabling this creates a service to expose thanos-sidecar outside the cluster.
3255 thanosServiceExternal:
3260 loadBalancerSourceRanges: []
3265 ## HTTP port config (for metrics)
3268 targetHttpPort: "http"
3269 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3271 externalTrafficPolicy: Cluster
3275 ## Port to expose on each node
3279 ## Configuration for Prometheus service
3288 ipFamilies: ["IPv6", "IPv4"]
3289 ipFamilyPolicy: "PreferDualStack"
3290 ## Port for Prometheus Service to listen on
3293 ## To be used with a proxy extraContainer port
3295 ## Port for Prometheus Reloader to listen on
3297 reloaderWebPort: 8080
3298 ## Port to expose for Prometheus Reloader
3299 ## Only used if service.type is 'NodePort'
3301 reloaderWebNodePort: null
3302 ## List of IP addresses at which the Prometheus server service is available
3303 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
3306 ## Port to expose on each node
3307 ## Only used if service.type is 'NodePort'
3311 ## Only use if service.type is "LoadBalancer"
3313 loadBalancerSourceRanges: []
3314 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3316 externalTrafficPolicy: Cluster
3320 ## Additional ports to open for Prometheus service
3324 # - name: oauth-proxy
3327 # - name: oauth-metrics
3331 ## Consider that all endpoints are considered "ready" even if the Pods themselves are not
3332 ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
3333 publishNotReadyAddresses: false
3334 ## If you want to make sure that connections from a particular client are passed to the same Pod each time
3335 ## Accepts 'ClientIP' or 'None'
3337 sessionAffinity: None
3338 ## If you want to modify the ClientIP sessionAffinity timeout
3339 ## The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP"
3341 sessionAffinityConfig:
3343 timeoutSeconds: 10800
3344 ## Configuration for creating a separate Service for each statefulset Prometheus replica
3349 ## Port for Prometheus Service per replica to listen on
3352 ## To be used with a proxy extraContainer port
3354 ## Port to expose on each node
3355 ## Only used if servicePerReplica.type is 'NodePort'
3358 ## Loadbalancer source IP ranges
3359 ## Only used if servicePerReplica.type is "LoadBalancer"
3360 loadBalancerSourceRanges: []
3361 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
3363 externalTrafficPolicy: Cluster
3367 ## Service dual stack
3371 ipFamilies: ["IPv6", "IPv4"]
3372 ipFamilyPolicy: "PreferDualStack"
3373 ## Configure pod disruption budgets for Prometheus
3374 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
3376 podDisruptionBudget:
3379 # maxUnavailable: ""
3380 unhealthyPodEvictionPolicy: AlwaysAllow
3381 ## Enable vertical pod autoscaler support for Prometheus
3382 ## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
3384 verticalPodAutoscaler:
3386 # Recommender responsible for generating recommendation for the object.
3387 # List should be empty (then the default recommender will generate the recommendation)
3388 # or contain exactly one recommender.
3390 # - name: custom-recommender-performance
3392 # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
3393 controlledResources: []
3394 # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
3395 # controlledValues: RequestsAndLimits
3397 # Define the max allowed resources for the pod
3401 # Define the min allowed resources for the pod
3407 # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
3408 # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate".
3409 updateMode: Recreate
3410 # Ingress exposes thanos sidecar outside the cluster
3413 ingressClassName: ""
3417 ## Port to expose on each node
3418 ## Only used if service.type is 'NodePort'
3421 ## Hosts must be provided if Ingress is enabled.
3424 # - thanos-gateway.domain.com
3426 ## Paths to use for ingress rules
3431 ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
3432 ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
3433 # pathType: ImplementationSpecific
3435 ## TLS configuration for Thanos Ingress
3436 ## Secret must be manually created in the namespace
3439 # - secretName: thanos-gateway-tls
3441 # - thanos-gateway.domain.com
3443 ## ExtraSecret can be used to store various data in an extra secret
3444 ## (use it for example to store hashed basic auth credentials)
3446 ## if not set, name will be auto generated
3451 # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
3452 # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
3456 ingressClassName: ""
3459 ## Redirect ingress to an additional defined port on the service
3463 ## Must be provided if Ingress is enabled.
3466 # - prometheus.domain.com
3468 ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix
3473 ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
3474 ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
3475 # pathType: ImplementationSpecific
3477 ## TLS configuration for Prometheus Ingress
3478 ## Secret must be manually created in the namespace
3481 # - secretName: prometheus-general-tls
3483 # - prometheus.example.com
3484 # -- BETA: Configure the gateway routes for the chart here.
3485 # More routes can be added by adding a dictionary key like the 'main' route.
3486 # Be aware that this is an early beta of this feature,
3487 # kube-prometheus-stack does not guarantee this works and is subject to change.
3488 # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
3489 # [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)
3492 # -- Enables or disables the route
3494 # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
3495 apiVersion: gateway.networking.k8s.io/v1
3496 # -- Set the route kind
3497 # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
3502 # - my-filter.example.com
3506 # -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
3507 ## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
3508 ## matches, filters and additionalRules will be ignored if this is set to true. Be are
3509 httpsRedirect: false
3514 ## Filters define the filters that are applied to requests that match this rule.
3516 ## Session persistence configuration for the route rule.
