mirror of https://git.rancher.io/charts
Merge pull request #1307 from aiyengar2/update_grafana
Update Grafana to latest that uses Apache licensepull/1313/head
Arvind Iyengar
GitHub
commit
47aa362f87
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -5,7 +5,7 @@ annotations:
|
|||
catalog.rancher.io/namespace: cattle-monitoring-system
|
||||
catalog.rancher.io/release-name: rancher-grafana
|
||||
apiVersion: v2
|
||||
appVersion: 7.4.5
|
||||
appVersion: 7.5.8
|
||||
description: The leading tool for querying and visualizing time series and metrics.
|
||||
home: https://grafana.net
|
||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||
|
|
@ -25,4 +25,4 @@ name: rancher-grafana
|
|||
sources:
|
||||
- https://github.com/grafana/grafana
|
||||
type: application
|
||||
version: 100.0.0+up6.6.4
|
||||
version: 100.0.0+up6.11.0
|
||||
|
|
@ -63,6 +63,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Image pull secrets | `{}` |
|
||||
| `service.enabled` | Enable grafana service | `true` |
|
||||
| `service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `service.port` | Kubernetes port where service is exposed | `80` |
|
||||
| `service.portName` | Name of the port on the service | `service` |
|
||||
|
|
@ -82,7 +83,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `ingress.path` | Ingress accepted path | `/` |
|
||||
| `ingress.pathType` | Ingress type of path | `Prefix` |
|
||||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
|
|
@ -157,13 +158,16 @@ This version requires Helm >= 3.1.0.
|
|||
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
|
||||
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
||||
| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
||||
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
|
||||
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
|
||||
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
|
||||
| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
|
||||
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
|
||||
| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
|
||||
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
|
||||
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
|
||||
|
|
@ -215,6 +219,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
||||
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
|
||||
| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
|
||||
| `imageRenderer.service.portName` | image-renderer service port name | `'http'` |
|
||||
| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` |
|
||||
| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
|
||||
|
|
@ -242,6 +247,9 @@ ingress:
|
|||
|
||||
### Example of extraVolumeMounts
|
||||
|
||||
Volume can be type persistentVolumeClaim or hostPath but not both at same time.
|
||||
If none existingClaim or hostPath argument is givent then type is emptyDir.
|
||||
|
||||
```yaml
|
||||
- extraVolumeMounts:
|
||||
- name: plugins
|
||||
|
|
@ -249,6 +257,10 @@ ingress:
|
|||
subPath: configs/grafana/plugins
|
||||
existingClaim: existing-grafana-claim
|
||||
readOnly: false
|
||||
- name: dashboards
|
||||
mountPath: /var/lib/grafana/dashboards
|
||||
hostPath: /usr/shared/grafana/dashboards
|
||||
readOnly: false
|
||||
```
|
||||
|
||||
## Import dashboards
|
||||
|
|
@ -143,3 +143,16 @@ Return the appropriate apiVersion for rbac.
|
|||
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Looks if there's an existing secret and reuse its password. If not it generates
|
||||
new password and use it.
