DirectorySecurity AdvisoriesPricing
Sign in
Directory
prometheus-pushgateway logoHELM

prometheus-pushgateway

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# Default values for prometheus-pushgateway.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
global:
6
imageRegistry: ""
7
imagePullSecrets: []
8
# Provide a name in place of prometheus-pushgateway for `app:` labels
9
nameOverride: ""
10
# Provide a name to substitute for the full names of resources
11
fullnameOverride: ""
12
# Provide a namespace to substitude for the namespace on resources
13
namespaceOverride: ""
14
image:
15
registry: ""
16
repository: cgr.dev/chainguard-private/prometheus-pushgateway
17
# if not set appVersion field from Chart.yaml is used
18
tag: latest@sha256:ff2fe08376036f7a6a34a37bb9b6da04744240d8ae86d7486026f4e2b245e7b0
19
pullPolicy: IfNotPresent
20
# Optional pod imagePullSecrets
21
imagePullSecrets: []
22
service:
23
type: ClusterIP
24
port: 9091
25
targetPort: 9091
26
# nodePort: 32100
27
portName: http
28
# Optional - Can be used for headless if value is "None"
29
clusterIP: ""
30
ipDualStack:
31
enabled: false
32
ipFamilies: ["IPv6", "IPv4"]
33
ipFamilyPolicy: "PreferDualStack"
34
loadBalancerIP: ""
35
loadBalancerSourceRanges: []
36
# Whether to automatically mount a service account token into the pod
37
automountServiceAccountToken: true
38
# Optional deployment annotations
39
deploymentAnnotations: {}
40
# Optional pod annotations
41
podAnnotations: {}
42
# Optional pod labels
43
podLabels: {}
44
# Optional service annotations
45
serviceAnnotations: {}
46
# Optional service labels
47
serviceLabels: {}
48
# Optional serviceAccount labels
49
serviceAccountLabels: {}
50
# Optional persistentVolume labels
51
persistentVolumeLabels: {}
52
# Optional additional environment variables
53
extraVars: []
54
## Additional pushgateway container arguments
55
##
56
## example:
57
## extraArgs:
58
## - --persistence.file=/data/pushgateway.data
59
## - --persistence.interval=5m
60
extraArgs: []
61
## Additional InitContainers to initialize the pod
62
##
63
extraInitContainers: []
64
# Optional additional containers (sidecar)
65
extraContainers: []
66
# - name: oAuth2-proxy
67
# args:
68
# - -https-address=:9092
69
# - -upstream=http://localhost:9091
70
# - -skip-auth-regex=^/metrics
71
# - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}}
72
# image: openshift/oauth-proxy:v1.1.0
73
# ports:
74
# - containerPort: 9092
75
# name: proxy
76
# resources:
77
# limits:
78
# memory: 16Mi
79
# requests:
80
# memory: 4Mi
81
# cpu: 20m
82
# volumeMounts:
83
# - mountPath: /etc/prometheus/secrets/pushgateway-tls
84
# name: secret-pushgateway-tls
85
86
resources: {}
87
# We usually recommend not to specify default resources and to leave this as a conscious
88
# choice for the user. This also increases chances charts run on environments with little
89
# resources, such as Minikube. If you do want to specify resources, uncomment the following
90
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
91
# limits:
92
# cpu: 200m
93
# memory: 50Mi
94
# requests:
95
# cpu: 100m
96
# memory: 30Mi
97
98
# -- Sets web configuration
99
# To enable basic authentication, provide basicAuthUsers as a map
100
# If serviceMonitor.enabled is set, a secret with these credentials will be created
101
# and configured in serviceMonitor. serviceMonitor.basicAuth overrides this secret.
102
webConfiguration: {}
103
# basicAuthUsers:
104
# username: password
105
106
liveness:
107
enabled: true
108
probe:
109
httpGet:
110
path: /-/healthy
111
port: 9091
112
scheme: HTTP
113
initialDelaySeconds: 10
114
timeoutSeconds: 10
115
readiness:
116
enabled: true
117
probe:
118
httpGet:
119
path: /-/ready
120
port: 9091
121
scheme: HTTP
122
initialDelaySeconds: 10
123
timeoutSeconds: 10
124
serviceAccount:
125
# Specifies whether a ServiceAccount should be created
126
create: true
127
# The name of the ServiceAccount to use.
128
# If not set and create is true, a name is generated using the fullname template
129
name:
130
## Configure ingress resource that allow you to access the
131
## pushgateway installation. Set up the URL
132
## ref: http://kubernetes.io/docs/user-guide/ingress/
133
##
134
ingress:
135
## Enable Ingress.
136
##
137
enabled: false
138
# AWS ALB requires path of /*
139
className: ""
140
path: /
141
pathType: ImplementationSpecific
142
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
143
extraPaths: []
144
# - path: /*
145
# backend:
146
# serviceName: ssl-redirect
147
# servicePort: use-annotation
148
## Annotations.
149
##
150
# annotations:
151
# kubernetes.io/ingress.class: nginx
152
# kubernetes.io/tls-acme: 'true'
153
154
## Hostnames.
155
## Must be provided if Ingress is enabled.
156
##
157
# hosts:
158
# - pushgateway.domain.com
159
160
## TLS configuration.
161
## Secrets must be manually created in the namespace.
162
##
163
# tls:
164
# - secretName: pushgateway-tls
165
# hosts:
166
# - pushgateway.domain.com
167
168
## route (map) allows configuration of HTTPRoute resources
169
## Requires Gateway API resources and suitable controller installed within the cluster
170
## Ref. https://gateway-api.sigs.k8s.io/guides/http-routing/
171
route:
172
main:
173
## Enable this route
174
enabled: false
175
## ApiVersion set by default to "gateway.networking.k8s.io/v1"
176
apiVersion: ""
177
## kind set by default to HTTPRoute
178
kind: ""
179
## Annotations to attach to the HTTPRoute resource
180
annotations: {}
181
## Labels to attach to the HTTPRoute resource
182
labels: {}
183
## ParentRefs refers to resources this HTTPRoute is to be attached to (Gateways)
184
parentRefs: []
185
# - name: contour
186
# sectionName: http
187
188
## Hostnames (templated) defines a set of hostnames that should match against the HTTP Host
189
## header to select a HTTPRoute used to process the request
190
hostnames: []
191
# - my.example.com
192
193
## additionalRules (templated) allows adding custom rules to the route
194
additionalRules: []
195
## Filters define the filters that are applied to requests that match
196
## this rule
197
filters: []
198
## Matches define conditions used for matching the rule against incoming
199
## HTTP requests
200
matches:
201
- path:
202
type: PathPrefix
203
value: /
204
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
205
## To redirect HTTP traffic to HTTPS, you need to have a Gateway with both HTTP and HTTPS listeners.
206
## Matches and filters do not take effect if enabled.
207
## Ref. https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/
208
httpsRedirect: false
209
tolerations: []
210
# - effect: NoSchedule
211
# operator: Exists
212
213
## Node labels for pushgateway pod assignment
214
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
215
##
216
nodeSelector: {}
217
replicaCount: 1
218
hostAliases: []
219
# - ip: "127.0.0.1"
220
# hostnames:
221
# - "foo.local"
222
# - "bar.local"
223
# - ip: "10.1.2.3"
224
# hostnames:
225
# - "foo.remote"
226
# - "bar.remote"
227
228
## When running more than one replica alongside with persistence, different volumes are needed
229
## per replica, since sharing a `persistence.file` across replicas does not keep metrics synced.
230
## For this purpose, you can enable the `runAsStatefulSet` to deploy the pushgateway as a
231
## StatefulSet instead of as a Deployment.
232
runAsStatefulSet: false
233
## Security context to be added to push-gateway pods
234
##
235
securityContext:
236
fsGroup: 65534
237
runAsUser: 65534
238
runAsNonRoot: true
239
## Security context to be added to push-gateway containers
240
## Having a separate variable as securityContext differs for pods and containers.
241
containerSecurityContext: {}
242
# allowPrivilegeEscalation: false
243
# readOnlyRootFilesystem: true
244
# runAsUser: 65534
245
# runAsNonRoot: true
246
247
## Affinity for pod assignment
248
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
249
affinity: {}
250
## Pod anti-affinity can prevent the scheduler from placing pushgateway replicas on the same node.
251
## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
252
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
253
## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `affinity`).