3517 sessionPersistence: {}
3518 # sessionName: route
3520 # absoluteTimeout: 12h
3522 # lifetimeType: Permanent
3524 ## Additional custom rules that can be added to the route
3526 ## Configuration for creating an Ingress that will map to each Prometheus replica service
3527 ## prometheus.servicePerReplica must be enabled
3531 ingressClassName: ""
3534 ## Final form of the hostname for each per replica ingress is
3535 ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
3537 ## Prefix for the per replica ingress that will have `-$replicaNumber`
3538 ## appended to the end
3540 ## Domain that will be used for the per replica ingress
3542 ## Paths to use for ingress rules
3547 ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
3548 ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
3549 # pathType: ImplementationSpecific
3551 ## Secret name containing the TLS certificate for Prometheus per replica ingress
3552 ## Secret must be manually created in the namespace
3554 ## Separated secret for each per replica Ingress. Can be used together with cert-manager
3556 tlsSecretPerReplica:
3558 ## Final form of the secret for each per replica ingress is
3559 ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
3561 prefix: "prometheus"
3562 ## Configuration for creating a Gateway API route that will map to each Prometheus replica service
3563 ## prometheus.servicePerReplica must be enabled
3567 # -- Enables or disables the routePerReplica
3569 # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
3570 apiVersion: gateway.networking.k8s.io/v1
3571 # -- Set the route kind
3572 # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
3576 ## Final form of the hostname for each per replica route is
3577 ## {{ routePerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ routePerReplica.hostDomain }}
3579 ## Prefix for the per replica route that will have `-$replicaNumber` appended to the end
3581 ## Domain that will be used for the per replica route
3586 # -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
3587 ## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
3588 ## matches, filters and additionalRules will be ignored if this is set to true.
3589 httpsRedirect: false
3590 ## Filters define the filters that are applied to requests that match this rule.
3596 ## Session persistence configuration for the route rule.
3597 sessionPersistence: {}
3598 # sessionName: route
3600 # absoluteTimeout: 12h
3602 # lifetimeType: Permanent
3604 ## Additional custom rules that can be added to the route
3607 ## If true, create a serviceMonitor for prometheus
3610 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
3613 ## Additional labels
3615 additionalLabels: {}
3616 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
3619 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
3622 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
3625 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
3627 labelNameLengthLimit: 0
3628 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
3630 labelValueLengthLimit: 0
3631 ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
3633 ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
3634 ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
3637 ## Metric relabel configs to apply to samples before ingestion.
3639 metricRelabelings: []
3641 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
3642 # sourceLabels: [__name__]
3644 # relabel configs to apply to samples before ingestion.
3647 # - sourceLabels: [__meta_kubernetes_pod_node_name]
3650 # targetLabel: nodename
3654 ## Additional Endpoints
3656 additionalEndpoints: []
3657 # - port: oauth-metrics
3659 ## Settings affecting prometheusSpec
3660 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheusspec
3663 ## Statefulset's persistent volume claim retention policy
3664 ## whenDeleted and whenScaled determine whether
3665 ## statefulset's PVCs are deleted (true) or retained (false)
3666 ## on scaling down and deleting statefulset, respectively.
3667 ## Requires Kubernetes version 1.27.0+.
3668 ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
3669 persistentVolumeClaimRetentionPolicy: {}
3670 # whenDeleted: Retain
3671 # whenScaled: Retain
3673 ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos
3675 disableCompaction: false
3676 ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod,
3677 ## If the field isn't set, the operator mounts the service account token by default.
3678 ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery,
3679 ## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container.
3680 automountServiceAccountToken: true
3682 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#apiserverconfig
3685 ## Allows setting additional arguments for the Prometheus container
3686 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus
3688 ## Convert all classic histograms to native histograms with custom buckets.
3689 ## This corresponds to the 'convert_classic_histograms_to_nhcb' field in Prometheus configuration.
3691 convertClassicHistogramsToNHCB: false
3692 ## Enable scraping of classic histograms that are also exposed as native histograms.
3693 ## This corresponds to the 'always_scrape_classic_histograms' field in Prometheus configuration.
3695 scrapeClassicHistograms: false
3696 ## Enable scraping of native histograms.
3697 ## This corresponds to the 'scrape_native_histograms' field in Prometheus configuration.
3699 scrapeNativeHistograms: false
3700 ## File to which scrape failures are logged.
3701 ## Reloading the configuration will reopen the file.
3702 ## Defaults to empty (disabled)
3703 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus
3705 scrapeFailureLogFile: ""
3706 ## Interval between consecutive scrapes.
3708 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183
3711 ## Number of seconds to wait for target to respond before erroring
3714 ## List of scrape classes to expose to scraping objects such as
3715 ## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.
3718 # - name: istio-mtls
3721 # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem
3722 # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem
3724 ## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects.
3729 ## Interval between consecutive evaluations.
3731 evaluationInterval: ""
3732 ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
3735 ## enableOTLPReceiver enables the OTLP receiver for Prometheus.
3736 enableOTLPReceiver: false
3737 ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series.
3738 ## This is disabled by default.
3739 ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
3741 enableAdminAPI: false
3742 ## Sets version of Prometheus overriding the Prometheus version as derived
3743 ## from the image tag. Useful in cases where the tag does not follow semver v2.
3745 ## WebTLSConfig defines the TLS parameters for HTTPS
3746 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#webtlsconfig
3748 ## Exemplars related settings that are runtime reloadable.
3749 ## It requires to enable the exemplar storage feature to be effective.
3751 ## Maximum number of exemplars stored in memory for all series.
3752 ## If not set, Prometheus uses its default value.
3753 ## A value of zero or less than zero disables the storage.
3756 # EnableFeatures API enables access to Prometheus disabled features.
3757 # ref: https://prometheus.io/docs/prometheus/latest/feature_flags/
3759 # - exemplar-storage
3761 ## https://prometheus.io/docs/guides/opentelemetry
3764 # promoteResourceAttributes: []
3765 # keepIdentifyingResourceAttributes: false
3766 # translationStrategy: NoUTF8EscapingWithSuffixes
3767 # convertHistogramsToNHCB: false
3771 ## Image of Prometheus.
3775 repository: scratch-images/test-tmp/prometheus
3777 sha: sha256:591ad319717a7eac56c89dedf513efad51ad27c36da3f33573c23f166db8df93
3778 pullPolicy: IfNotPresent
3779 ## Tolerations for use with node taints
3780 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
3786 # effect: "NoSchedule"
3788 ## If specified, the pod's topology spread constraints.