|
||||
*/}}
|
||||
{{- define "grafana.password" -}}
|
||||
{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
|
||||
{{- if $secret -}}
|
||||
{{- index $secret "data" "admin-password" -}}
|
||||
{{- else -}}
|
||||
{{- (randAlphaNum 40) | b64enc | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -100,7 +100,7 @@ initContainers:
|
|||
- name: FOLDER
|
||||
value: "/etc/grafana/provisioning/datasources"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
value: {{ quote .Values.sidecar.datasources.resource }}
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
|
|
@ -135,7 +135,7 @@ initContainers:
|
|||
- name: FOLDER
|
||||
value: "/etc/grafana/provisioning/notifiers"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
value: {{ quote .Values.sidecar.notifiers.resource }}
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
|
|
@ -184,7 +184,7 @@ containers:
|
|||
- name: FOLDER
|
||||
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
value: {{ quote .Values.sidecar.dashboards.resource }}
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
|
|
@ -317,14 +317,14 @@ containers:
|
|||
containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
{{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
- name: GF_SECURITY_ADMIN_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
|
||||
key: {{ .Values.admin.userKey | default "admin-user" }}
|
||||
{{- end }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
- name: GF_SECURITY_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
@ -356,6 +356,14 @@ containers:
|
|||
- name: GF_RENDERING_CALLBACK_URL
|
||||
value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
|
||||
{{ end }}
|
||||
- name: GF_PATHS_DATA
|
||||
value: {{ (get .Values "grafana.ini").paths.data }}
|
||||
- name: GF_PATHS_LOGS
|
||||
value: {{ (get .Values "grafana.ini").paths.logs }}
|
||||
- name: GF_PATHS_PLUGINS
|
||||
value: {{ (get .Values "grafana.ini").paths.plugins }}
|
||||
- name: GF_PATHS_PROVISIONING
|
||||
value: {{ (get .Values "grafana.ini").paths.provisioning }}
|
||||
{{- range $key, $value := .Values.envValueFrom }}
|
||||
- name: {{ $key | quote }}
|
||||
valueFrom:
|
||||
|
|
@ -483,8 +491,15 @@ volumes:
|
|||
{{- end }}
|
||||
{{- range .Values.extraVolumeMounts }}
|
||||
- name: {{ .name }}
|
||||
{{- if .existingClaim }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .existingClaim }}
|
||||
{{- else if .hostPath }}
|
||||
hostPath:
|
||||
path: {{ .hostPath }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraEmptyDirMounts }}
|
||||
- name: {{ .name }}
|
||||
|
|
@ -19,8 +19,10 @@ data:
|
|||
{{- range $elem, $elemVal := $value }}
|
||||
{{- if kindIs "invalid" $elemVal }}
|
||||
{{ $elem }} =
|
||||
{{- else if kindIs "string" $elemVal }}
|
||||
{{ $elem }} = {{ tpl $elemVal $ }}
|
||||
{{- else }}
|
||||
{{ $elem }} = {{ tpl (toYaml $elemVal) $ }}
|
||||
{{ $elem }} = {{ $elemVal }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -14,7 +14,9 @@ metadata:
|
|||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
|
|
@ -34,7 +36,7 @@ spec:
|
|||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.envRenderSecret }}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
{{- if .Values.autoscaling.enabled }}
|
||||
apiVersion: autoscaling/v2beta1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "grafana.name" . }}
|
||||
helm.sh/chart: {{ template "grafana.chart" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
|
||||
{{- end }}
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
{{ if .Values.imageRenderer.enabled }}
|
||||
{{ if .Values.imageRenderer.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
@ -26,3 +27,4 @@ spec:
|
|||
selector:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
@ -13,19 +13,8 @@ spec:
|
|||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
# Default set from Docker, without DAC_OVERRIDE or CHOWN
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SETPCAP
