kube-state-metrics
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for kube-state-metrics.
2
prometheusScrape: true
3
image:
4
registry: cgr.dev
5
repository: scratch-images/test-tmp/kube-state-metrics
6
# If unset use v + .Charts.appVersion
7
tag: 2.19.1-r0
8
sha: sha256:47490a17666ef9ec75d6dae22f2fd711d5cf4f2dec4d2d9de764f2263238cc53
9
pullPolicy: IfNotPresent
10
imagePullSecrets: []
11
# - name: "image-pull-secret"
12
13
global:
14
# To help compatibility with other charts which use global.imagePullSecrets.
15
# Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
16
# global:
17
# imagePullSecrets:
18
# - name: pullSecret1
19
# - name: pullSecret2
20
# or
21
# global:
22
# imagePullSecrets:
23
# - pullSecret1
24
# - pullSecret2
25
imagePullSecrets: []
26
#
27
# Allow parent charts to override registry hostname
28
imageRegistry: ""
29
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
30
# will be automatically sharded across <.Values.replicas> pods using the built-in
31
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
32
# This is an experimental feature and there are no stability guarantees.
33
autosharding:
34
enabled: false
35
replicas: 1
36
# Change the deployment strategy when autosharding is disabled.
37
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
38
# The default is "RollingUpdate" as per Kubernetes defaults.
39
# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
40
# updateStrategy: Recreate
41
42
# Number of old history to retain to allow rollback
43
# Default Kubernetes value is set to 10
44
revisionHistoryLimit: 10
45
# List of additional cli arguments to configure kube-state-metrics
46
# for example: --enable-gzip-encoding, --log-file, etc.
47
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/developer/cli-arguments.md
48
extraArgs: []
49
# If false then the user will opt out of automounting API credentials.
50
automountServiceAccountToken: true
51
service:
52
port: 8080
53
# Default to clusterIP for backward compatibility
54
type: ClusterIP
55
ipDualStack:
56
enabled: false
57
ipFamilies: ["IPv6", "IPv4"]
58
ipFamilyPolicy: "PreferDualStack"
59
nodePort: 0
60
loadBalancerIP: ""
61
# Only allow access to the loadBalancerIP from these IPs
62
loadBalancerSourceRanges: []
63
clusterIP: ""
64
annotations: {}
65
## Additional labels to add to all resources
66
customLabels: {}
67
# app: kube-state-metrics
68
69
## Override selector labels
70
selectorOverride: {}
71
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
72
releaseLabel: false
73
hostNetwork: false
74
## Use the host's user namespace for deployment.
75
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/
76
hostUsers: ~
77
rbac:
78
# If true, create & use RBAC resources
79
create: true
80
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
81
# useExistingRole: your-existing-role
82
83
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
84
useClusterRole: true
85
# Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration
86
# Example:
87
# - apiGroups: ["monitoring.coreos.com"]
88
# resources: ["prometheuses"]
89
# verbs: ["list", "watch"]
90
extraRules: []
91
# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled).
92
# The requests are served through the same service but requests are then HTTPS.
93
kubeRBACProxy:
94
enabled: false
95
image:
96
registry: cgr.dev
97
repository: scratch-images/test-tmp/kube-rbac-proxy
98
tag: 0.22.0-r6
99
sha: sha256:8b9b640dda282c80d9212b6f2866ad078fdb1de9cc88575d81c4da4a320e0c09
100
pullPolicy: IfNotPresent
101
# This set --ignore-paths=/livez,/readyz to kubeRBACProxy container args
102
# to allow the pod probes working properly with kubeRBACProxy enabled.
103
ignoreProbePaths: true
104
# List of additional cli arguments to configure kube-rbac-prxy
105
# for example: --tls-cipher-suites, --log-file, etc.
106
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
107
extraArgs: []
108
## Specify security settings for a Container
109
## Allows overrides and additional options compared to (Pod) securityContext
110
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
111
containerSecurityContext:
112
readOnlyRootFilesystem: true
113
allowPrivilegeEscalation: false
114
capabilities:
115
drop:
116
- ALL
117
# Configure specific upstream port for kube-state-metrics container
118
port: 9090
119
# Configure specific proxy endpoints port
120
# This port is for healthz on readinessProbe kube-rbac-proxy-http container
121
proxyEndpointsPort: 8888
122
resources: {}
123
# We usually recommend not to specify default resources and to leave this as a conscious
124
# choice for the user. This also increases chances charts run on environments with little
125
# resources, such as Minikube. If you do want to specify resources, uncomment the following
126
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
127
# limits:
128
# cpu: 100m
129
# memory: 64Mi
130
# requests:
131
# cpu: 10m
132
# memory: 32Mi
133
134
## volumeMounts enables mounting custom volumes in rbac-proxy containers
135
## Useful for TLS certificates and keys
136
volumeMounts: []
137
# - mountPath: /etc/tls
138
# name: kube-rbac-proxy-tls
139
# readOnly: true
140
serviceAccount:
141
# Specifies whether a ServiceAccount should be created, require rbac true
142
create: true
143
# The name of the ServiceAccount to use.
144
# If not set and create is true, a name is generated using the fullname template
145
name:
146
# Reference to one or more secrets to be used when pulling images
147
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
148
imagePullSecrets: []
149
# ServiceAccount annotations.
150
# Use case: AWS EKS IAM roles for service accounts
151
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
152
annotations: {}
153
# If false then the user will opt out of automounting API credentials.
154
automountServiceAccountToken: true
155
# Additional Environment variables
156
env: []
157
# - name: GOMAXPROCS
158
# valueFrom:
159
# resourceFieldRef:
160
# resource: limits.cpu
161
162
prometheus:
163
monitor:
164
enabled: false
165
annotations: {}
166
additionalLabels: {}
167
namespace: ""
168
namespaceSelector: []
169
jobLabel: ""
170
targetLabels: []
171
podTargetLabels: []
172
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
173
##
174
sampleLimit: 0
175
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
176
##
177
targetLimit: 0
178
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
179
##
180
labelLimit: 0
181
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
182
##
183
labelNameLengthLimit: 0
184
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
185
##
186
labelValueLengthLimit: 0
187
selectorOverride: {}
188
## kube-state-metrics endpoint
189
http:
190
interval: ""
191
scrapeTimeout: ""
192
proxyUrl: ""
193
## Whether to enable HTTP2 for servicemonitor
194
enableHttp2: false
195
honorLabels: false
196
metricRelabelings: []
197
relabelings: []
198
scheme: ""
199
## File to read bearer token for scraping targets
200
bearerTokenFile: ""
201
## Secret to mount to read bearer token for scraping targets. The secret needs
202
## to be in the same namespace as the service monitor and accessible by the
203
## Prometheus Operator
204
bearerTokenSecret: {}
205
# name: secret-name
206
# key: key-name
207
tlsConfig: {}
208
## selfMonitor endpoint
209
metrics:
210
interval: ""
211
scrapeTimeout: ""
212
proxyUrl: ""
213
## Whether to enable HTTP2 for servicemonitor
214
enableHttp2: false
215
honorLabels: false
216
metricRelabelings: []
217
relabelings: []
218
scheme: ""
219
## File to read bearer token for scraping targets
220
bearerTokenFile: ""
221
## Secret to mount to read bearer token for scraping targets. The secret needs
222
## to be in the same namespace as the service monitor and accessible by the
223
## Prometheus Operator
224
bearerTokenSecret: {}
225
# name: secret-name
226
# key: key-name
227
tlsConfig: {}
228
## Create a scrapeConfig resource for scraping the kube-state-metrics service. Use this instead of serviceMonitor
229
## to have more instances of kube-state-metrics safety.
230
scrapeconfig:
231
## To avoid duplicate metrics, first disable the serviceMonitor creation via prometheus.monitor.enabled=false
232
enabled: false
233
annotations: {}
234
additionalLabels: {}
235
jobName: kube-state-metrics
236
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
237
##
238
sampleLimit: 0
239
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
240
##
241
targetLimit: 0
242
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
243
##
244
labelLimit: 0
245
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
246
##
247
labelNameLengthLimit: 0
248
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
249
##
250
labelValueLengthLimit: 0
251
## StaticConfigLabels defines the labels to be used in the Prometheus static configuration for scraping.
252
staticConfigLabels: {}
253
scrapeInterval: ""
254
scrapeTimeout: ""
255
proxyUrl: ""
256
## Whether to enable HTTP2 for scrapeconfig
257
enableHttp2: false
258
honorLabels: true
259
metricRelabelings: []
260
relabelings: []
261
scheme: ""
262
tlsConfig: {}
263
## Configure network policy for kube-state-metrics
264
networkPolicy:
265
enabled: false
266
# networkPolicy.flavor -- Flavor of the network policy to use.
267
# Can be:
268
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
269
# * cilium for cilium.io/v2/CiliumNetworkPolicy
270
flavor: kubernetes
271
## Configure the cilium network policy kube-apiserver selector
272
# cilium:
273
# kubeApiServerSelector:
274
# - toEntities:
275
# - kube-apiserver
276
277
# egress:
278
# - {}
279
# ingress:
280
# - {}
281
# podSelector:
282
# matchLabels:
283
# app.kubernetes.io/name: kube-state-metrics
284
securityContext:
285
enabled: true
286
runAsGroup: 65534
287
runAsUser: 65534
288
fsGroup: 65534
289
runAsNonRoot: true
290
seccompProfile:
291
type: RuntimeDefault
292
## Specify security settings for a Container
293
## Allows overrides and additional options compared to (Pod) securityContext
294
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
295
containerSecurityContext:
296
readOnlyRootFilesystem: true
297
allowPrivilegeEscalation: false
298
capabilities:
299
drop:
300
- ALL
301
## Node labels for pod assignment
302
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
303
nodeSelector: {}
304
## Affinity settings for pod assignment
305
## Can be defined as either a dict or string. String is useful for `tpl` templating.
306
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
307
affinity: {}
308
# affinity: |
309
# podAntiAffinity:
310
# requiredDuringSchedulingIgnoredDuringExecution:
311
# - labelSelector:
312
# matchLabels:
313
# {{- include "kube-state-metrics.selectorLabels" . | indent 10 }}
314
# topologyKey: kubernetes.io/hostname
315
316
## Tolerations for pod assignment
317
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
318
tolerations: []
319
## Topology spread constraints for pod assignment
320
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
321
topologySpreadConstraints: []
322
# Annotations to be added to the deployment/statefulset
323
annotations: {}
324
# Labels to be added to the deployment/statefulset
325
labels: {}
326
# Annotations to be added to the pod
327
podAnnotations: {}
328
# Labels to be added to the pod
329
podLabels: {}
330
## Assign a PriorityClassName to pods if set
331
# priorityClassName: ""
332
333
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
334
podDisruptionBudget: {}
335
# Comma-separated list of metrics to be exposed.
336
# This list comprises of exact metric names and/or regex patterns.
337
# The allowlist and denylist are mutually exclusive.
338
metricAllowlist: []
339
# Comma-separated list of metrics not to be enabled.
340
# This list comprises of exact metric names and/or regex patterns.
341
# The allowlist and denylist are mutually exclusive.
342
metricDenylist: []
343
# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
344
# labels metric. By default the metric contains only name and namespace labels.
345
# To include additional labels, provide a list of resource names in their plural form and Kubernetes
346
# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
347
# A single '*' can be provided per resource instead to allow any labels, but that has
348
# severe performance implications (Example: '=pods=[*]').
349
metricLabelsAllowlist: []
350
# - namespaces=[k8s-label-1,k8s-label-n]
351
352
# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
353
# labels metric. By default the metric contains only name and namespace labels.
354
# To include additional annotations provide a list of resource names in their plural form and Kubernetes
355
# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
356
# A single '*' can be provided per resource instead to allow any annotations, but that has
357
# severe performance implications (Example: '=pods=[*]').
358
metricAnnotationsAllowList: []
359
# - pods=[k8s-annotation-1,k8s-annotation-n]
360
361
# Available collectors for kube-state-metrics.
362
# By default, all available resources are enabled, comment out to disable.
363
collectors:
364
- certificatesigningrequests
365
- configmaps
366
- cronjobs
367
- daemonsets
368
- deployments
369
- endpointslices
370
- horizontalpodautoscalers
371
- ingresses
372
- jobs
373
- leases
374
- limitranges
375
- mutatingwebhookconfigurations
376
- namespaces
377
- networkpolicies
378
- nodes
379
- persistentvolumeclaims
380
- persistentvolumes
381
- poddisruptionbudgets
382
- pods
383
- replicasets
384
- replicationcontrollers
385
- resourcequotas
386
- secrets
387
- services
388
- statefulsets
389
- storageclasses
390
- validatingwebhookconfigurations
391
- volumeattachments
392
# - ingressclasses
393
# - clusterrolebindings
394
# - clusterroles
395
# - roles
396
# Enabling kubeconfig will pass the --kubeconfig argument to the container
397
kubeconfig:
398
enabled: false
399
# base64 encoded kube-config file
400
secret:
401
# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics
402
customResourceState:
403
# Whether to enable support for CustomResourceStateMetrics.
404
enabled: false
405
# Whether to create the ConfigMap that holds the config.
406
create: true
407
# Name of the ConfigMap that holds the config. If empty, name will be generated based on the release name.
408
name: ""
409
# ConfigMap key that holds the config.
410
key: config.yaml
411
# Definition of the CustomResourceStateMetrics. Add (Cluster)Role permissions to list/watch the resources defined in the config to rbac.extraRules.