3789 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
3791 topologySpreadConstraints: []
3793 # topologyKey: topology.kubernetes.io/zone
3794 # whenUnsatisfiable: DoNotSchedule
3801 disableAlerting: false
3802 ## Alertmanagers to which alerts will be sent
3803 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerendpoints
3805 ## Default configuration will connect to the alertmanager deployed as part of this release
3807 alertingEndpoints: []
3814 # bearerTokenFile: ""
3817 ## External labels to add to any time series or alerts when communicating with external systems
3820 ## enable --web.enable-remote-write-receiver flag on prometheus-server
3822 enableRemoteWriteReceiver: false
3823 ## Name of the external label used to denote replica name
3825 replicaExternalLabelName: ""
3826 ## If true, the Operator won't add the external label used to denote replica name
3828 replicaExternalLabelNameClear: false
3829 ## Name of the external label used to denote Prometheus instance name
3831 prometheusExternalLabelName: ""
3832 ## If true, the Operator won't add the external label used to denote Prometheus instance name
3834 prometheusExternalLabelNameClear: false
3835 ## External URL at which Prometheus will be reachable.
3838 ## Define which Nodes the Pods are scheduled on.
3839 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
3842 ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
3843 ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
3844 ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated
3845 ## with the new list of secrets.
3848 ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
3849 ## The ConfigMaps are mounted into /etc/prometheus/configmaps/.
3852 ## QuerySpec defines the query command line flags when starting Prometheus.
3853 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#queryspec
3856 ## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery.
3857 ruleNamespaceSelector: {}
3858 ## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel"
3859 # ruleNamespaceSelector:
3861 # prometheus: somelabel
3863 ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
3864 ## prometheus resource to be created with selectors based on values in the helm deployment,
3865 ## which will also match the PrometheusRule resources created
3867 ruleSelectorNilUsesHelmValues: true
3868 ## PrometheusRules to be selected for target discovery.
3869 ## If {}, select all PrometheusRules
3872 ## Example which select all PrometheusRules resources
3873 ## with label "prometheus" with values any of "example-rules" or "example-rules-2"
3882 ## Example which select all PrometheusRules resources with label "role" set to "example-rules"
3885 # role: example-rules
3887 ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the
3888 ## prometheus resource to be created with selectors based on values in the helm deployment,
3889 ## which will also match the servicemonitors created
3891 serviceMonitorSelectorNilUsesHelmValues: true
3892 ## ServiceMonitors to be selected for target discovery.
3893 ## If {}, select all ServiceMonitors
3895 serviceMonitorSelector: {}
3896 ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel"
3897 # serviceMonitorSelector:
3899 # prometheus: somelabel
3901 ## Namespaces to be selected for ServiceMonitor discovery.
3903 serviceMonitorNamespaceSelector: {}
3904 ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel"
3905 # serviceMonitorNamespaceSelector:
3907 # prometheus: somelabel
3909 ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the
3910 ## prometheus resource to be created with selectors based on values in the helm deployment,
3911 ## which will also match the podmonitors created
3913 podMonitorSelectorNilUsesHelmValues: true
3914 ## PodMonitors to be selected for target discovery.
3915 ## If {}, select all PodMonitors
3917 podMonitorSelector: {}
3918 ## Example which selects PodMonitors with label "prometheus" set to "somelabel"
3919 # podMonitorSelector:
3921 # prometheus: somelabel
3923 ## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery.
3924 podMonitorNamespaceSelector: {}
3925 ## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel"
3926 # podMonitorNamespaceSelector:
3928 # prometheus: somelabel
3930 ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
3931 ## prometheus resource to be created with selectors based on values in the helm deployment,
3932 ## which will also match the probes created
3934 probeSelectorNilUsesHelmValues: true
3935 ## Probes to be selected for target discovery.
3936 ## If {}, select all Probes
3939 ## Example which selects Probes with label "prometheus" set to "somelabel"
3942 # prometheus: somelabel
3944 ## If nil, select own namespace. Namespaces to be selected for Probe discovery.
3945 probeNamespaceSelector: {}
3946 ## Example which selects Probe in namespaces with label "prometheus" set to "somelabel"
3947 # probeNamespaceSelector:
3949 # prometheus: somelabel
3951 ## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the
3952 ## prometheus resource to be created with selectors based on values in the helm deployment,
3953 ## which will also match the scrapeConfigs created
3955 ## If null and scrapeConfigSelector is also null, exclude field from the prometheusSpec
3956 ## (keeping downward compatibility with older versions of CRD)
3958 scrapeConfigSelectorNilUsesHelmValues: true
3959 ## scrapeConfigs to be selected for target discovery.
3960 ## If {}, select all scrapeConfigs
3962 scrapeConfigSelector: {}
3963 ## Example which selects scrapeConfigs with label "prometheus" set to "somelabel"
3964 # scrapeConfigSelector:
3966 # prometheus: somelabel
3968 ## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery.
3969 ## If null, exclude the field from the prometheusSpec (keeping downward compatibility with older versions of CRD)
3970 scrapeConfigNamespaceSelector: {}
3971 ## Example which selects scrapeConfig in namespaces with label "prometheus" set to "somelabel"
3972 # scrapeConfigNamespaceSelector:
3974 # prometheus: somelabel
3976 ## How long to retain metrics
3979 ## Maximum size of metrics
3980 ## Unit format should be in the form of "50GiB"
3982 ## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration
3983 ## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb
3985 outOfOrderTimeWindow: 0s
3986 ## Enable compression of the write-ahead log using Snappy.
3988 walCompression: true
3989 ## If true, the Operator won't process any Prometheus configuration changes
3992 ## Number of replicas of each shard to deploy for a Prometheus deployment.
3993 ## Number of replicas multiplied by shards is the total number of Pods created.
3996 ## EXPERIMENTAL: Number of shards to distribute targets onto.
3997 ## Number of replicas multiplied by shards is the total number of Pods created.
3998 ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved.
3999 ## Increasing shards will not reshard data either but it will continue to be available from the same instances.
4000 ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location.
4001 ## Sharding is done on the content of the `__address__` target meta-label.