254
##
255
podAntiAffinity: ""
256
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
257
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
258
##
259
podAntiAffinityTopologyKey: kubernetes.io/hostname
260
## Topology spread constraints for pods
261
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
262
topologySpreadConstraints: []
263
# Enable this if you're using https://github.com/coreos/prometheus-operator
264
serviceMonitor:
265
enabled: false
266
namespace: monitoring
267
# telemetryPath: HTTP resource path from which to fetch metrics.
268
# Telemetry path, default /metrics, has to be prefixed accordingly if pushgateway sets a route prefix at start-up.
269
#
270
telemetryPath: "/metrics"
271
# Fallback to the prometheus default unless specified
272
interval: ""
273
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
274
scheme: ""
275
## Basic authentication
276
basicAuth: {}
277
## Bearer token file
278
bearerTokenFile: ""
279
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
280
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
281
tlsConfig: {}
282
# bearerTokenFile:
283
# Fallback to the prometheus default unless specified
284
scrapeTimeout: ""
285
## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
286
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
287
additionalLabels: {}
288
# Retain the job and instance labels of the metrics pushed to the Pushgateway
289
# [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape)
290
honorLabels: true
291
## Metric relabel configs to apply to samples before ingestion.
292
## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
293
metricRelabelings: []
294
# - action: keep
295
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
296
# sourceLabels: [__name__]
297
298
## Relabel configs to apply to samples before ingestion.
299
## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
300
relabelings: []
301
# - sourceLabels: [__meta_kubernetes_pod_node_name]
302
# separator: ;
303
# regex: ^(.*)$
304
# targetLabel: nodename
305
# replacement: $1
306
# action: replace
307
# The values to set in the PodDisruptionBudget spec (minAvailable/maxUnavailable)
308
# If not set then a PodDisruptionBudget will not be created
309
podDisruptionBudget: {}
310
priorityClassName:
311
# Deployment Strategy type
312
strategy:
313
type: Recreate
314
persistentVolume:
315
## If true, pushgateway will create/use a Persistent Volume Claim
316
## If false, use emptyDir
317
##
318
enabled: false
319
## pushgateway data Persistent Volume access modes
320
## Must match those of existing PV or dynamic provisioner
321
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
322
##
323
accessModes:
324
- ReadWriteOnce
325
## pushgateway data Persistent Volume Claim annotations
326
##
327
annotations: {}
328
## pushgateway data Persistent Volume existing claim name
329
## Requires pushgateway.persistentVolume.enabled: true
330
## If defined, PVC must be created manually before volume will be bound
331
existingClaim: ""
332
## pushgateway data Persistent Volume mount root path
333
##
334
mountPath: /data
335
## pushgateway data Persistent Volume size
336
##
337
size: 2Gi
338
## pushgateway data Persistent Volume Storage Class
339
## If defined, storageClassName: <storageClass>
340
## If set to "-", storageClassName: "", which disables dynamic provisioning
341
## If undefined (the default) or set to null, no storageClassName spec is
342
## set, choosing the default provisioner. (gp2 on AWS, standard on
343
## GKE, AWS & OpenStack)
344
##
345
# storageClass: "-"
346
347
## Subdirectory of pushgateway data Persistent Volume to mount
348
## Useful if the volume's root directory is not empty
349
##
350
subPath: ""
351
extraVolumes: []
352
# - name: extra
353
# emptyDir: {}
354
extraVolumeMounts: []
355
# - name: extra
356
# mountPath: /usr/share/extras
357
# readOnly: true
358
359
# Configuration for clusters with restrictive network policies in place:
360
# - allowAll allows access to the PushGateway from any namespace
361
# - customSelector is a list of pod/namespaceSelectors to allow access from
362
# These options are mutually exclusive and the latter will take precedence.
363
networkPolicy: {}
364
# allowAll: true
365
# customSelectors:
366
# - namespaceSelector:
367
# matchLabels:
368
# type: admin
369
# - podSelector:
370
# matchLabels:
371
# app: myapp
372
373
# Array of extra K8s objects to deploy (evaluated as a template)
374
# The value can hold an array of strings as well as objects
375
extraManifests: []
376
# Lifecycle hooks configuration
377
lifecycle: {}
378
# preStop:
379
# exec:
380
# command: ["/bin/sh", "-c", "sleep 30"]
381

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.