prometheus-alertmanager
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# yaml-language-server: $schema=values.schema.json
2
# Default values for alertmanager.
3
# This is a YAML-formatted file.
4
# Declare variables to be passed into your templates.
5
6
replicaCount: 1
7
# Number of old history to retain to allow rollback
8
# Default Kubernetes value is set to 10
9
revisionHistoryLimit: 10
10
image:
11
repository: cgr.dev/chainguard-private/prometheus-alertmanager
12
pullPolicy: IfNotPresent
13
# Overrides the image tag whose default is the chart appVersion.
14
tag: latest@sha256:a3bf5afed597dfdb38a438ffd22cab7dbabe5923a283414b544e1eb23e129a70
15
# Full external URL where alertmanager is reachable, used for backlinks.
16
baseURL: ""
17
extraArgs: {}
18
## Additional Alertmanager Secret mounts
19
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
20
extraSecretMounts: []
21
# - name: secret-files
22
# mountPath: /etc/secrets
23
# subPath: ""
24
# secretName: alertmanager-secret-files
25
# readOnly: true
26
27
imagePullSecrets: []
28
nameOverride: ""
29
fullnameOverride: ""
30
## namespaceOverride overrides the namespace which the resources will be deployed in
31
namespaceOverride: ""
32
automountServiceAccountToken: true
33
## Running within a user namespace.
34
# Kubernetes server must be at or later than version v1.25.
35
# Kubernetes v1.25 through to v1.27 recognise UserNamespacesStatelessPodsSupport.
36
# Kubernetes v1.28 through to v1.32 need to enable the UserNamespacesSupport feature gate.
37
hostUsers: false
38
serviceAccount:
39
# Specifies whether a service account should be created
40
create: true
41
# Annotations to add to the service account
42
annotations: {}
43
# The name of the service account to use.
44
# If not set and create is true, a name is generated using the fullname template
45
name: ""
46
# Sets priorityClassName in alertmanager pod
47
priorityClassName: ""
48
# Sets schedulerName in alertmanager pod
49
schedulerName: ""
50
podSecurityContext:
51
fsGroup: 65534
52
dnsConfig: {}
53
# nameservers:
54
# - 1.2.3.4
55
# searches:
56
# - ns1.svc.cluster-domain.example
57
# - my.dns.search.suffix
58
# options:
59
# - name: ndots
60
# value: "2"
61
# - name: edns0
62
hostAliases: []
63
# - ip: "127.0.0.1"
64
# hostnames:
65
# - "foo.local"
66
# - "bar.local"
67
# - ip: "10.1.2.3"
68
# hostnames:
69
# - "foo.remote"
70
# - "bar.remote"
71
securityContext:
72
# capabilities:
73
# drop:
74
# - ALL
75
# readOnlyRootFilesystem: true
76
runAsUser: 65534
77
runAsNonRoot: true
78
runAsGroup: 65534
79
additionalPeers: []
80
## Additional InitContainers to initialize the pod
81
##
82
extraInitContainers: []
83
## Additional containers to add to the stateful set. This will allow to setup sidecarContainers like a proxy to integrate