4002 ## Set shards to null to omit spec.shards from the Prometheus custom resource (the operator then
4003 ## defaults to 1 shard). Omitting the field lets an external autoscaler such as an HPA or a KEDA
4004 ## ScaledObject own spec.shards through the /scale subresource without Helm reverting it.
4007 ## Log level for Prometheus be configured in
4010 ## Log format for Prometheus be configured in
4013 ## Prefix used to register routes, overriding externalUrl route.
4014 ## Useful for proxies that rewrite URLs.
4017 ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
4018 ## Metadata Labels and Annotations gets propagated to the prometheus pods.
4023 # k8s-app: prometheus
4025 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
4026 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
4027 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
4028 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
4029 podAntiAffinity: "soft"
4030 ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
4031 ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
4033 podAntiAffinityTopologyKey: kubernetes.io/hostname
4034 ## Assign custom affinity rules to the prometheus instance
4035 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
4039 # requiredDuringSchedulingIgnoredDuringExecution:
4040 # nodeSelectorTerms:
4041 # - matchExpressions:
4042 # - key: kubernetes.io/e2e-az-name
4048 ## The remote_read spec configuration for Prometheus.
4049 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotereadspec
4051 # - url: http://remote1/read
4052 ## additionalRemoteRead is appended to remoteRead
4053 additionalRemoteRead: []
4054 ## The remote_write spec configuration for Prometheus.
4055 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotewritespec
4057 # - url: http://remote1/push
4058 ## additionalRemoteWrite is appended to remoteWrite
4059 additionalRemoteWrite: []
4060 ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature
4061 remoteWriteDashboards: false
4062 ## Resource limits & requests
4068 ## Prometheus StorageSpec for persistent data
4069 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md
4072 ## Using PersistentVolumeClaim
4074 # volumeClaimTemplate:
4076 # storageClassName: gluster
4077 # accessModes: ["ReadWriteOnce"]
4083 ## Using tmpfs volume
4088 # Additional volumes on the output StatefulSet definition.
4090 # Additional VolumeMounts on the output StatefulSet definition.
4092 ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations
4093 ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form
4094 ## as specified in the official Prometheus documentation:
4095 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are
4096 ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility
4097 ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible
4098 ## scrape configs are going to break Prometheus after the upgrade.
4099 ## AdditionalScrapeConfigs can be defined as a list or as a templated string.
4101 ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the
4102 ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes
4104 additionalScrapeConfigs: []
4105 # - job_name: kube-etcd
4106 # kubernetes_sd_configs:
4110 # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
4111 # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client
4112 # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
4114 # - action: labelmap
4115 # regex: __meta_kubernetes_node_label_(.+)
4116 # - source_labels: [__address__]
4118 # target_label: __address__
4119 # regex: ([^:;]+):(\d+)
4120 # replacement: ${1}:2379
4121 # - source_labels: [__meta_kubernetes_node_name]
4124 # - source_labels: [__meta_kubernetes_node_name]
4126 # target_label: node
4129 # metric_relabel_configs:
4130 # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)
4133 ## If scrape config contains a repetitive section, you may want to use a template.
4134 ## In the following example, you can see how to define `gce_sd_configs` for multiple zones
4135 # additionalScrapeConfigs: |
4136 # - job_name: "node-exporter"
4138 # {{range $zone := .Values.gcp_zones}}
4139 # - project: "project1"
4146 ## If additional scrape configurations are already deployed in a single secret file you can use this section.
4147 ## Expected values are the secret name and key
4148 ## Cannot be used with additionalScrapeConfigs
4149 additionalScrapeConfigsSecret: {}
4154 ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful
4155 ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false'
4156 additionalPrometheusSecretsAnnotations: {}
4157 ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified
4158 ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.
4159 ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.
4160 ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this
4161 ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release
4162 ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
4164 additionalAlertManagerConfigs: []
4165 # - consul_sd_configs:
4166 # - server: consul.dev.test:8500
4169 # tag_separator: ','
4171 # - metrics-prometheus-alertmanager
4173 ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage
4174 ## them separately from the helm deployment, you can use this section.
4175 ## Expected values are the secret name and key
4176 ## Cannot be used with additionalAlertManagerConfigs
4177 additionalAlertManagerConfigsSecret: {}
4182 ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended
4183 ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the
4184 ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
4185 ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the
4186 ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel
4187 ## configs are going to break Prometheus after the upgrade.
4189 additionalAlertRelabelConfigs: []
4191 # regex: prometheus_replica
4195 ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage
4196 ## them separately from the helm deployment, you can use this section.
4197 ## Expected values are the secret name and key
4198 ## Cannot be used with additionalAlertRelabelConfigs
4199 additionalAlertRelabelConfigsSecret: {}
4203 ## SecurityContext holds pod-level security attributes and common container settings.
4204 ## This defaults to non root user with uid 1000 and gid 2000.
4205 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md
4213 type: RuntimeDefault
4214 ## DNS configuration for Prometheus.
4215 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig
4217 ## DNS policy for Prometheus.
4218 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias
4220 ## Priority class assigned to the Pods
4222 priorityClassName: ""
4223 ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.
4224 ## This section is experimental, it may change significantly without deprecation notice in any release.
4225 ## This is experimental and may change significantly without backward compatibility in any release.
4226 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosspec
4229 # image: quay.io/thanos/thanos
4230 # secretProviderClass:
4234 # - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest"
4235 # fileName: "objstore.yaml"
4236 ## ObjectStorageConfig configures object storage in Thanos.
4237 # objectStorageConfig:
4238 # # use existing secret, if configured, objectStorageConfig.secret will not be used
4239 # existingSecret: {}
4242 # # will render objectStorageConfig secret data and configure it to be used by Thanos custom resource,
4243 # # ignored when prometheusspec.thanos.objectStorageConfig.existingSecret is set
4244 # # https://thanos.io/tip/thanos/storage.md/#s3
4254 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
4255 ## if using proxy extraContainer update targetPort with proxy container port
4258 # - name: oauth-proxy
4259 # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
4261 # - --upstream=http://127.0.0.1:9090
4262 # - --http-address=0.0.0.0:8081
4263 # - --metrics-address=0.0.0.0:8082
4266 # - containerPort: 8081
4269 # - containerPort: 8082
4270 # name: oauth-metrics
4274 ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
4275 ## (permissions, dir tree) on mounted volumes before starting prometheus
4277 ## PortName to use for Prometheus.