|
||||
- NET_BIND_SERVICE
|
||||
- NET_RAW
|
||||
- SYS_CHROOT
|
||||
- MKNOD
|
||||
- AUDIT_WRITE
|
||||
- SETFCAP
|
||||
# Default set from Docker, with DAC_OVERRIDE and CHOWN
|
||||
- ALL
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
|
|
@ -38,12 +27,20 @@ spec:
|
|||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAsNonRoot'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
@ -6,6 +6,10 @@ metadata:
|
|||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
|
||||
|
|
@ -13,7 +17,7 @@ data:
|
|||
{{- if .Values.adminPassword }}
|
||||
admin-password: {{ .Values.adminPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
admin-password: {{ randAlphaNum 40 | b64enc | quote }}
|
||||
admin-password: {{ template "grafana.password" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not .Values.ldap.existingSecret }}
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
{{ if .Values.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
@ -47,4 +48,4 @@ spec:
|
|||
{{- end }}
|
||||
selector:
|
||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
||||
|
||||
{{ end }}
|
||||
|
|
@ -27,7 +27,7 @@ spec:
|
|||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
|
|
@ -38,6 +38,22 @@ serviceAccount:
|
|||
|
||||
replicas: 1
|
||||
|
||||
## Create HorizontalPodAutoscaler object for deployment type
|
||||
#
|
||||
autoscaling:
|
||||
enabled: false
|
||||
# minReplicas: 1
|
||||
# maxReplicas: 10
|
||||
# metrics:
|
||||
# - type: Resource
|
||||
# resource:
|
||||
# name: cpu
|
||||
# targetAverageUtilization: 60
|
||||
# - type: Resource
|
||||
# resource:
|
||||
# name: memory
|
||||
# targetAverageUtilization: 60
|
||||
|
||||
## See `kubectl explain poddisruptionbudget.spec` for more
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget: {}
|
||||
|
|
@ -69,7 +85,7 @@ livenessProbe:
|
|||
|
||||
image:
|
||||
repository: rancher/mirrored-grafana-grafana
|
||||
tag: 7.4.5
|
||||
tag: 7.5.8
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
|
|
@ -119,7 +135,7 @@ extraLabels: {}
|
|||
|
||||
downloadDashboardsImage:
|
||||
repository: rancher/mirrored-curlimages-curl
|
||||
tag: 7.73.0
|
||||
tag: 7.77.0
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
|
|
@ -144,6 +160,7 @@ podPortName: grafana
|
|||
## ref: http://kubernetes.io/docs/user-guide/services/
|
||||
##
|
||||
service:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
targetPort: 3000
|
||||
|
|
@ -420,10 +437,14 @@ extraSecretMounts: []
|
|||
## Additional grafana server volume mounts
|
||||
# Defines additional volume mounts.
|
||||
extraVolumeMounts: []
|
||||
# - name: extra-volume
|
||||
# mountPath: /mnt/volume
|
||||
# - name: extra-volume-0
|
||||
# mountPath: /mnt/volume0
|
||||
# readOnly: true
|
||||
# existingClaim: volume-claim
|
||||
# - name: extra-volume-1
|
||||
# mountPath: /mnt/volume1
|
||||
# readOnly: true
|
||||
# hostPath: /usr/shared/
|
||||
|
||||
## Pass the plugins you want installed as a list.
|
||||
##
|
||||
|
|
@ -530,7 +551,7 @@ dashboardsConfigMaps: {}
|
|||
##
|
||||
grafana.ini:
|
||||
paths:
|
||||
data: /var/lib/grafana/data
|
||||
data: /var/lib/grafana/
|
||||
logs: /var/log/grafana
|
||||
plugins: /var/lib/grafana/plugins
|
||||
provisioning: /etc/grafana/provisioning
|
||||
|
|
@ -601,7 +622,7 @@ smtp:
|
|||
sidecar:
|
||||
image:
|
||||
repository: rancher/mirrored-kiwigrid-k8s-sidecar
|
||||
tag: 1.10.7
|
||||
tag: 1.12.2
|
||||
sha: ""
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
|
|
@ -629,6 +650,8 @@ sidecar:
|
|||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
# search in configmap, secret or both
|
||||
resource: both
|
||||
# If specified, the sidecar will look for annotation with this name to create folder and put graph here.
|
||||
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
|
||||
folderAnnotation: null
|
||||
|
|
@ -658,10 +681,8 @@ sidecar:
|
|||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
|
||||
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
|
||||
## This can be useful for database passwords, etc. Value is templated.
|
||||
envFromSecret: ""
|
||||
# search in configmap, secret or both
|
||||
resource: both
|
||||
notifiers:
|
||||
enabled: false
|
||||
# label that the configmaps with notifiers are marked with
|
||||
|
|
@ -670,6 +691,8 @@ sidecar:
|
|||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
# search in configmap, secret or both
|
||||
resource: both
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
|
|
@ -688,7 +711,7 @@ imageRenderer:
|
|||
# image-renderer Image repository
|
||||
repository: rancher/mirrored-grafana-grafana-image-renderer
|
||||
# image-renderer Image tag
|
||||
tag: 2.0.1
|
||||
tag: 3.0.1
|
||||
# image-renderer Image sha (optional)
|
||||
sha: ""
|
||||
# image-renderer ImagePullPolicy
|
||||
|
|
@ -707,6 +730,8 @@ imageRenderer:
|
|||
# image-renderer deployment priority class
|
||||
priorityClassName: ''
|
||||
service:
|
||||
# Enable the image-renderer service
|
||||
enabled: true
|
||||
# image-renderer service port name
|
||||
portName: 'http'
|
||||
# image-renderer service port used by both service and deployment
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
annotations:
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.rancher.io/certified: rancher
|
||||
catalog.rancher.io/namespace: cattle-monitoring-system
|
||||
catalog.rancher.io/release-name: rancher-kube-state-metrics
|
||||
apiVersion: v1
|
||||
appVersion: 1.9.8
|
||||
description: Install kube-state-metrics to generate and expose cluster-level metrics
|
||||
home: https://github.com/kubernetes/kube-state-metrics/
|
||||
keywords:
|
||||
- metric
|
||||
- monitoring
|
||||
- prometheus
|
||||
- kubernetes
|
||||
maintainers:
|
||||
- email: tariq.ibrahim@mulesoft.com
|
||||
name: tariq1890
|
||||
- email: manuel@rueg.eu
|
||||
name: mrueg
|
||||
name: rancher-kube-state-metrics
|
||||
sources:
|
||||
- https://github.com/kubernetes/kube-state-metrics/
|
||||
version: 100.0.0+up2.13.1
|
||||
|
|
@ -1,202 +0,0 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright The Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
approvers:
|
||||
- tariq1890
|
||||
- mrueg
|
||||
reviewers:
|
||||
- tariq1890
|
||||
- mrueg
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
# kube-state-metrics Helm Chart
|
||||
|
||||
Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
|
||||
|
||||
# Helm 2
|
||||
$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm uninstall [RELEASE_NAME]
|
||||
|
||||
# Helm 2
|
||||
# helm delete --purge [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
# Helm 3 or 2
|
||||
$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
### From stable/kube-state-metrics
|
||||
|
||||
You can upgrade in-place:
|
||||
|
||||
1. [get repo info](#get-repo-info)
|
||||
1. [upgrade](#upgrading-chart) your existing release name using the new chart repo
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
|
||||
|
||||
```console
|
||||
helm show values kube-state-metrics/kube-state-metrics
|
||||
```
|
||||
|
||||
You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
|
||||
The exposed metrics can be found here:
|
||||
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
|
||||
|
||||
The metrics are exported on the HTTP endpoint /metrics on the listening port.
|
||||
In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
|
||||
|
||||
They are served either as plaintext or protobuf depending on the Accept header.
|
||||
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
|
||||
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
# Rancher
|
||||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
# Windows Support
|
||||
|
||||
{{/*
|
||||
Windows cluster will add default taint for linux nodes,
|
||||
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||
*/}}
|
||||
|
||||
{{- define "linux-node-tolerations" -}}
|
||||
- key: "cattle.io/os"
|
||||
value: "linux"
|
||||
effect: "NoSchedule"
|
||||
operator: "Equal"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "linux-node-selector" -}}
|
||||
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
beta.kubernetes.io/os: linux
|
||||
{{- else -}}
|
||||
kubernetes.io/os: linux
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-state-metrics.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
{{- if .Values.rbac.useExistingRole }}
|
||||
name: {{ .Values.rbac.useExistingRole }}
|
||||
{{- else }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end -}}
|
||||
|
|
@ -1,217 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
kind: StatefulSet
|
||||
{{- else }}
|
||||
kind: Deployment
|
||||
{{- end }}
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
serviceName: {{ template "kube-state-metrics.fullname" . }}
|
||||
volumeClaimTemplates: []
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
hostNetwork: {{ .Values.hostNetwork }}
|
||||
serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||
{{- if .Values.securityContext.enabled }}
|
||||
securityContext:
|
||||
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||
runAsGroup: {{ .Values.securityContext.runAsGroup }}
|
||||
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- if .Values.autosharding.enabled }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- end }}
|
||||
args:
|
||||
{{ if .Values.extraArgs }}
|
||||
{{- range .Values.extraArgs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.certificatesigningrequests }}
|
||||
- --collectors=certificatesigningrequests
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.configmaps }}
|
||||
- --collectors=configmaps
