mirror of https://git.rancher.io/charts
167 lines
6.3 KiB
YAML
167 lines
6.3 KiB
YAML
|
{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
|
||
|
{{- if .Release.IsInstall }}
|
||
|
{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }}
|
||
|
{{- if (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName) }}
|
||
|
{{- required (printf "Cannot overwrite existing secret %s in namespace %s." $secretName (include "kube-prometheus-stack.namespace" .)) "" }}
|
||
|
{{- end }}{{- end }}
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||
|
annotations:
|
||
|
"helm.sh/hook": pre-install
|
||
|
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
|
||
|
"helm.sh/hook-weight": "3"
|
||
|
{{- if .Values.alertmanager.secret.annotations }}
|
||
|
{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
|
||
|
{{- end }}
|
||
|
labels:
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||
|
data:
|
||
|
{{- if .Values.alertmanager.tplConfig }}
|
||
|
alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
|
||
|
{{- else }}
|
||
|
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
|
||
|
{{- end}}
|
||
|
{{- range $key, $val := .Values.alertmanager.templateFiles }}
|
||
|
{{ $key }}: {{ $val | b64enc | quote }}
|
||
|
{{- end }}
|
||
|
---
|
||
|
apiVersion: batch/v1
|
||
|
kind: Job
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||
|
labels:
|
||
|
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
annotations:
|
||
|
"helm.sh/hook": pre-install
|
||
|
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
|
||
|
"helm.sh/hook-weight": "5"
|
||
|
spec:
|
||
|
template:
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }}
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
spec:
|
||
|
serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
{{- if .Values.alertmanager.secret.securityContext }}
|
||
|
securityContext:
|
||
|
{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }}
|
||
|
{{- end }}
|
||
|
containers:
|
||
|
- name: copy-pre-install-secret
|
||
|
image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }}
|
||
|
imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }}
|
||
|
command:
|
||
|
- /bin/sh
|
||
|
- -c
|
||
|
- >
|
||
|
if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then
|
||
|
echo "Secret already exists"
|
||
|
exit 1
|
||
|
fi;
|
||
|
kubectl patch secret -n {{ template "kube-prometheus-stack.namespace" . }} --dry-run -o yaml
|
||
|
alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
-p '{{ printf "{\"metadata\":{\"name\": \"alertmanager-%s-alertmanager\"}}" (include "kube-prometheus-stack.fullname" .) }}'
|
||
|
| kubectl apply -f -;
|
||
|
kubectl annotate secret -n {{ template "kube-prometheus-stack.namespace" . }}
|
||
|
alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||
|
helm.sh/hook- helm.sh/hook-delete-policy- helm.sh/hook-weight-;
|
||
|
restartPolicy: OnFailure
|
||
|
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||
|
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: ClusterRole
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
labels:
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
annotations:
|
||
|
"helm.sh/hook": pre-install
|
||
|
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
|
||
|
"helm.sh/hook-weight": "3"
|
||
|
rules:
|
||
|
- apiGroups:
|
||
|
- ""
|
||
|
resources:
|
||
|
- secrets
|
||
|
verbs: ['create', 'get', 'patch']
|
||
|
- apiGroups: ['policy']
|
||
|
resources: ['podsecuritypolicies']
|
||
|
verbs: ['use']
|
||
|
resourceNames:
|
||
|
- alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: ClusterRoleBinding
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
labels:
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
annotations:
|
||
|
"helm.sh/hook": pre-install
|
||
|
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
|
||
|
"helm.sh/hook-weight": "3"
|
||
|
roleRef:
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
kind: ClusterRole
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||
|
labels:
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
annotations:
|
||
|
"helm.sh/hook": pre-install
|
||
|
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
|
||
|
"helm.sh/hook-weight": "3"
|
||
|
---
|
||
|
apiVersion: policy/v1beta1
|
||
|
kind: PodSecurityPolicy
|
||
|
metadata:
|
||
|
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
|
||
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||
|
labels:
|
||
|
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||
|
annotations:
|
||
|
"helm.sh/hook": pre-install
|
||
|
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
|
||
|
"helm.sh/hook-weight": "3"
|
||
|
spec:
|
||
|
privileged: false
|
||
|
allowPrivilegeEscalation: false
|
||
|
hostNetwork: false
|
||
|
hostIPC: false
|
||
|
hostPID: false
|
||
|
runAsUser:
|
||
|
rule: 'MustRunAsNonRoot'
|
||
|
seLinux:
|
||
|
rule: 'RunAsAny'
|
||
|
supplementalGroups:
|
||
|
rule: 'MustRunAs'
|
||
|
ranges:
|
||
|
- min: 1
|
||
|
max: 65535
|
||
|
fsGroup:
|
||
|
rule: 'MustRunAs'
|
||
|
ranges:
|
||
|
- min: 1
|
||
|
max: 65535
|
||
|
readOnlyRootFilesystem: false
|
||
|
volumes:
|
||
|
- 'secret'
|
||
|
{{- end }}
|