4279 portName: "http-web"
4280 ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files
4281 ## on the file system of the Prometheus container e.g. bearer token files.
4282 arbitraryFSAccessThroughSMs: false
4283 ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor
4284 ## or PodMonitor to true, this overrides honor_labels to false.
4285 overrideHonorLabels: false
4286 ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
4287 overrideHonorTimestamps: false
4288 ## When ignoreNamespaceSelectors is set to true, namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored,
4289 ## they will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object,
4290 ## and servicemonitors will be installed in the default service namespace.
4291 ## Defaults to false.
4292 ignoreNamespaceSelectors: false
4293 ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created.
4294 ## The label value will always be the namespace of the object that is being created.
4295 ## Disabled by default
4296 enforcedNamespaceLabel: ""
4297 ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels.
4298 ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair
4299 ## Deprecated, use `excludedFromEnforcement` instead
4300 prometheusRulesExcludedFromEnforce: []
4301 ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
4302 ## to be excluded from enforcing a namespace label of origin.
4303 ## Works only if enforcedNamespaceLabel set to true.
4304 ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#objectreference
4305 excludedFromEnforcement: []
4306 ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable,
4307 ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such
4308 ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions
4309 ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)
4311 # Use to set global sample_limit for Prometheus. This act as default SampleLimit for ServiceMonitor or/and PodMonitor.
4312 # Set to 'false' to disable global sample_limit. or set to a number to override the default value.
4314 ## TargetLimit defines a global limit on the number of scraped targets. 0 means no limit.
4316 ## Per-scrape limit on number of labels that will be accepted for a sample. 0 means no limit.
4318 ## Per-scrape limit on length of labels name that will be accepted for a sample. 0 means no limit.
4319 labelNameLengthLimit: 0
4320 ## Per-scrape limit on length of labels value that will be accepted for a sample. 0 means no limit.
4321 labelValueLengthLimit: 0
4322 ## Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit.
4323 keepDroppedTargets: 0
4324 ## BodySizeLimit defines a global limit on the size of uncompressed response body that will be accepted. Example: 100MB.
4326 ## EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted, overriding any
4327 ## value set per ServiceMonitor/PodMonitor. Example: 100MB. Empty means no limit.
4328 enforcedBodySizeLimit: ""
4329 # EnforcedKeepDroppedTargetsLimit defines on the number of targets dropped by relabeling that will be kept in memory.
4330 # The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets
4331 # is greater than zero and less than spec.enforcedKeepDroppedTargets. 0 means no limit.
4332 enforcedKeepDroppedTargets: 0
4333 ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit
4334 ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall
4335 ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.
4336 enforcedSampleLimit: false
4337 ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set
4338 ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall
4339 ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except
4340 ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.
4341 enforcedTargetLimit: false
4342 ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present
4343 ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions
4344 ## 2.27.0 and newer.
4345 enforcedLabelLimit: false
4346 ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number
4347 ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions
4348 ## 2.27.0 and newer.
4349 enforcedLabelNameLengthLimit: false
4350 ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this
4351 ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus
4352 ## versions 2.27.0 and newer.
4353 enforcedLabelValueLengthLimit: false
4354 ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental
4355 ## in Prometheus so it may change in any upcoming release.
4356 allowOverlappingBlocks: false
4357 ## Specifies the validation scheme for metric and label names.
4358 ## Supported values are: Legacy, UTF8
4359 nameValidationScheme: ""
4360 ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
4361 ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
4363 ## Duration in seconds the pod needs to terminate gracefully.
4364 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
4365 terminationGracePeriodSeconds: ~
4366 # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
4367 # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
4368 # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it.
4369 # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically.
4371 ## Use the host's user namespace for Prometheus pods.
4372 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
4374 # HostAlias holds the mapping between IP and hostnames that will be injected
4375 # as an entry in the pod's hosts file.
4382 ## TracingConfig configures tracing in Prometheus.
4383 ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheustracingconfig
4385 ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.
4386 ## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role.
4387 serviceDiscoveryRole: ""
4388 ## EnableServiceLinks indicates whether information about services should be injected into the pod's environment
4389 ## variables. Uses the operator/Kubernetes default when left unset (~).
4390 enableServiceLinks: ~
4391 ## Set the scheduler name to use for the Prometheus pods.
4393 ## Specifies the character escaping scheme applied to metric and label names.
4394 ## Supported values are: AllowUTF8, Underscores, Dots, Values
4395 nameEscapingScheme: ""
4396 ## Defines the strategy used to reload the Prometheus configuration.
4397 ## Supported values are: HTTP, ProcessSignal
4399 ## Defines the offset the rule evaluation timestamp of the rule evaluation queries is shifted backwards.
4400 ## ref: https://github.com/prometheus-community/helm-charts/issues/5843
4402 ## RuntimeConfig configures the values for the Prometheus process behavior.
4406 ## Defines the sharding strategy applied by the operator.
4407 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ShardingStrategy
4408 shardingStrategy: {}
4409 ## Defines the retention policy for the resources of stale shards after a scale-down.
4410 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ShardRetentionPolicy
4411 shardRetentionPolicy: {}
4412 ## List of the protobuf message versions to accept when receiving the remote writes. Example: [V1.0, V2.0].
4413 remoteWriteReceiverMessageVersions: []
4414 ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.
4415 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
4416 podManagementPolicy: ""
4417 ## Update strategy for the StatefulSet.
4418 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
4420 # type: RollingUpdate
4424 ## Additional configuration which is not covered by the properties above. (passed through tpl)
4425 additionalConfig: {}
4426 ## Additional configuration which is not covered by the properties above.
4427 ## Useful, if you need advanced templating inside alertmanagerSpec.