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.cronjobs }}
|
||||
- --collectors=cronjobs
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.daemonsets }}
|
||||
- --collectors=daemonsets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.deployments }}
|
||||
- --collectors=deployments
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.endpoints }}
|
||||
- --collectors=endpoints
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.horizontalpodautoscalers }}
|
||||
- --collectors=horizontalpodautoscalers
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.ingresses }}
|
||||
- --collectors=ingresses
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.jobs }}
|
||||
- --collectors=jobs
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.limitranges }}
|
||||
- --collectors=limitranges
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.mutatingwebhookconfigurations }}
|
||||
- --collectors=mutatingwebhookconfigurations
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.namespaces }}
|
||||
- --collectors=namespaces
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.networkpolicies }}
|
||||
- --collectors=networkpolicies
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.nodes }}
|
||||
- --collectors=nodes
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.persistentvolumeclaims }}
|
||||
- --collectors=persistentvolumeclaims
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.persistentvolumes }}
|
||||
- --collectors=persistentvolumes
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.poddisruptionbudgets }}
|
||||
- --collectors=poddisruptionbudgets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.pods }}
|
||||
- --collectors=pods
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.replicasets }}
|
||||
- --collectors=replicasets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.replicationcontrollers }}
|
||||
- --collectors=replicationcontrollers
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.resourcequotas }}
|
||||
- --collectors=resourcequotas
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.secrets }}
|
||||
- --collectors=secrets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.services }}
|
||||
- --collectors=services
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.statefulsets }}
|
||||
- --collectors=statefulsets
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.storageclasses }}
|
||||
- --collectors=storageclasses
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.validatingwebhookconfigurations }}
|
||||
- --collectors=validatingwebhookconfigurations
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.verticalpodautoscalers }}
|
||||
- --collectors=verticalpodautoscalers
|
||||
{{ end }}
|
||||
{{ if .Values.collectors.volumeattachments }}
|
||||
- --collectors=volumeattachments
|
||||
{{ end }}
|
||||
{{ if .Values.namespace }}
|
||||
- --namespace={{ .Values.namespace | join "," }}
|
||||
{{ end }}
|
||||
{{ if .Values.autosharding.enabled }}
|
||||
- --pod=$(POD_NAME)
|
||||
- --pod-namespace=$(POD_NAMESPACE)
|
||||
{{ end }}
|
||||
{{ if .Values.kubeconfig.enabled }}
|
||||
- --kubeconfig=/opt/k8s/.kube/config
|
||||
{{ end }}
|
||||
{{ if .Values.selfMonitor.telemetryHost }}
|
||||
- --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
|
||||
{{ end }}
|
||||
- --telemetry-port=8081
|
||||
{{- if .Values.kubeconfig.enabled }}
|
||||
volumeMounts:
|
||||
- name: kubeconfig
|
||||
mountPath: /opt/k8s/.kube/
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
{{- if .Values.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.tolerations }}
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeconfig.enabled}}
|
||||
volumes:
|
||||
- name: kubeconfig
|
||||
secret:
|
||||
secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||
{{- end }}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
{{- if .Values.kubeconfig.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
type: Opaque
|
||||
data:
|
||||
config: '{{ .Values.kubeconfig.secret }}'
|
||||
{{- end -}}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
{{- if .Values.podDisruptionBudget -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
||||
{{- end -}}
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Values.podSecurityPolicy.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
volumes:
|
||||
- 'secret'
|
||||
{{- if .Values.podSecurityPolicy.additionalVolumes }}
|
||||
{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
|
||||
{{- end }}
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'MustRunAsNonRoot'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
rules:
|
||||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
|
||||
- apiGroups: ['policy']
|
||||
{{- else }}
|
||||
- apiGroups: ['extensions']
|
||||
{{- end }}
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "kube-state-metrics.fullname" . }}
|
||||
{{- end }}
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end }}
|
||||
|
|
@ -1,192 +0,0 @@
|
|||
{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
|
||||
{{- if eq .Values.rbac.useClusterRole false }}
|
||||
{{- range (split "," $.Values.namespace) }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
{{- if eq .Values.rbac.useClusterRole false }}
|
||||
kind: Role
|
||||
{{- else }}
|
||||
kind: ClusterRole
|
||||
{{- end }}
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }}
|
||||
helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ $.Release.Service }}
|
||||
app.kubernetes.io/instance: {{ $.Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
{{- if eq .Values.rbac.useClusterRole false }}
|
||||
namespace: {{ . }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{ if $.Values.collectors.certificatesigningrequests }}
|
||||
- apiGroups: ["certificates.k8s.io"]