412
config: {}
413
# Enable only the release namespace for collecting resources. By default all namespaces are collected.
414
# If releaseNamespace and namespaces are both set a merged list will be collected.
415
releaseNamespace: false
416
# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
417
namespaces: ""
418
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
419
# only namespaces that are excluded in namespaces-denylist will be used.
420
namespacesDenylist: ""
421
## Override the deployment namespace
422
##
423
namespaceOverride: ""
424
resources: {}
425
# We usually recommend not to specify default resources and to leave this as a conscious
426
# choice for the user. This also increases chances charts run on environments with little
427
# resources, such as Minikube. If you do want to specify resources, uncomment the following
428
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
429
# limits:
430
# cpu: 100m
431
# memory: 64Mi
432
# requests:
433
# cpu: 10m
434
# memory: 32Mi
435
436
# Enable self metrics configuration for service and Service Monitor
437
# Default values for telemetry configuration can be overridden
438
# If you set telemetryNodePort, you must also set service.type to NodePort
439
selfMonitor:
440
enabled: false
441
# telemetryHost: 0.0.0.0
442
# telemetryPort: 8081
443
# telemetryNodePort: 0
444
# Enable vertical pod autoscaler support for kube-state-metrics
445
verticalPodAutoscaler:
446
enabled: false
447
# Recommender responsible for generating recommendation for the object.
448
# List should be empty (then the default recommender will generate the recommendation)
449
# or contain exactly one recommender.
450
# recommenders: []
451
# - name: custom-recommender-performance
452
453
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
454
controlledResources: []
455
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
456
# controlledValues: RequestsAndLimits
457
458
# Define the max allowed resources for the pod
459
maxAllowed: {}
460
# cpu: 200m
461
# memory: 100Mi
462
# Define the min allowed resources for the pod
463
minAllowed: {}
464
# cpu: 200m
465
# memory: 100Mi
466
# updatePolicy:
467
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
468
# minReplicas: 1
469
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
470
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
471
# updateMode: Auto
472
473
# volumeMounts are used to add custom volume mounts to deployment.
474
# See example below
475
volumeMounts: []
476
# - mountPath: /etc/config
477
# name: config-volume
478
479
# volumes are used to add custom volumes to deployment
480
# See example below
481
volumes: []
482
# - configMap:
483
# name: cm-for-volume
484
# name: config-volume
485
486
# Extra manifests to deploy as an array
487
extraManifests: []
488
# - apiVersion: v1
489
# kind: ConfigMap
490
# metadata:
491
# labels:
492
# name: prometheus-extra
493
# data:
494
# extra-data: "value"
495
496
## Containers allows injecting additional containers.
497
containers: []
498
# - name: crd-init
499
# image: kiwigrid/k8s-sidecar:latest
500
501
## InitContainers allows injecting additional initContainers.
502
initContainers: []
503
# - name: crd-sidecar
504
# image: kiwigrid/k8s-sidecar:latest
505
506
## dnsPolicy allows to change the default DNS configuration for the pod
507
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
508
dnsPolicy: ClusterFirst
509
## dnsConfig allows setting up specific DNS configuration for the pod
510
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
511
dnsConfig: {}
512
## Settings for startup, liveness and readiness probes
513
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
514
##
515
516
## Startup probe can optionally be enabled.
517
##
518
startupProbe:
519
enabled: false
520
failureThreshold: 3
521
httpGet:
522
httpHeaders: []
523
scheme: http
524
initialDelaySeconds: 0
525
periodSeconds: 10
526
successThreshold: 1
527
timeoutSeconds: 5
528
## Liveness probe
529
##
530
livenessProbe:
531
failureThreshold: 3
532
httpGet:
533
httpHeaders: []
534
scheme: http
535
initialDelaySeconds: 5
536
periodSeconds: 10
537
successThreshold: 1
538
timeoutSeconds: 5
539
## Readiness probe
540
##
541
readinessProbe:
542
failureThreshold: 3
543
httpGet:
544
httpHeaders: []
545
scheme: http
546
initialDelaySeconds: 5
547
periodSeconds: 10
548
successThreshold: 1
549
timeoutSeconds: 5
550
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.