4428 ## Otherwise, use prometheus.prometheusSpec.additionalConfig (passed through tpl)
4429 additionalConfigString: ""
4430 ## Defines the maximum time that the `prometheus` container's startup probe
4431 ## will wait before being considered failed. The startup probe will return
4432 ## success after the WAL replay is complete. If set, the value should be
4433 ## greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15
4435 maximumStartupDurationSeconds: 0
4436 ## Set default scrapeProtocols for Prometheus instances
4437 ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias
4439 additionalRulesForClusterRole: []
4440 # - apiGroups: [ "" ]
4443 # verbs: [ "get", "list", "watch" ]
4445 additionalServiceMonitors: []
4446 ## Name of the ServiceMonitor to create
4450 ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from
4453 # additionalLabels: {}
4455 ## Service label for use in assembling a job name of the form <label value>-<port>
4456 ## If no label is specified, the service name is used.
4460 ## labels to transfer from the kubernetes service to the target
4464 ## labels to transfer from the kubernetes pods to the target
4466 # podTargetLabels: []
4468 ## Label selector for services to which this ServiceMonitor applies
4471 ## Example which selects all services to be monitored
4472 ## with label "monitoredby" with values any of "example-service-1" or "example-service-2"
4474 # - key: "monitoredby"
4477 # - example-service-1
4478 # - example-service-2
4480 ## label selector for services
4484 ## Namespaces from which services are selected
4486 # namespaceSelector:
4487 ## Match any namespace
4491 ## Explicit list of namespace names to select
4495 ## Endpoints of the selected service to be monitored
4498 ## Name of the endpoint's service port
4499 ## Mutually exclusive with targetPort
4502 ## Name or number of the endpoint's target port
4503 ## Mutually exclusive with port
4506 ## File containing bearer token to be used when scraping targets
4508 # bearerTokenFile: ""
4510 ## Interval at which metrics should be scraped
4514 ## HTTP path to scrape for metrics
4518 ## HTTP scheme to use for scraping
4522 ## TLS configuration to use when scraping the endpoint
4526 ## Path to the CA file
4530 ## Path to client certificate file
4534 ## Skip certificate verification
4536 # insecureSkipVerify: false
4538 ## Path to client key file
4542 ## Server name used to verify host name
4546 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
4547 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4549 # metricRelabelings: []
4551 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
4552 # sourceLabels: [__name__]
4554 ## RelabelConfigs to apply to samples before scraping
4555 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4558 # - sourceLabels: [__meta_kubernetes_pod_node_name]
4561 # targetLabel: nodename
4565 ## Fallback scrape protocol used by Prometheus for scraping metrics
4566 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol
4568 # fallbackScrapeProtocol: ""
4570 ## Attaches node metadata to the discovered targets
4571 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata
4575 additionalPodMonitors: []
4576 ## Name of the PodMonitor to create
4579## Additional labels to set used for the PodMonitorSelector. Together with standard labels from
4582# additionalLabels: {}
4584## Pod label for use in assembling a job name of the form <label value>-<port>
4585## If no label is specified, the pod endpoint name is used.
4589## Label selector for pods to which this PodMonitor applies
4592## Example which selects all Pods to be monitored
4593## with label "monitoredby" with values any of "example-pod-1" or "example-pod-2"
4595# - key: "monitoredby"
4601## label selector for pods
4605## PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
4607# podTargetLabels: {}
4609## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
4613## Namespaces from which pods are selected
4616## Match any namespace
4620## Explicit list of namespace names to select
4624## Endpoints of the selected pods to be monitored
4625## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmetricsendpoint
4627# podMetricsEndpoints: []
4629## Fallback scrape protocol used by Prometheus for scraping metrics
4630## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol
4632# fallbackScrapeProtocol: ""
4634## Attaches node metadata to the discovered targets
4635## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.AttachMetadata
4640## Configuration for thanosRuler
4641## ref: https://thanos.io/tip/components/rule.md/
4644 ## Deploy thanosRuler
4647 ## Annotations for ThanosRuler
4650 ## Service account for ThanosRuler to use.
4651 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
4657 ## Configure pod disruption budgets for ThanosRuler
4658 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
4660 podDisruptionBudget:
4663 # maxUnavailable: ""
4664 unhealthyPodEvictionPolicy: AlwaysAllow
4667 ingressClassName: ""
4670 ## Hosts must be provided if Ingress is enabled.
4673 # - thanosruler.domain.com
4675 ## Paths to use for ingress rules - one path should match the thanosruler.routePrefix
4680 ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
4681 ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
4682 # pathType: ImplementationSpecific
4684 ## TLS configuration for ThanosRuler Ingress
4685 ## Secret must be manually created in the namespace
4688 # - secretName: thanosruler-general-tls
4690 # - thanosruler.example.com
4691 # -- BETA: Configure the gateway routes for the chart here.
4692 # More routes can be added by adding a dictionary key like the 'main' route.
4693 # Be aware that this is an early beta of this feature,
4694 # kube-prometheus-stack does not guarantee this works and is subject to change.
4695 # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
4696 # [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2)
4699 # -- Enables or disables the route
4701 # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
4702 apiVersion: gateway.networking.k8s.io/v1
4703 # -- Set the route kind
4704 # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
4709 # - my-filter.example.com
4713 # -- create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects)
4714 ## Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect.
4715 ## matches, filters and additionalRules will be ignored if this is set to true. Be are
4716 httpsRedirect: false
4721 ## Filters define the filters that are applied to requests that match this rule.
4723 ## Session persistence configuration for the route rule.