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.configmaps }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- configmaps
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.cronjobs }}
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- cronjobs
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.daemonsets }}
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- daemonsets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.deployments }}
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- deployments
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.endpoints }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- endpoints
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.horizontalpodautoscalers }}
|
||||
- apiGroups: ["autoscaling"]
|
||||
resources:
|
||||
- horizontalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.ingresses }}
|
||||
- apiGroups: ["extensions", "networking.k8s.io"]
|
||||
resources:
|
||||
- ingresses
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.jobs }}
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- jobs
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.limitranges }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- limitranges
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.mutatingwebhookconfigurations }}
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- mutatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.namespaces }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- namespaces
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.networkpolicies }}
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.nodes }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- nodes
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.persistentvolumeclaims }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.persistentvolumes }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumes
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.poddisruptionbudgets }}
|
||||
- apiGroups: ["policy"]
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.pods }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- pods
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.replicasets }}
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- replicasets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.replicationcontrollers }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- replicationcontrollers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.resourcequotas }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- resourcequotas
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.secrets }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- secrets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.services }}
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- services
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.statefulsets }}
|
||||
- apiGroups: ["apps"]
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.storageclasses }}
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.validatingwebhookconfigurations }}
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.volumeattachments }}
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- volumeattachments
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{ if $.Values.collectors.verticalpodautoscalers }}
|
||||
- apiGroups: ["autoscaling.k8s.io"]
|
||||
resources:
|
||||
- verticalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
{{ end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
|
||||
{{- range (split "," $.Values.namespace) }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }}
|
||||
helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ $.Release.Service }}
|
||||
app.kubernetes.io/instance: {{ $.Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
namespace: {{ . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
{{- if (not $.Values.rbac.useExistingRole) }}
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
{{- else }}
|
||||
name: {{ $.Values.rbac.useExistingRole }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" $ }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if .Values.prometheusScrape }}
|
||||
prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
|
||||
{{- end }}
|
||||
{{- if .Values.service.annotations }}
|
||||
{{- toYaml .Values.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: "{{ .Values.service.type }}"
|
||||
ports:
|
||||
- name: "http"
|
||||
protocol: TCP
|
||||
port: {{ .Values.service.port }}
|
||||
{{- if .Values.service.nodePort }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
targetPort: 8080
|
||||
{{ if .Values.selfMonitor.enabled }}
|
||||
- name: "metrics"
|
||||
protocol: TCP
|
||||
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||
targetPort: 8081
|
||||
{{ end }}
|
||||
{{- if .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
|
||||
{{- end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- if .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
|
||||
{{- end -}}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
{{- if .Values.prometheus.monitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
app.kubernetes.io/instance: "{{ .Release.Name }}"
|
||||
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
|
||||
{{- if .Values.prometheus.monitor.additionalLabels }}
|
||||
{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{ if .Values.selfMonitor.enabled }}
|
||||
- port: metrics
|
||||
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- apps
|
||||
resourceNames:
|
||||
- {{ template "kube-state-metrics.fullname" . }}
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
{{- end }}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-state-metrics.fullname" . }}
