prometheus
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# yaml-language-server: $schema=values.schema.json
2
# Default values for prometheus.
3
# This is a YAML-formatted file.
4
# Declare variables to be passed into your templates.
5
6
rbac:
7
create: true
8
imagePullSecrets: []
9
# - name: "image-pull-secret"
10
11
## Define serviceAccount names for components. Defaults to component's fully qualified name.
12
##
13
serviceAccounts:
14
server:
15
create: true
16
name: ""
17
annotations: {}
18
## Opt out of automounting Kubernetes API credentials.
19
## It will be overriden by server.automountServiceAccountToken value, if set.
20
# automountServiceAccountToken: false
21
## Additional labels to attach to all resources
22
commonMetaLabels: {}
23
## Monitors ConfigMap changes and POSTs to a URL
24
## Ref: https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader
25
##
26
configmapReload:
27
## URL for configmap-reload to use for reloads
28
##
29
reloadUrl: ""
30
## env sets environment variables to pass to the container. Can be set as name/value pairs,
31
## read from secrets or configmaps.
32
env: []
33
# - name: SOMEVAR
34
# value: somevalue
35
# - name: PASSWORD
36
# valueFrom:
37
# secretKeyRef:
38
# name: mysecret
39
# key: password
40
# optional: false
41
42
prometheus:
43
## If false, the configmap-reload container will not be deployed
44
##
45
enabled: true
46
## configmap-reload container name
47
##
48
name: configmap-reload
49
## configmap-reload container image
50
##
51
image:
52
repository: cgr.dev/chainguard-private/prometheus-config-reloader
53
tag: latest
54
# When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value).
55
digest: sha256:eb239dcc1286fd751acd05884b68fff08c35ee95451eb7ba028e2bbacdd22530
56
pullPolicy: IfNotPresent
57
## config-reloader's container port and port name for probes and metrics
58
containerPort: 8080
59
containerPortName: metrics
60
## Additional configmap-reload container arguments
61
## Set to null for argumentless flags
62
##
63
extraArgs: {}
64
## Additional configmap-reload volume directories
65
##
66
extraVolumeDirs: []
67
## Additional configmap-reload volume mounts
68
##
69
extraVolumeMounts: []
70
## Additional configmap-reload mounts
71
##
72
extraConfigmapMounts: []
73
# - name: prometheus-alerts
74
# mountPath: /etc/alerts.d
75
# subPath: ""
76
# configMap: prometheus-alerts
77
# readOnly: true
78
79
## Security context to be added to configmap-reload container
80
containerSecurityContext: {}
81
## Settings for Prometheus reloader's readiness, liveness and startup probes
82
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
83
##
84
livenessProbe:
85
httpGet:
86
path: /healthz
87
port: metrics
88
scheme: HTTP
89
periodSeconds: 10
90
initialDelaySeconds: 2
91
readinessProbe:
92
httpGet:
93
path: /healthz
94
port: metrics
95
scheme: HTTP
96
periodSeconds: 10
97
startupProbe:
98
enabled: false
99
httpGet:
100
path: /healthz
101
port: metrics
102
scheme: HTTP
103
periodSeconds: 10
104
## configmap-reload resource requests and limits
105
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
106
##
107
resources: {}
108
server:
109
## Prometheus server container name
110
##
111
name: server
112
## Opt out of automounting Kubernetes API credentials.
113
## If set it will override serviceAccounts.server.automountServiceAccountToken value for ServiceAccount.
114
# automountServiceAccountToken: false
115
116
## If set it will override prometheus.server.fullname value for ClusterRole and ClusterRoleBinding
117
##
118
clusterRoleNameOverride: ""
119
## Name of an existing cluster role to use in a role binding in namespaces set in
120
## namespaces and releaseNamespace for namespaced discovery.
121
##
122
useExistingClusterRoleName: ""