4724 sessionPersistence: {}
4725 # sessionName: route
4727 # absoluteTimeout: 12h
4729 # lifetimeType: Permanent
4731 ## Additional custom rules that can be added to the route
4733 ## Configuration for ThanosRuler service
4742 ipFamilies: ["IPv6", "IPv4"]
4743 ipFamilyPolicy: "PreferDualStack"
4744 ## Port for ThanosRuler Service to listen on
4747 ## To be used with a proxy extraContainer port
4750 ## Port to expose on each node
4751 ## Only used if service.type is 'NodePort'
4754 ## List of IP addresses at which the Prometheus server service is available
4755 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
4758 ## Additional ports to open for ThanosRuler service
4762 loadBalancerSourceRanges: []
4763 ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
4765 externalTrafficPolicy: Cluster
4769 ## Configuration for creating a ServiceMonitor for the ThanosRuler service
4772 ## If true, create a serviceMonitor for thanosRuler
4775 ## Scrape interval. If not set, the Prometheus default scrape interval is used.
4778 ## Additional labels
4780 additionalLabels: {}
4781 ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
4784 ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
4787 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
4790 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
4792 labelNameLengthLimit: 0
4793 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
4795 labelValueLengthLimit: 0
4796 ## proxyUrl: URL of a proxy that should be used for scraping.
4799 ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
4801 ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
4802 ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig
4805 ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
4806 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4808 metricRelabelings: []
4810 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
4811 # sourceLabels: [__name__]
4813 ## RelabelConfigs to apply to samples before scraping
4814 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig
4817 # - sourceLabels: [__meta_kubernetes_pod_node_name]
4820 # targetLabel: nodename
4824 ## Additional Endpoints
4826 additionalEndpoints: []
4827 # - port: oauth-metrics
4829 ## Settings affecting thanosRulerpec
4830 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerspec
4833 ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
4834 ## Metadata Labels and Annotations gets propagated to the ThanosRuler pods.
4839 ## Image of ThanosRuler
4843 repository: scratch-images/test-tmp/thanos
4845 sha: sha256:2be9cce4b0e959142151f3c38b00bcae28fc43952103306e2ee9f838dafb2a56
4846 ## Namespaces to be selected for PrometheusRules discovery.
4847 ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
4848 ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#namespaceselector for usage
4850 ruleNamespaceSelector: {}
4851 ## If true, a nil or {} value for thanosRuler.thanosRulerSpec.ruleSelector will cause the
4852 ## prometheus resource to be created with selectors based on values in the helm deployment,
4853 ## which will also match the PrometheusRule resources created
4855 ruleSelectorNilUsesHelmValues: true
4856 ## PrometheusRules to be selected for target discovery.
4857 ## If {}, select all PrometheusRules
4860 ## Example which select all PrometheusRules resources
4861 ## with label "prometheus" with values any of "example-rules" or "example-rules-2"
4870 ## Example which select all PrometheusRules resources with label "role" set to "example-rules"
4873 # role: example-rules
4875 ## Define Log Format
4876 # Use logfmt (default) or json logging
4878 ## Log level for ThanosRuler to be configured with.
4881 ## Size is the expected size of the thanosRuler cluster. The controller will eventually make the size of the
4882 ## running cluster equal to the expected size.
4884 ## Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression
4885 ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
4888 ## Interval between consecutive evaluations.
4890 evaluationInterval: ""
4891 ## Storage is the definition of how storage will be used by the ThanosRuler instances.
4892 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/storage.md
4895 # volumeClaimTemplate:
4897 # storageClassName: gluster
4898 # accessModes: ["ReadWriteOnce"]
4904 ## AlertmanagerConfig define configuration for connecting to alertmanager.
4905 ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg.
4906 alertmanagersConfig:
4907 # use existing secret, if configured, alertmanagersConfig.secret will not be used
4911 # will render alertmanagersConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when alertmanagersConfig.existingSecret is set
4912 # https://thanos.io/tip/components/rule.md/#alertmanager
4918 # username: some_user
4919 # password: some_pass
4921 # - alertmanager.thanos.io
4924 ## DEPRECATED. Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, alertmanagersConfig should be used instead.
4925 ## Note: this field will be ignored if alertmanagersConfig is specified. Maps to the alertmanagers.url Thanos Ruler arg.
4928 ## The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. string false
4931 ## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}
4932 ## will be used as value for externalPrefix
4933 externalPrefixNilUsesHelmValues: true
4934 ## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
4935 ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
4938 ## ObjectStorageConfig configures object storage in Thanos
4939 objectStorageConfig:
4940 # use existing secret, if configured, objectStorageConfig.secret will not be used
4944 # will render objectStorageConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when objectStorageConfig.existingSecret is set
4945 # https://thanos.io/tip/thanos/storage.md/#s3
4954 ## Labels by name to drop before sending to alertmanager
4955 ## Maps to the --alert.label-drop flag of thanos ruler.
4957 ## QueryEndpoints defines Thanos querier endpoints from which to query metrics.
4958 ## Maps to the --query flag of thanos ruler.
4960 ## Define configuration for connecting to thanos query instances. If this is defined, the queryEndpoints field will be ignored.
4961 ## Maps to the query.config CLI argument. Only available with thanos v0.11.0 and higher.
4963 # use existing secret, if configured, queryConfig.secret will not be used
4967 # render queryConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when queryConfig.existingSecret is set
4968 # https://thanos.io/tip/components/rule.md/#query-api
4972 # username: some_user
4973 # password: some_pass
4978 ## Labels configure the external label pairs to ThanosRuler. A default replica
4979 ## label `thanos_ruler_replica` will be always added as a label with the value
4980 ## of the pod's name and it will be dropped in the alerts.
4982 ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
4985 ## Allows setting additional arguments for the ThanosRuler container
4986 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosruler
4989 # - name: remote-write.config
4992 # - "name": "receiver-0"
4993 # "remote_timeout": "30s"
4994 # "url": "http://thanos-receiver-0.thanos-receiver:8081/api/v1/receive"
4996 ## Define which Nodes the Pods are scheduled on.
4997 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
5000 ## Define resources requests and limits for single Pods.
