prometheus-alertmanager
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# yaml-language-server: $schema=values.schema.json
2
# Default values for alertmanager.
3
# This is a YAML-formatted file.
4
# Declare variables to be passed into your templates.
5
6
replicaCount: 1
7
# Number of old history to retain to allow rollback
8
# Default Kubernetes value is set to 10
9
revisionHistoryLimit: 10
10
image:
11
repository: cgr.dev/chainguard-private/prometheus-alertmanager
12
pullPolicy: IfNotPresent
13
# Overrides the image tag whose default is the chart appVersion.
14
tag: latest@sha256:1955ae18577d754e1b3ca8cfc9e654230ccdb99ab897fd873be208f98920b59e
15
# Full external URL where alertmanager is reachable, used for backlinks.
16
baseURL: ""
17
extraArgs: {}
18
## Additional Alertmanager Secret mounts
19
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
20
extraSecretMounts: []
21
# - name: secret-files
22
# mountPath: /etc/secrets
23
# subPath: ""
24
# secretName: alertmanager-secret-files
25
# readOnly: true
26
27
imagePullSecrets: []
28
nameOverride: ""
29
fullnameOverride: ""
30
## namespaceOverride overrides the namespace which the resources will be deployed in
31
namespaceOverride: ""
32
automountServiceAccountToken: true
33
## Running within a user namespace.
34
# Kubernetes server must be at or later than version v1.25.
35
# Kubernetes v1.25 through to v1.27 recognise UserNamespacesStatelessPodsSupport.
36
# Kubernetes v1.28 through to v1.32 need to enable the UserNamespacesSupport feature gate.
37
hostUsers: false
38
serviceAccount:
39
# Specifies whether a service account should be created
40
create: true
41
# Annotations to add to the service account
42
annotations: {}
43
# The name of the service account to use.
44
# If not set and create is true, a name is generated using the fullname template
45
name: ""
46
# Sets priorityClassName in alertmanager pod
47
priorityClassName: ""
48
# Sets schedulerName in alertmanager pod
49
schedulerName: ""
50
podSecurityContext:
51
fsGroup: 65534
52
dnsConfig: {}
53
# nameservers:
54
# - 1.2.3.4
55
# searches:
56
# - ns1.svc.cluster-domain.example
57
# - my.dns.search.suffix
58
# options:
59
# - name: ndots
60
# value: "2"
61
# - name: edns0
62
hostAliases: []
63
# - ip: "127.0.0.1"
64
# hostnames:
65
# - "foo.local"
66
# - "bar.local"
67
# - ip: "10.1.2.3"
68
# hostnames:
69
# - "foo.remote"
70
# - "bar.remote"
71
securityContext:
72
# capabilities:
73
# drop:
74
# - ALL
75
# readOnlyRootFilesystem: true
76
runAsUser: 65534
77
runAsNonRoot: true
78
runAsGroup: 65534
79
additionalPeers: []
80
## Additional InitContainers to initialize the pod
81
##
82
extraInitContainers: []
83
## Additional containers to add to the stateful set. This will allow to setup sidecarContainers like a proxy to integrate
84
## alertmanager with an external tool like teams that has not direct integration.
85
##
86
extraContainers: []
87
containerPortName: &containerPortName http
88
livenessProbe:
89
httpGet:
90
path: /
91
port: *containerPortName
92
readinessProbe:
93
httpGet:
94
path: /
95
port: *containerPortName
96
service:
97
annotations: {}
98
labels: {}
99
type: ClusterIP
100
port: 9093
101
clusterPort: 9094
102
loadBalancerIP: "" # Assign ext IP when Service type is LoadBalancer
103
loadBalancerSourceRanges: [] # Only allow access to loadBalancerIP from these IPs
104
# if you want to force a specific nodePort. Must be use with service.type=NodePort
105
# nodePort:
106
107
# Optionally specify extra list of additional ports exposed on both services
108
extraPorts: []
109
# ip dual stack
110
ipDualStack:
111
enabled: false
112
ipFamilies: ["IPv6", "IPv4"]
113
ipFamilyPolicy: "PreferDualStack"
114
# Configuration for creating a separate Service for each statefulset Alertmanager replica
115
#
116
servicePerReplica:
117
enabled: false
118
annotations: {}
119
# Loadbalancer source IP ranges
120
# Only used if servicePerReplica.type is "LoadBalancer"
121
loadBalancerSourceRanges: []
122
# Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
123
#
124
externalTrafficPolicy: Cluster
125
# Service type
126
#
127
type: ClusterIP
128
serviceMonitor:
129
enabled: false
130
namespace: ""
131
additionalLabels: {}
132
interval: ""
133
scrapeTimeout: ""
134
path: /metrics
135
scheme: ""
136
tlsConfig: {}
137
bearerTokenFile: ""
138
basicAuth: {}
139
honorLabels: false
140
metricRelabelings: []
141
relabelings: []
142
ingress:
143
enabled: false
144
className: ""
145
labels: {}
146
annotations: {}
147
# kubernetes.io/ingress.class: nginx
148
# kubernetes.io/tls-acme: "true"
149
hosts:
150
- host: alertmanager.domain.com
151
paths:
152
- path: /
153
pathType: ImplementationSpecific
154
tls: []
155
# - secretName: chart-example-tls
156
# hosts:
157
# - alertmanager.domain.com
158
# Configuration for creating an Ingress that will map to each Alertmanager replica service
159
# alertmanager.servicePerReplica must be enabled
160
#
161