123
## releaseNamespace to enable only the release namespace for service discovery.
124
## By default all namespaces are included in service discovery.
125
## If releaseNamespace and namespaces are both set, a merged list will be created.
126
## Note that kubernetes_sd_configs.namespaces in scrape configs must be specified
127
## if namespaced service discovery is desired. Setting useExistingClusterRoleName is required.
128
##
129
releaseNamespace: false
130
## namespaces to include in service discovery instead of clusterwide discovery. Needed if you want to run
131
## Prometheus without cluster-admin privileges (namespaced configuration). See also releaseNamespace.
132
## Setting useExistingClusterRoleName is required.
133
##
134
namespaces: []
135
# - yournamespace
136
137
# sidecarContainers - add more containers to prometheus server
138
# Key/Value where Key is the sidecar `- name: <Key>`
139
# Example:
140
# sidecarContainers:
141
# webserver:
142
# image: nginx
143
# OR for adding OAuth authentication to Prometheus
144
# sidecarContainers:
145
# oauth-proxy:
146
# image: quay.io/oauth2-proxy/oauth2-proxy
147
# args:
148
# - --upstream=http://127.0.0.1:9090
149
# - --http-address=0.0.0.0:8081
150
# - ...
151
# ports:
152
# - containerPort: 8081
153
# name: oauth-proxy
154
# protocol: TCP
155
# resources: {}
156
sidecarContainers: {}
157
# sidecarTemplateValues - context to be used in template for sidecarContainers
158
# Example:
159
# sidecarTemplateValues: *your-custom-globals
160
# sidecarContainers:
161
# webserver: |-
162
# {{ include "webserver-container-template" . }}
163
# Template for `webserver-container-template` might looks like this:
164
# image: "{{ .Values.server.sidecarTemplateValues.repository }}:{{ .Values.server.sidecarTemplateValues.tag }}"
165
# ...
166
#
167
sidecarTemplateValues: {}
168
## Prometheus server container image
169
##
170
image:
171
repository: cgr.dev/chainguard-private/prometheus
172
# If not set appVersion field from Chart.yaml is used. Supports templating.
173
tag: latest
174
# When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value).
175
digest: sha256:81fd441d0ba09d8c83dd0b3b0f8a3bc8773412fed8f9586295b04365a73eb2e5
176
# Use the distroless image variant.
177
distroless: false
178
pullPolicy: IfNotPresent
179
## Prometheus server command
180
##
181
command: []
182
## prometheus server priorityClassName
183
##
184
priorityClassName: ""
185
## prometheus server runtimeClassName
186
##
187
runtimeClassName: ""
188
## EnableServiceLinks indicates whether information about services should be injected
189
## into pod's environment variables, matching the syntax of Docker links.
190
## WARNING: the field is unsupported and will be skipped in K8s prior to v1.13.0.
191
##
192
enableServiceLinks: true
193
## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
194
## so that the various internal URLs are still able to access as they are in the default case.
195
## (Optional)
196
prefixURL: ""
197
## External URL which can access prometheus
198
## Maybe same with Ingress host name
199
baseURL: ""
200
## Additional server container environment variables
201
##
202
## You specify this manually like you would a raw deployment manifest.
203
## This means you can bind in environment variables from secrets.
204
##
205
## e.g. static environment variable:
206
## - name: DEMO_GREETING
207
## value: "Hello from the environment"
208
##
209
## e.g. secret environment variable:
210
## - name: USERNAME
211
## valueFrom:
212
## secretKeyRef:
213
## name: mysecret
214
## key: username
215
env: []
216
# List of flags to override default parameters, e.g:
217
# - --enable-feature=agent
218
# - --storage.agent.retention.max-time=30m
219
# - --config.file=/etc/config/prometheus.yml
220
defaultFlagsOverride: []
221
extraFlags:
222
- web.enable-lifecycle
223
## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as
224
## deleting time series. This is disabled by default.
225
# - web.enable-admin-api
226
##
227
## storage.tsdb.no-lockfile flag controls BD locking
228
# - storage.tsdb.no-lockfile
229
##
230
## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL)
231
# - storage.tsdb.wal-compression
232
## Path to a configuration file on prometheus server container FS
233
configPath: /etc/config/prometheus.yml
234
### The data directory used by prometheus to set --storage.tsdb.path
235
### When empty server.persistentVolume.mountPath is used instead
236
storagePath: ""
237
global:
238
## How frequently to scrape targets by default
239
##
240
scrape_interval: 1m
241
## How long until a scrape request times out
242
##
243
scrape_timeout: 10s
244
## How frequently to evaluate rules
245
##
246
evaluation_interval: 1m
247
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
248
##
249
remoteWrite: []
250
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read
251
##
252
remoteRead: []
253
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb
254
##
255
tsdb: {}
256