5001 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
5007 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
5008 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
5009 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
5010 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
5012 podAntiAffinity: "soft"
5013 ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
5014 ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
5016 podAntiAffinityTopologyKey: kubernetes.io/hostname
5017 ## Assign custom affinity rules to the thanosRuler instance
5018 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
5022 # requiredDuringSchedulingIgnoredDuringExecution:
5023 # nodeSelectorTerms:
5024 # - matchExpressions:
5025 # - key: kubernetes.io/e2e-az-name
5031 ## If specified, the pod's tolerations.
5032 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
5038 # effect: "NoSchedule"
5040 ## If specified, the pod's topology spread constraints.
5041 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
5043 topologySpreadConstraints: []
5045 # topologyKey: topology.kubernetes.io/zone
5046 # whenUnsatisfiable: DoNotSchedule
5051 ## SecurityContext holds pod-level security attributes and common container settings.
5052 ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
5053 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
5061 type: RuntimeDefault
5062 ## Use the host's user namespace for ThanosRuler pods.
5063 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
5065 ## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP.
5066 ## Note this is only for the ThanosRuler UI, not the gossip communication.
5069 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an ThanosRuler pod.
5072 ## Additional environment variables to set on the ThanosRuler container.
5073 ## This is rendered through the Prometheus Operator strategic merge patch.
5079 # Additional volumes on the output StatefulSet definition.
5081 # Additional VolumeMounts on the output StatefulSet definition.
5083 ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
5084 ## (permissions, dir tree) on mounted volumes before starting prometheus
5086 ## Priority class assigned to the Pods
5088 priorityClassName: ""
5089 ## PortName to use for ThanosRuler.
5092 ## Duration in seconds the pod needs to terminate gracefully.
5093 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
5094 terminationGracePeriodSeconds: ~
5095 ## WebTLSConfig defines the TLS parameters for HTTPS
5096 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerwebspec
5098 ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel.
5099 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
5100 podManagementPolicy: ""
5101 ## Update strategy for the StatefulSet.
5102 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
5104 # type: RollingUpdate
5108 ## Version of Thanos Ruler to deploy. Overrides the version derived from the image tag when set.
5110 ## Image pull policy for the Thanos Ruler container.
5112 ## EnableFeatures API enables access to Thanos Ruler disabled features.
5114 ## EnableServiceLinks indicates whether information about services should be injected into the
5115 ## pod's environment variables. Uses the operator/Kubernetes default when left unset (~).
5116 enableServiceLinks: ~
5117 ## Minimum number of seconds for which a newly created pod should be ready without any of its
5118 ## containers crashing/restarting for it to be considered available.
5120 ## Defines the DNS configuration for the pods.
5125 # - ns1.svc.cluster-domain.example
5130 ## Defines the DNS policy for the pods.
5132 ## Pods' hostAliases configuration
5133 ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
5139 ## Defines the list of remote write configurations. When not empty, the Thanos Ruler operates in stateless mode.
5140 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.RemoteWriteSpec
5142 ## Configures tracing for Thanos Ruler. Maps to the tracing.config CLI argument.
5144 # use existing secret, if configured, tracingConfig.secret will not be used
5148 # render tracingConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when tracingConfig.existingSecret is set
5150 ## Path to a tracing configuration file on disk (e.g. mounted through a volume). Takes precedence over tracingConfig.
5151 tracingConfigFile: ""
5152 ## Configures alert relabeling for Thanos Ruler. Maps to the alert.relabel-config CLI argument.
5153 alertRelabelConfigs:
5154 # use existing secret, if configured, alertRelabelConfigs.secret will not be used
5158 # render alertRelabelConfigs secret data and configure it to be used by Thanos Ruler custom resource, ignored when alertRelabelConfigs.existingSecret is set
5160 ## Path to an alert relabel configuration file on disk. Takes precedence over alertRelabelConfigs.
5161 alertRelabelConfigFile: ""
5162 ## Configures the gRPC server TLS for Thanos Ruler.
5163 ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.TLSConfig
5164 grpcServerTlsConfig: {}
5165 ## Path to an object storage configuration file on disk. Takes precedence over objectStorageConfig.
5166 objectStorageConfigFile: ""
5167 ## Number of concurrent rule evaluations.
5168 ruleConcurrentEval: ~
5169 ## Maximum time to tolerate outage for restoring "for" state of alert.
5170 ruleOutageTolerance: ""
5171 ## Minimum duration between alert and restored "for" state. Maintained only for alerts with a configured "for"
5172 ## time greater than the grace period.
5174 ## The default rule group's query offset duration to shift the evaluation time of rules backwards.
5175 ## ref: https://github.com/prometheus-community/helm-charts/issues/5843
5177 ## Minimum amount of time to wait before resending an alert to Alertmanager.
5179 ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric.
5180 enforcedNamespaceLabel: ""
5181 ## List of references to PrometheusRule objects to be excluded from enforcement (requires enforcedNamespaceLabel).
5182 ## Can be a list of objects, or a string that is passed through tpl.
5183 excludedFromEnforcement: []
5184 ## Additional configuration which is not covered by the properties above. (passed through tpl)
5185 additionalConfig: {}
5186 ## Additional configuration which is not covered by the properties above.
5187 ## Useful, if you need advanced templating
5188 additionalConfigString: ""
5189 ## ExtraSecret can be used to store various data in an extra secret
5190 ## (use it for example to store hashed basic auth credentials)
5192 ## if not set, name will be auto generated
5197 # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0
5198 # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.
5199## Setting to true produces cleaner resource names, but requires a data migration because the name of the persistent volume changes. Therefore this should only be set once on initial installation.
5201cleanPrometheusOperatorObjectNames: false
5202## Extra manifests to deploy. Can be of type dict or list.
5203## If dict, keys are ignored and only values are used.
5204## Items contained within extraObjects can be defined as dict or string and are passed through tpl.
5210# name: prometheus-extra
5212# extra-data: "value"
5214# can also be defined as a string, useful for templating field names
5222# {{- range $key, $value := .Values.commonLabels }}
5223# {{ $key }}: {{ $value }}
5226# plaintext: Zm9vYmFy
5227# templated: '{{ print "foobar" | upper | b64enc }}'