ingressPerReplica:
162
enabled: false
163
# className for the ingresses
164
#
165
className: ""
166
annotations: {}
167
labels: {}
168
# Final form of the hostname for each per replica ingress is
169
# {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
170
#
171
# Prefix for the per replica ingress that will have `-$replicaNumber`
172
# appended to the end
173
hostPrefix: "alertmanager"
174
# Domain that will be used for the per replica ingress
175
hostDomain: "domain.com"
176
# Paths to use for ingress rules
177
#
178
paths:
179
- /
180
# PathType for ingress rules
181
#
182
pathType: ImplementationSpecific
183
# Secret name containing the TLS certificate for alertmanager per replica ingress
184
# Secret must be manually created in the namespace
185
tlsSecretName: ""
186
# Separated secret for each per replica Ingress. Can be used together with cert-manager
187
#
188
tlsSecretPerReplica:
189
enabled: false
190
# Final form of the secret for each per replica ingress is
191
# {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
192
#
193
prefix: "alertmanager"
194
## route (map) allows configuration of Gateway API HTTPRoute resources
195
## Requires Gateway API resources and a suitable controller installed within the cluster
196
## Ref. https://gateway-api.sigs.k8s.io/guides/http-routing/
197
route:
198
main:
199
## Enable this route
200
enabled: false
201
## apiVersion set by default to "gateway.networking.k8s.io/v1"
202
apiVersion: ""
203
## kind set by default to HTTPRoute
204
kind: ""
205
## Annotations to attach to the HTTPRoute resource
206
annotations: {}
207
## Labels to attach to the HTTPRoute resource
208
labels: {}
209
## ParentRefs references the resources (usually Gateways) this HTTPRoute should be attached to
210
parentRefs: []
211
# - name: contour
212
# sectionName: http
213
214
## Hostnames (templated) defines a set of hostnames that should match against the HTTP Host
215
## header to select an HTTPRoute used to process the request
216
hostnames: []
217
# - alertmanager.domain.com
218
219
## additionalRules (templated) allows adding custom rules to the route
220
additionalRules: []
221
## Filters define the filters that are applied to requests that match this rule
222
filters: []
223
## Matches define conditions used for matching the rule against incoming HTTP requests
224
matches:
225
- path:
226
type: PathPrefix
227
value: /
228
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
229
## To redirect HTTP traffic to HTTPS, you need a Gateway with both HTTP and HTTPS listeners.
230
## Matches and filters do not take effect if enabled.
231
## Ref. https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/
232
httpsRedirect: false
233
resources: {}
234
# We usually recommend not to specify default resources and to leave this as a conscious
235
# choice for the user. This also increases chances charts run on environments with little
236
# resources, such as Minikube. If you do want to specify resources, uncomment the following
237
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
238
# limits:
239
# cpu: 100m
240
# memory: 128Mi
241
# requests:
242
# cpu: 10m
243
# memory: 32Mi
244
245
nodeSelector: {}
246
tolerations: []
247
affinity: {}
248
## Pod anti-affinity can prevent the scheduler from placing Alertmanager replicas on the same node.
249
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
250
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
251
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
252
##
253
podAntiAffinity: ""
254
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
255
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
256
##
257
podAntiAffinityTopologyKey: kubernetes.io/hostname
258
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
259
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
260
topologySpreadConstraints: []
261
# - maxSkew: 1
262
# topologyKey: failure-domain.beta.kubernetes.io/zone
263
# whenUnsatisfiable: DoNotSchedule
264
# labelSelector:
265
# matchLabels:
266
# app.kubernetes.io/instance: alertmanager
267
268
statefulSet:
269
annotations: {}
270
## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
271
## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
272
## This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds
273
## feature gate.
274
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds
275
minReadySeconds: 0
276
podAnnotations: {}
277
podLabels: {}
278
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
279
podDisruptionBudget: {}
280
# maxUnavailable: 1
281
# minAvailable: 1
282
283
command: []
284
persistence:
285
## If true, storage will create or use Persistence Volume
286
## If false, storage will use emptyDir
287
##
288
enabled: true
289
## Custom annotations for the PVC created by the alertmanager StatefulSet.
290
## Useful for configuring storage provider options such as disk type, KMS encryption keys, or custom volume name prefixes.