# out_of_order_time_window: 0s
257
258
## https://prometheus.io/docs/guides/opentelemetry
259
##
260
otlp: {}
261
# promote_resource_attributes: []
262
# keep_identifying_resource_attributes: false
263
# translation_strategy: NoUTF8EscapingWithSuffixes
264
265
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#exemplars
266
## Must be enabled via --enable-feature=exemplar-storage
267
##
268
exemplars: {}
269
# max_exemplars: 100000
270
271
## Custom HTTP headers for Liveness/Readiness/Startup Probe
272
##
273
## Useful for providing HTTP Basic Auth to healthchecks
274
probeHeaders: []
275
# - name: "Authorization"
276
# value: "Bearer ABCDEabcde12345"
277
278
## Additional Prometheus server container arguments
279
## Set to null for argumentless flags
280
##
281
extraArgs: {}
282
# web.enable-remote-write-receiver: null
283
284
## Additional InitContainers to initialize the pod
285
##
286
extraInitContainers: []
287
## Additional Prometheus server Volume mounts
288
##
289
extraVolumeMounts: []
290
## Additional Prometheus server Volumes
291
##
292
extraVolumes: []
293
## Additional Prometheus server hostPath mounts
294
##
295
extraHostPathMounts: []
296
# - name: certs-dir
297
# mountPath: /etc/kubernetes/certs
298
# subPath: ""
299
# hostPath: /etc/kubernetes/certs
300
# readOnly: true
301
302
extraConfigmapMounts: []
303
# - name: certs-configmap
304
# mountPath: /prometheus
305
# subPath: ""
306
# configMap: certs-configmap
307
# readOnly: true
308
309
## Additional Prometheus server Secret mounts
310
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
311
extraSecretMounts: []
312
# - name: secret-files
313
# mountPath: /etc/secrets
314
# subPath: ""
315
# secretName: prom-secret-files
316
# readOnly: true
317
318
## Prometheus server configuration from a secret
319
## Do not set both `configMapOverrideName` and `configFromSecret` simultaneously.
320
## Use either `configMapOverrideName` or `configFromSecret`.
321
## If `configFromSecret` is defined, a ConfigMap resource will NOT be generated.
322
configFromSecret: ""
323
## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}}
324
## Defining configMapOverrideName will cause templates/server-configmap.yaml
325
## to NOT generate a ConfigMap resource
326
##
327
configMapOverrideName: ""
328
## Extra labels for Prometheus server ConfigMap (ConfigMap that holds serverFiles)
329
extraConfigmapLabels: {}
330
## Override the prometheus.server.fullname for all objects related to the Prometheus server
331
fullnameOverride: ""
332
ingress:
333
## If true, Prometheus server Ingress will be created
334
##
335
enabled: false
336
ingressClassName: ""
337
## Prometheus server Ingress annotations
338
##
339
annotations: {}
340
# kubernetes.io/ingress.class: nginx
341
# kubernetes.io/tls-acme: 'true'
342
343
## Prometheus server Ingress additional labels
344
##
345
extraLabels: {}
346
## Redirect ingress to an additional defined port on the service
347
# servicePort: 8081
348
349
## Prometheus server Ingress hostnames with optional path (passed through tpl)
350
## Must be provided if Ingress is enabled
351
##
352
hosts: []
353
# - prometheus.domain.com
354
# - domain.com/prometheus
355
356
path: /
357
# pathType determines the interpretation of the path matching
358
pathType: Prefix
359
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. (passed through tpl)
360
extraPaths: []
361
# - path: /*
362
# backend:
363
# serviceName: ssl-redirect
364
# servicePort: use-annotation
365
366
## Prometheus server Ingress TLS configuration (hosts passed through tpl)
367
## Secrets must be manually created in the namespace
368
##
369
tls: []
370
# - secretName: prometheus-server-tls
371
# hosts:
372
# - prometheus.domain.com
373
## route (map) allows configuration of HTTPRoute resources
374
## Requires Gateway API resources and suitable controller installed within the cluster
375
## Ref. https://gateway-api.sigs.k8s.io/guides/http-routing/
376
route:
377
main:
378
## Enable this route
379
enabled: false
380
## ApiVersion set by default to "gateway.networking.k8s.io/v1"
381
apiVersion: ""
382
## kind set by default to HTTPRoute
383
kind: ""
384
## Annotations to attach to the HTTPRoute resource
385
annotations: {}
386
## Labels to attach to the HTTPRoute resource
387
labels: {}
388
## ParentRefs refers to resources this HTTPRoute is to be attached to (Gateways)
389
parentRefs: []
390
# - name: contour
391
# sectionName: http
392
393
## Hostnames (templated) defines a set of hostnames that should match against the HTTP Host
394
## header to select a HTTPRoute used to process the request
395
hostnames: []
396
# - my.example.com
397
398
## additionalRules (templated) allows adding custom rules to the route
399
additionalRules: []
400
## Filters define the filters that are applied to requests that match
401
## this rule
402
filters: []
403
## Matches define conditions used for matching the rule against incoming
404
## HTTP requests
405
matches:
406
- path:
407
type: PathPrefix
408
value: /
409
## httpsRedirect adds a filter for redirecting to https (HTTP 301 Moved Permanently).
410
## To redirect HTTP traffic to HTTPS, you need to have a Gateway with both HTTP and HTTPS listeners.
411
## Matches and filters do not take effect if enabled.
412
## Ref. https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/
413
httpsRedirect: false
414
## Server Deployment Strategy type
415
strategy:
416
type: Recreate
417
## hostAliases allows adding entries to /etc/hosts inside the containers
418
hostAliases: []
419
# - ip: "127.0.0.1"
420
# hostnames:
421
# - "example.com"
422
423
## Node tolerations for server scheduling to nodes with taints
424
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
425
##
426
tolerations: []
427
# - key: "key"
428
# operator: "Equal|Exists"
429
# value: "value"
430
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
431
432
## Node labels for Prometheus server pod assignment
433
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
434
##
435
nodeSelector: {}
436
## Pod affinity
437
##
438
affinity: {}
439
## Pod anti-affinity can prevent the scheduler from placing Prometheus server replicas on the same node.
440
## The value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
441
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
442
## The default value "" will disable pod anti-affinity so that no anti-affinity rules will be configured (unless set in `server.affinity`).
443
##
444
podAntiAffinity: ""
445
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
446
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
447
##
448
podAntiAffinityTopologyKey: kubernetes.io/hostname
449
## Pod topology spread constraints
450
## ref. https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
451
topologySpreadConstraints: []
452
## PodDisruptionBudget settings
453
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
454
##
455
podDisruptionBudget:
456
enabled: false
457
# maxUnavailable: 1
458
# minAvailable: 1
459
## unhealthyPodEvictionPolicy is available since 1.27.0 (beta)
460
## https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy
461
# unhealthyPodEvictionPolicy: IfHealthyBudget
462
## Use an alternate scheduler, e.g. "stork".
463
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
464
##
465
# schedulerName:
466
persistentVolume:
467
## If true, Prometheus server will create/use a Persistent Volume Claim
468
## If false, use emptyDir
469
##
470
enabled: true
471
## If set it will override the name of the created persistent volume claim
472
## generated by the stateful set.
473
##
474
statefulSetNameOverride: ""
475
## Prometheus server data Persistent Volume access modes
476
## Must match those of existing PV or dynamic provisioner
477
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
478
##
479
accessModes:
480
- ReadWriteOnce
481
## Prometheus server data Persistent Volume labels
482
##
483
labels: {}
484
## Prometheus server data Persistent Volume annotations
485
##
486
annotations: {}
487
## Prometheus server data Persistent Volume existing claim name
488
## Requires server.persistentVolume.enabled: true
489
## If defined, PVC must be created manually before volume will be bound
490
existingClaim: ""
491
## Prometheus server data Persistent Volume mount root path
492
##
493
mountPath: /data
494
## Prometheus server data Persistent Volume size
495
##
496
size: 8Gi
497
## Prometheus server data Persistent Volume Storage Class
498
## If defined, storageClassName: <storageClass>
499
## If set to "-", storageClassName: "", which disables dynamic provisioning
500
## If undefined (the default) or set to null, no storageClassName spec is
501
## set, choosing the default provisioner. (gp2 on AWS, standard on
502
## GKE, AWS & OpenStack)
503
##
504
# storageClass: "-"
505
506
## Subdirectory of Prometheus server data Persistent Volume to mount
507
## Useful if the volume's root directory is not empty
508
##
509
subPath: ""
510
## Persistent Volume Claim Selector
511
## Useful if Persistent Volumes have been provisioned in advance
512
## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
513
##
514
# selector:
515
# matchLabels:
516
# release: "stable"
517
# matchExpressions:
518
# - { key: environment, operator: In, values: [ dev ] }
519
520
## Persistent Volume Name
521
## Useful if Persistent Volumes have been provisioned in advance and you want to use a specific one
522
##
523
# volumeName: ""
524
emptyDir:
525
## Prometheus server emptyDir volume
526
## Configure size limit and medium
527
##
528
medium: ""
529
sizeLimit: ""
530
## Annotations to be added to Prometheus server pods
531
##
532
podAnnotations: {}
533
# iam.amazonaws.com/role: prometheus
534
535
## Labels to be added to Prometheus server pods
536
##
537
podLabels: {}
538
## Prometheus AlertManager configuration
539
##
540
alertmanagers: []
541
## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
542
##
543
replicaCount: 1
544
## Number of old history to retain to allow rollback
545
## Default Kubernetes value is set to 10
546
##
547
revisionHistoryLimit: 10
548
## Annotations to be added to ConfigMap
549
##
550
configMapAnnotations: {}
551
## Annotations to be added to deployment
552
##
553
deploymentAnnotations: {}
554
statefulSet:
555
## If true, use a statefulset instead of a deployment for pod management.
556
## This allows to scale replicas to more than 1 pod
557
##
558
enabled: false
559
annotations: {}
560
labels: {}
561
podManagementPolicy: OrderedReady
562
## Alertmanager headless service to use for the statefulset
563
##
564
headless:
565
annotations: {}
566
labels: {}
567
servicePort: 80
568
## Enable gRPC port on service to allow auto discovery with thanos-querier
569
gRPC:
570
enabled: false
571
servicePort: 10901
572
# nodePort: 10901
573
## Statefulset's persistent volume claim retention policy
574
## pvcDeleteOnStsDelete and pvcDeleteOnStsScale determine whether
575
## statefulset's PVCs are deleted (true) or retained (false) on scaling down
576
## and deleting statefulset, respectively. Requires 1.27.0+.
577
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
578
##
579
pvcDeleteOnStsDelete: false
580
pvcDeleteOnStsScale: false
581
daemonSet:
582
## If true, use a daemonset instead of a deployment for pod management.
583
## This allows to run prometheus agent on every node in the cluster.
584
##
585
enabled: false
586
annotations: {}
587
labels: {}
588
## Prometheus server readiness and liveness probe initial delay and timeout
589
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
590
##
591
tcpSocketProbeEnabled: false
592
probeScheme: HTTP
593
readinessProbeInitialDelay: 30
594
readinessProbePeriodSeconds: 5
595
readinessProbeTimeout: 4
596
readinessProbeFailureThreshold: 3
597
readinessProbeSuccessThreshold: 1
598
livenessProbeInitialDelay: 30
599
livenessProbePeriodSeconds: 15
600
livenessProbeTimeout: 10
601
livenessProbeFailureThreshold: 3
602
livenessProbeSuccessThreshold: 1
603
startupProbe:
604
enabled: false
605
periodSeconds: 5
606
failureThreshold: 30
607
timeoutSeconds: 10
608
## Prometheus server resource requests and limits
609
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
610
##
611
resources: {}
612
# limits:
613
# cpu: 500m
614
# memory: 512Mi
615
# requests:
616
# cpu: 500m
617
# memory: 512Mi
618
619
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
620
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
621
##
622
hostNetwork: false
623
# When hostNetwork is enabled, this will set to ClusterFirstWithHostNet automatically
624
dnsPolicy: ClusterFirst
625
# Use hostPort
626
# hostPort: 9090
627
628
# Use portName
629
portName: ""
630
## Vertical Pod Autoscaler config
631
## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
632
verticalAutoscaler:
633
## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs)
634
enabled: false
635
# updateMode: "Auto"
636
# containerPolicies:
637
# - containerName: 'prometheus-server'
638
# Custom DNS configuration to be added to prometheus server pods
639
dnsConfig: {}
640
# nameservers:
641
# - 1.2.3.4
642
# searches:
643
# - ns1.svc.cluster-domain.example
644
# - my.dns.search.suffix
645
# options:
646
# - name: ndots
647
# value: "2"
648
# - name: edns0
649
650
## Security context to be added to server pods
651
##
652
securityContext:
653
runAsUser: 65534
654
runAsNonRoot: true
655
runAsGroup: 65534
656
fsGroup: 65534
657
## Security context to be added to server container
658
##
659
containerSecurityContext: {}
660
service:
661
## If false, no Service will be created for the Prometheus server
662
##
663
enabled: true
664
annotations: {}
665
labels: {}
666
clusterIP: ""
667
## List of IP addresses at which the Prometheus server service is available
668
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
669
##
670
externalIPs: []
671
loadBalancerIP: ""
672
loadBalancerSourceRanges: []
673
loadBalancerClass: ""
674
servicePort: 80
675
sessionAffinity: None
676
type: ClusterIP
677
## externalTrafficPolicy is applicable to service with externally-facing addresses (NodePorts, ExternalIPs, and LoadBalancer IPs)
678
externalTrafficPolicy: ""
679
## Enable gRPC port on service to allow auto discovery with thanos-querier
680
gRPC:
681
enabled: false
682
servicePort: 10901
683
# nodePort: 10901
684
## If using a statefulSet (statefulSet.enabled=true), configure the
685
## service to connect to a specific replica to have a consistent view
686
## of the data.
687
statefulsetReplica:
688
enabled: false
689
replica: 0
690
## Additional port to define in the Service
691
additionalPorts: []
692
# additionalPorts:
693
# - name: authenticated
694
# port: 8081
695
# targetPort: 8081
696
## Prometheus server pod termination grace period
697
##
698
terminationGracePeriodSeconds: 300
699
## Prometheus data retention period (default if not specified is 15 days)
700
##
701
retention: "15d"
702
## Prometheus' data retention size. Supported units: B, KB, MB, GB, TB, PB, EB.
703
##
704
retentionSize: ""
705
## scrapeConfigs (map) defines Prometheus' default scrape_configs.
706
## Each can be disabled by setting "enabled" to "false" or leaving it empty. The key sets the default "job_name".
707
## Further scrapeConfigs can be added as new keys, these are then enabled by default.
708
## ref. https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
709
scrapeConfigs:
710
prometheus:
711
enabled: true
712
job_name: ""
713
static_configs:
714
- targets:
715
- localhost:9090
716
kubernetes-api-servers:
717
enabled: true
718
job_name: ""
719
kubernetes_sd_configs:
720
- role: endpoints
721
scheme: https
722
tls_config:
723
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
724
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
725
relabel_configs:
726
- source_labels:
727
- __meta_kubernetes_namespace
728
- __meta_kubernetes_service_name
729
- __meta_kubernetes_endpoint_port_name
730
action: keep
731
regex: default;kubernetes;https
732
kubernetes-nodes:
733
enabled: true
734
job_name: ""
735
scheme: https
736
tls_config:
737
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
738
insecure_skip_verify: true
739
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
740
kubernetes_sd_configs:
741
- role: node
742
relabel_configs:
743
- action: labelmap
744
regex: __meta_kubernetes_node_label_(.+)
745
kubernetes-nodes-cadvisor:
746
enabled: true
747
job_name: ""
748
scheme: https
749
tls_config:
750
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
751
insecure_skip_verify: true
752
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
753
metrics_path: /metrics/cadvisor
754
kubernetes_sd_configs:
755
- role: node
756
relabel_configs:
757
- action: labelmap
758
regex: __meta_kubernetes_node_label_(.+)
759
- source_labels: [__metrics_path__]
760
target_label: metrics_path
761
kubernetes-service-endpoints:
762
enabled: true
763
job_name: ""
764
honor_labels: true
765
kubernetes_sd_configs:
766
- role: endpoints
767
relabel_configs:
768
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
769
action: keep
770
regex: true
771
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
772
action: drop
773
regex: true
774
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
775
action: replace
776
target_label: __scheme__
777
regex: (https?)
778
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
779
action: replace
780
target_label: __metrics_path__
781
regex: (.+)
782
- source_labels:
783
- __address__
784
- __meta_kubernetes_service_annotation_prometheus_io_port
785
action: replace
786
target_label: __address__
787
regex: (.+?)(?::\d+)?;(\d+)
788
replacement: $1:$2
789
- action: labelmap
790
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
791
replacement: __param_$1
792
- action: labelmap
793
regex: __meta_kubernetes_service_label_(.+)
794
- source_labels: [__meta_kubernetes_namespace]
795
action: replace
796
target_label: namespace
797
- source_labels: [__meta_kubernetes_service_name]
798
action: replace
799
target_label: service
800
- source_labels: [__meta_kubernetes_pod_node_name]
801
action: replace
802
target_label: node
803
kubernetes-service-endpoints-slow:
804
enabled: true
805
job_name: ""
806
honor_labels: true
807
scrape_interval: 5m
808
scrape_timeout: 30s
809
kubernetes_sd_configs:
810
- role: endpoints
811
relabel_configs:
812
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
813
action: keep
814
regex: true
815
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
816
action: replace
817
target_label: __scheme__
818
regex: (https?)