84
## alertmanager with an external tool like teams that has not direct integration.
85
##
86
extraContainers: []
87
containerPortName: &containerPortName http
88
livenessProbe:
89
httpGet:
90
path: /
91
port: *containerPortName
92
readinessProbe:
93
httpGet:
94
path: /
95
port: *containerPortName
96
service:
97
annotations: {}
98
labels: {}
99
type: ClusterIP
100
port: 9093
101
clusterPort: 9094
102
loadBalancerIP: "" # Assign ext IP when Service type is LoadBalancer
103
loadBalancerSourceRanges: [] # Only allow access to loadBalancerIP from these IPs
104
# if you want to force a specific nodePort. Must be use with service.type=NodePort
105
# nodePort:
106
107
# Optionally specify extra list of additional ports exposed on both services
108
extraPorts: []
109
# ip dual stack
110
ipDualStack:
111
enabled: false
112
ipFamilies: ["IPv6", "IPv4"]
113
ipFamilyPolicy: "PreferDualStack"
114
# Configuration for creating a separate Service for each statefulset Alertmanager replica
115
#
116
servicePerReplica:
117
enabled: false
118
annotations: {}
119
# Loadbalancer source IP ranges
120
# Only used if servicePerReplica.type is "LoadBalancer"
121
loadBalancerSourceRanges: []
122
# Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
123
#
124
externalTrafficPolicy: Cluster
125
# Service type
126
#
127
type: ClusterIP
128
serviceMonitor:
129
enabled: false
130
namespace: ""
131
additionalLabels: {}
132
interval: ""
133
scrapeTimeout: ""
134
path: /metrics
135
scheme: ""
136
tlsConfig: {}
137
bearerTokenFile: ""
138
basicAuth: {}
139
honorLabels: false
140
metricRelabelings: []
141
relabelings: []
142
ingress:
143
enabled: false
144
className: ""
145
labels: {}
146
annotations: {}
147
# kubernetes.io/ingress.class: nginx
148
# kubernetes.io/tls-acme: "true"
149
hosts:
150
- host: alertmanager.domain.com
151
paths:
152
- path: /
153
pathType: ImplementationSpecific
154
tls: []
155
# - secretName: chart-example-tls
156
# hosts:
157
# - alertmanager.domain.com
158
# Configuration for creating an Ingress that will map to each Alertmanager replica service
159
# alertmanager.servicePerReplica must be enabled
160
#
161
ingressPerReplica:
162
enabled: false
163
# className for the ingresses
164
#
165
className: ""
166
annotations: {}
167
labels: {}
168
# Final form of the hostname for each per replica ingress is
169
# {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
170
#
171
# Prefix for the per replica ingress that will have `-$replicaNumber`
172
# appended to the end
173
hostPrefix: "alertmanager"
174
# Domain that will be used for the per replica ingress
175
hostDomain: "domain.com"
176
# Paths to use for ingress rules
177
#
178
paths:
179
- /
180
# PathType for ingress rules
181
#
182
pathType: ImplementationSpecific
183
# Secret name containing the TLS certificate for alertmanager per replica ingress
184
# Secret must be manually created in the namespace
185
tlsSecretName: ""
186
# Separated secret for each per replica Ingress. Can be used together with cert-manager
187
#
188
tlsSecretPerReplica:
189
enabled: false
190
# Final form of the secret for each per replica ingress is
191
# {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
192
#
193
prefix: "alertmanager"
194
resources: {}
195
# We usually recommend not to specify default resources and to leave this as a conscious
196
# choice for the user. This also increases chances charts run on environments with little
197
# resources, such as Minikube. If you do want to specify resources, uncomment the following
198
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
199
# limits:
200
# cpu: 100m
201
# memory: 128Mi
202
# requests:
203
# cpu: 10m
204
# memory: 32Mi
205
206
nodeSelector: {}
207
tolerations: []
208
affinity: {}
209
## Pod anti-affinity can prevent the scheduler from placing Alertmanager replicas on the same node.
210
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
211
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
212
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
213
##
214
podAntiAffinity: ""
215
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
216
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
217
##
218
podAntiAffinityTopologyKey: kubernetes.io/hostname
219
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
220
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
221
topologySpreadConstraints: []
222
# - maxSkew: 1
223
# topologyKey: failure-domain.beta.kubernetes.io/zone
224
# whenUnsatisfiable: DoNotSchedule
225
# labelSelector:
226
# matchLabels:
227
# app.kubernetes.io/instance: alertmanager
228
229
statefulSet:
230
annotations: {}
231
## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
232
## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
233
## This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds
234
## feature gate.
235
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds
236
minReadySeconds: 0
237
podAnnotations: {}
238
podLabels: {}
239
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
240
podDisruptionBudget: {}
241
# maxUnavailable: 1
242
# minAvailable: 1
243
244
command: []
245
persistence:
246
## If true, storage will create or use Persistence Volume
247
## If false, storage will use emptyDir
248
##
249
enabled: true
250
## Custom annotations for the PVC created by the alertmanager StatefulSet.
251
## Useful for configuring storage provider options such as disk type, KMS encryption keys, or custom volume name prefixes.