291
annotations: {}
292
## Custom labels for the PVC created by the alertmanager StatefulSet.
293
## Useful for selecting, grouping, and organizing so that they can be queried or targeted in deployments, policies, etc.
294
labels: {}
295
## Persistent Volume Storage Class
296
## If defined, storageClassName: <storageClass>
297
## If set to "-", storageClassName: "", which disables dynamic provisioning
298
## If undefined (the default) or set to null, no storageClassName spec is
299
## set, choosing the default provisioner.
300
##
301
# storageClass: "-"
302
accessModes:
303
- ReadWriteOnce
304
size: 50Mi
305
## Configure emptyDir volume
306
##
307
emptyDir: {}
308
configAnnotations: {}
309
## For example if you want to provide private data from a secret vault
310
## https://github.com/banzaicloud/bank-vaults/tree/main/charts/vault-secrets-webhook
311
## P.s.: Add option `configMapMutation: true` for vault-secrets-webhook
312
# vault.security.banzaicloud.io/vault-role: "admin"
313
# vault.security.banzaicloud.io/vault-addr: "https://vault.vault.svc.cluster.local:8200"
314
# vault.security.banzaicloud.io/vault-skip-verify: "true"
315
# vault.security.banzaicloud.io/vault-path: "kubernetes"
316
## Example for inject secret
317
# slack_api_url: '${vault:secret/data/slack-hook-alerts#URL}'
318
319
config:
320
enabled: true
321
global: {}
322
# slack_api_url: ''
323
324
templates:
325
- '/etc/alertmanager/*.tmpl'
326
receivers:
327
- name: default-receiver
328
# slack_configs:
329
# - channel: '@you'
330
# send_resolved: true
331
route:
332
group_wait: 10s
333
group_interval: 5m
334
receiver: default-receiver
335
repeat_interval: 3h
336
## Monitors ConfigMap changes and POSTs to a URL
337
## Ref: https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader
338
##
339
configmapReload:
340
## If false, the configmap-reload container will not be deployed
341
##
342
enabled: false
343
## configmap-reload container name
344
##
345
name: configmap-reload
346
## configmap-reload container image
347
##
348
image:
349
repository: cgr.dev/chainguard-private/prometheus-config-reloader
350
tag: latest@sha256:e577ca8ad74880486d549548ab42a7205d02f845baa177640d932d3728e0395e
351
pullPolicy: IfNotPresent
352
# containerPort: 9533
353
354
## configmap-reload resource requests and limits
355
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
356
##
357
resources: {}
358
livenessProbe: {}
359
# httpGet:
360
# path: /healthz
361
# port: 8080
362
# scheme: HTTP
363
readinessProbe: {}
364
# httpGet:
365
# path: /healthz
366
# port: 8080
367
# scheme: HTTP
368
369
extraArgs: {}
370
## Optionally specify extra list of additional volumeMounts
371
extraVolumeMounts: []
372
# - name: extras
373
# mountPath: /usr/share/extras
374
# readOnly: true
375
376
## Optionally specify extra environment variables to add to alertmanager container
377
extraEnv: []
378
# - name: FOO
379
# value: BAR
380
381
securityContext: {}
382
# capabilities:
383
# drop:
384
# - ALL
385
# readOnlyRootFilesystem: true
386
# runAsUser: 65534
387
# runAsNonRoot: true
388
# runAsGroup: 65534
389
templates: {}
390
# alertmanager.tmpl: |-
391
392
## Optionally specify extra list of additional volumeMounts
393
extraVolumeMounts: []
394
# - name: extras
395
# mountPath: /usr/share/extras
396
# readOnly: true
397
398
## Optionally specify extra list of additional volumes
399
extraVolumes: []
400
# - name: extras
401
# emptyDir: {}
402
403
## Optionally specify extra environment variables to add to alertmanager container
404
extraEnv: []
405
# - name: FOO
406
# value: BAR
407
408
testFramework:
409
enabled: false
410
annotations:
411
"helm.sh/hook": test-success
412
# "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
413
# --- Vertical Pod Autoscaler
414
verticalPodAutoscaler:
415
# -- Use VPA for alertmanager
416
enabled: false
417
# recommenders:
418
# - name: 'alternative'
419
# updatePolicy:
420
# updateMode: "Auto"
421
# minReplicas: 1
422
# resourcePolicy:
423
# containerPolicies:
424
# - containerName: '*'
425
# minAllowed:
426
# cpu: 100m
427
# memory: 128Mi
428
# maxAllowed:
429
# cpu: 1
430
# memory: 500Mi
431
# controlledResources: ["cpu", "memory"]
432
# --- Extra Pod Configs
433
extraPodConfigs: {}
434
# dnsPolicy: ClusterFirstWithHostNet
435
# hostNetwork: true
436
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.