819
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
820
action: replace
821
target_label: __metrics_path__
822
regex: (.+)
823
- source_labels:
824
- __address__
825
- __meta_kubernetes_service_annotation_prometheus_io_port
826
action: replace
827
target_label: __address__
828
regex: (.+?)(?::\d+)?;(\d+)
829
replacement: $1:$2
830
- action: labelmap
831
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
832
replacement: __param_$1
833
- action: labelmap
834
regex: __meta_kubernetes_service_label_(.+)
835
- source_labels: [__meta_kubernetes_namespace]
836
action: replace
837
target_label: namespace
838
- source_labels: [__meta_kubernetes_service_name]
839
action: replace
840
target_label: service
841
- source_labels: [__meta_kubernetes_pod_node_name]
842
action: replace
843
target_label: node
844
prometheus-pushgateway:
845
enabled: true
846
job_name: ""
847
honor_labels: true
848
kubernetes_sd_configs:
849
- role: service
850
relabel_configs:
851
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
852
action: keep
853
regex: pushgateway
854
kubernetes-services:
855
enabled: true
856
job_name: ""
857
honor_labels: true
858
metrics_path: /probe
859
params:
860
module: [http_2xx]
861
kubernetes_sd_configs:
862
- role: service
863
relabel_configs:
864
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
865
action: keep
866
regex: true
867
- source_labels: [__address__]
868
target_label: __param_target
869
- target_label: __address__
870
replacement: blackbox
871
- source_labels: [__param_target]
872
target_label: instance
873
- action: labelmap
874
regex: __meta_kubernetes_service_label_(.+)
875
- source_labels: [__meta_kubernetes_namespace]
876
target_label: namespace
877
- source_labels: [__meta_kubernetes_service_name]
878
target_label: service
879
kubernetes-pods:
880
enabled: true
881
job_name: ""
882
honor_labels: true
883
kubernetes_sd_configs:
884
- role: pod
885
relabel_configs:
886
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
887
action: keep
888
regex: true
889
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
890
action: drop
891
regex: true
892
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
893
action: replace
894
regex: (https?)
895
target_label: __scheme__
896
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
897
action: replace
898
target_label: __metrics_path__
899
regex: (.+)
900
- source_labels:
901
- __meta_kubernetes_pod_annotation_prometheus_io_port
902
- __meta_kubernetes_pod_ip
903
action: replace
904
regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
905
replacement: '[$2]:$1'
906
target_label: __address__
907
- source_labels:
908
- __meta_kubernetes_pod_annotation_prometheus_io_port
909
- __meta_kubernetes_pod_ip
910
action: replace
911
regex: (\d+);((([0-9]+?)(\.|$)){4})
912
replacement: $2:$1
913
target_label: __address__
914
- action: labelmap
915
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
916
replacement: __param_$1
917
- action: labelmap
918
regex: __meta_kubernetes_pod_label_(.+)
919
- source_labels: [__meta_kubernetes_namespace]
920
action: replace
921
target_label: namespace
922
- source_labels: [__meta_kubernetes_pod_name]
923
action: replace
924
target_label: pod
925
- source_labels: [__meta_kubernetes_pod_phase]
926
regex: Pending|Succeeded|Failed|Completed
927
action: drop
928
- source_labels: [__meta_kubernetes_pod_node_name]
929
action: replace
930
target_label: node
931
kubernetes-pods-slow:
932
enabled: true
933
job_name: ""
934
honor_labels: true
935
scrape_interval: 5m
936
scrape_timeout: 30s
937
kubernetes_sd_configs:
938
- role: pod
939
relabel_configs:
940
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
941
action: keep
942
regex: true
943
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
944
action: replace
945
regex: (https?)
946
target_label: __scheme__
947
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
948
action: replace
949
target_label: __metrics_path__
950
regex: (.+)
951
- source_labels:
952
- __meta_kubernetes_pod_annotation_prometheus_io_port
953
- __meta_kubernetes_pod_ip
954
action: replace
955
regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
956
replacement: '[$2]:$1'
957
target_label: __address__
958
- source_labels:
959
- __meta_kubernetes_pod_annotation_prometheus_io_port
960
- __meta_kubernetes_pod_ip
961
action: replace
962
regex: (\d+);((([0-9]+?)(\.|$)){4})
963
replacement: $2:$1
964
target_label: __address__
965
- action: labelmap
966
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
967
replacement: __param_$1
968
- action: labelmap
969
regex: __meta_kubernetes_pod_label_(.+)
970
- source_labels: [__meta_kubernetes_namespace]
971
action: replace
972
target_label: namespace
973
- source_labels: [__meta_kubernetes_pod_name]
974
action: replace
975
target_label: pod
976
- source_labels: [__meta_kubernetes_pod_phase]
977
regex: Pending|Succeeded|Failed|Completed
978
action: drop
979
- source_labels: [__meta_kubernetes_pod_node_name]
980
action: replace
981
target_label: node
982
# extraScrapeConfigs adds additional scrape configs to prometheus.yml
983
# must be a string so you have to add a | after extraScrapeConfigs:
984
# example adds prometheus-blackbox-exporter scrape config
985
extraScrapeConfigs: ""
986
# - job_name: 'prometheus-blackbox-exporter'
987
# metrics_path: /probe
988
# params:
989
# module: [http_2xx]
990
# static_configs:
991
# - targets:
992
# - https://example.com
993
# relabel_configs:
994
# - source_labels: [__address__]
995
# target_label: __param_target
996
# - source_labels: [__param_target]
997
# target_label: instance
998
# - target_label: __address__
999
# replacement: prometheus-blackbox-exporter:9115
1000
1001
## Prometheus server ConfigMap entries for rule files (allow prometheus labels interpolation)
1002
ruleFiles: {}
1003
## Prometheus server ConfigMap entries for scrape_config_files
1004
## (allows scrape configs defined in additional files)
1005
##
1006
scrapeConfigFiles: []
1007
## Prometheus server ConfigMap entries
1008
##
1009
serverFiles:
1010
## Alerts configuration
1011
## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
1012
alerting_rules.yml: {}
1013
# groups:
1014
# - name: Instances
1015
# rules:
1016
# - alert: InstanceDown
1017
# expr: up == 0
1018
# for: 5m
1019
# labels:
1020
# severity: page
1021
# annotations:
1022
# description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.'
1023
# summary: 'Instance {{ $labels.instance }} down'
1024
## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml
1025
alerts: {}
1026
## Records configuration
1027
## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
1028
recording_rules.yml: {}
1029
## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml
1030
rules: {}
1031
prometheus.yml:
1032
rule_files:
1033
- /etc/config/recording_rules.yml
1034
- /etc/config/alerting_rules.yml
1035
## Below two files are DEPRECATED will be removed from this default values file
1036
- /etc/config/rules
1037
- /etc/config/alerts
1038
# Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager
1039
# useful in H/A prometheus with different external labels but the same alerts
1040
alertRelabelConfigs: {}
1041
# alert_relabel_configs:
1042
# - source_labels: [dc]
1043
# regex: (.+)\d+
1044
# target_label: dc
1045
1046
networkPolicy:
1047
## Enable creation of NetworkPolicy resources.
1048
##
1049
enabled: false
1050
# Force namespace of namespaced resources
1051
forceNamespace: ""
1052
# Extra manifests to deploy as an array
1053
extraManifests: []
1054
# - |
1055
# apiVersion: v1
1056
# kind: ConfigMap
1057
# metadata:
1058
# labels:
1059
# name: prometheus-extra
1060
# data:
1061
# extra-data: "value"
1062
1063
# Configuration of subcharts defined in Chart.yaml
1064
1065
## alertmanager sub-chart configurable values
1066
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager
1067
##
1068
alertmanager:
1069
## If false, alertmanager will not be installed
1070
##
1071
enabled: true
1072
persistence:
1073
## If true, storage will create or use Persistence Volume
1074
## If false, storage will use emptyDir
1075
##
1076
enabled: true
1077
## Custom annotations for the PVC created by the alertmanager StatefulSet.
1078
## Useful for configuring storage provider options such as disk type, KMS encryption keys, or custom volume name prefixes.
1079
annotations: {}
1080
## Custom labels for the PVC created by the alertmanager StatefulSet.
1081
## Useful for selecting, grouping, and organizing so that they can be queried or targeted in deployments, policies, etc.
1082
labels: {}
1083
## Persistent Volume Storage Class
1084
## If defined, storageClassName: <storageClass>
1085
## If set to "-", storageClassName: "", which disables dynamic provisioning
1086
## If undefined (the default) or set to null, no storageClassName spec is
1087
## set, choosing the default provisioner.
1088
##
1089
# storageClass: "-"
1090
accessModes:
1091
- ReadWriteOnce
1092
size: 2Gi
1093
## Configure emptyDir volume
1094
##
1095
emptyDir: {}
1096
podSecurityContext:
1097
runAsUser: 65534
1098
runAsNonRoot: true
1099
runAsGroup: 65534
1100
fsGroup: 65534
1101
## kube-state-metrics sub-chart configurable values
1102
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics
1103
##
1104
kube-state-metrics:
1105
## If false, kube-state-metrics sub-chart will not be installed
1106
##
1107
enabled: true
1108
## prometheus-node-exporter sub-chart configurable values
1109
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter
1110
##
1111
prometheus-node-exporter:
1112
## If false, node-exporter will not be installed
1113
##
1114
enabled: true
1115
rbac:
1116
pspEnabled: false
1117
containerSecurityContext:
1118
allowPrivilegeEscalation: false
1119
## prometheus-pushgateway sub-chart configurable values
1120
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pushgateway
1121
##
1122
prometheus-pushgateway:
1123
## If false, pushgateway will not be installed
1124
##
1125
enabled: true
1126
# Optional service annotations
1127
serviceAnnotations:
1128
prometheus.io/probe: pushgateway
1129
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.