252
annotations: {}
253
## Custom labels for the PVC created by the alertmanager StatefulSet.
254
## Useful for selecting, grouping, and organizing so that they can be queried or targeted in deployments, policies, etc.
255
labels: {}
256
## Persistent Volume Storage Class
257
## If defined, storageClassName: <storageClass>
258
## If set to "-", storageClassName: "", which disables dynamic provisioning
259
## If undefined (the default) or set to null, no storageClassName spec is
260
## set, choosing the default provisioner.
261
##
262
# storageClass: "-"
263
accessModes:
264
- ReadWriteOnce
265
size: 50Mi
266
## Configure emptyDir volume
267
##
268
emptyDir: {}
269
configAnnotations: {}
270
## For example if you want to provide private data from a secret vault
271
## https://github.com/banzaicloud/bank-vaults/tree/main/charts/vault-secrets-webhook
272
## P.s.: Add option `configMapMutation: true` for vault-secrets-webhook
273
# vault.security.banzaicloud.io/vault-role: "admin"
274
# vault.security.banzaicloud.io/vault-addr: "https://vault.vault.svc.cluster.local:8200"
275
# vault.security.banzaicloud.io/vault-skip-verify: "true"
276
# vault.security.banzaicloud.io/vault-path: "kubernetes"
277
## Example for inject secret
278
# slack_api_url: '${vault:secret/data/slack-hook-alerts#URL}'
279
280
config:
281
enabled: true
282
global: {}
283
# slack_api_url: ''
284
285
templates:
286
- '/etc/alertmanager/*.tmpl'
287
receivers:
288
- name: default-receiver
289
# slack_configs:
290
# - channel: '@you'
291
# send_resolved: true
292
route:
293
group_wait: 10s
294
group_interval: 5m
295
receiver: default-receiver
296
repeat_interval: 3h
297
## Monitors ConfigMap changes and POSTs to a URL
298
## Ref: https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader
299
##
300
configmapReload:
301
## If false, the configmap-reload container will not be deployed
302
##
303
enabled: false
304
## configmap-reload container name
305
##
306
name: configmap-reload
307
## configmap-reload container image
308
##
309
image:
310
repository: cgr.dev/chainguard-private/prometheus-config-reloader
311
tag: latest@sha256:101fbbbccedc1551ae0b96737686dac80e33cef55eed40324d653cc5c8619529
312
pullPolicy: IfNotPresent
313
# containerPort: 9533
314
315
## configmap-reload resource requests and limits
316
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
317
##
318
resources: {}
319
livenessProbe: {}
320
# httpGet:
321
# path: /healthz
322
# port: 8080
323
# scheme: HTTP
324
readinessProbe: {}
325
# httpGet:
326
# path: /healthz
327
# port: 8080
328
# scheme: HTTP
329
330
extraArgs: {}
331
## Optionally specify extra list of additional volumeMounts
332
extraVolumeMounts: []
333
# - name: extras
334
# mountPath: /usr/share/extras
335
# readOnly: true
336
337
## Optionally specify extra environment variables to add to alertmanager container
338
extraEnv: []
339
# - name: FOO
340
# value: BAR
341
342
securityContext: {}
343
# capabilities:
344
# drop:
345
# - ALL
346
# readOnlyRootFilesystem: true
347
# runAsUser: 65534
348
# runAsNonRoot: true
349
# runAsGroup: 65534
350
templates: {}
351
# alertmanager.tmpl: |-
352
353
## Optionally specify extra list of additional volumeMounts
354
extraVolumeMounts: []
355
# - name: extras
356
# mountPath: /usr/share/extras
357
# readOnly: true
358
359
## Optionally specify extra list of additional volumes
360
extraVolumes: []
361
# - name: extras
362
# emptyDir: {}
363
364
## Optionally specify extra environment variables to add to alertmanager container
365
extraEnv: []
366
# - name: FOO
367
# value: BAR
368
369
testFramework:
370
enabled: false
371
annotations:
372
"helm.sh/hook": test-success
373
# "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
374
# --- Vertical Pod Autoscaler
375
verticalPodAutoscaler:
376
# -- Use VPA for alertmanager
377
enabled: false
378
# recommenders:
379
# - name: 'alternative'
380
# updatePolicy:
381
# updateMode: "Auto"
382
# minReplicas: 1
383
# resourcePolicy:
384
# containerPolicies:
385
# - containerName: '*'
386
# minAllowed:
387
# cpu: 100m
388
# memory: 128Mi
389
# maxAllowed:
390
# cpu: 1
391
# memory: 500Mi
392
# controlledResources: ["cpu", "memory"]
393
# --- Extra Pod Configs
394
extraPodConfigs: {}
395
# dnsPolicy: ClusterFirstWithHostNet
396
# hostNetwork: true
397
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.