|
||||
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||
{{- end }}
|
||||
|
|
@ -1,184 +0,0 @@
|
|||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
|
||||
# Default values for kube-state-metrics.
|
||||
prometheusScrape: true
|
||||
image:
|
||||
repository: rancher/mirrored-kube-state-metrics-kube-state-metrics
|
||||
tag: v1.9.8
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
|
||||
# will be automatically sharded across <.Values.replicas> pods using the built-in
|
||||
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
|
||||
# This is an experimental feature and there are no stability guarantees.
|
||||
autosharding:
|
||||
enabled: false
|
||||
|
||||
replicas: 1
|
||||
|
||||
# List of additional cli arguments to configure kube-state-metrics
|
||||
# for example: --enable-gzip-encoding, --log-file, etc.
|
||||
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
|
||||
extraArgs: []
|
||||
|
||||
service:
|
||||
port: 8080
|
||||
# Default to clusterIP for backward compatibility
|
||||
type: ClusterIP
|
||||
nodePort: 0
|
||||
loadBalancerIP: ""
|
||||
annotations: {}
|
||||
|
||||
customLabels: {}
|
||||
|
||||
hostNetwork: false
|
||||
|
||||
rbac:
|
||||
# If true, create & use RBAC resources
|
||||
create: true
|
||||
|
||||
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
|
||||
# useExistingRole: your-existing-role
|
||||
|
||||
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
|
||||
useClusterRole: true
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created, require rbac true
|
||||
create: true
|
||||
# The name of the ServiceAccount to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
# Reference to one or more secrets to be used when pulling images
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
imagePullSecrets: []
|
||||
# ServiceAccount annotations.
|
||||
# Use case: AWS EKS IAM roles for service accounts
|
||||
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
|
||||
annotations: {}
|
||||
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
honorLabels: false
|
||||
|
||||
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||
##
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
## Specify pod annotations
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
||||
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
||||
##
|
||||
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
||||
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||
|
||||
additionalVolumes: []
|
||||
|
||||
securityContext:
|
||||
enabled: true
|
||||
runAsNonRoot: true
|
||||
runAsGroup: 65534
|
||||
runAsUser: 65534
|
||||
fsGroup: 65534
|
||||
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
nodeSelector: {}
|
||||
|
||||
## Affinity settings for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||
affinity: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations: []
|
||||
|
||||
# Annotations to be added to the pod
|
||||
podAnnotations: {}
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName: ""
|
||||
|
||||
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget: {}
|
||||
|
||||
# Available collectors for kube-state-metrics. By default all available
|
||||
# collectors are enabled.
|
||||
collectors:
|
||||
certificatesigningrequests: true
|
||||
configmaps: true
|
||||
cronjobs: true
|
||||
daemonsets: true
|
||||
deployments: true
|
||||
endpoints: true
|
||||
horizontalpodautoscalers: true
|
||||
ingresses: true
|
||||
jobs: true
|
||||
limitranges: true
|
||||
mutatingwebhookconfigurations: true
|
||||
namespaces: true
|
||||
networkpolicies: true
|
||||
nodes: true
|
||||
persistentvolumeclaims: true
|
||||
persistentvolumes: true
|
||||
poddisruptionbudgets: true
|
||||
pods: true
|
||||
replicasets: true
|
||||
replicationcontrollers: true
|
||||
resourcequotas: true
|
||||
secrets: true
|
||||
services: true
|
||||
statefulsets: true
|
||||
storageclasses: true
|
||||
validatingwebhookconfigurations: true
|
||||
verticalpodautoscalers: false
|
||||
volumeattachments: true
|
||||
|
||||
# Enabling kubeconfig will pass the --kubeconfig argument to the container
|
||||
kubeconfig:
|
||||
enabled: false
|
||||
# base64 encoded kube-config file
|
||||
secret:
|
||||
|
||||
# Namespace to be enabled for collecting resources. By default all namespaces are collected.
|
||||
# namespace: ""
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 64Mi
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
|
||||
## For example: kubeTargetVersionOverride: 1.14.9
|
||||
##
|
||||
kubeTargetVersionOverride: ""
|
||||
|
||||
# Enable self metrics configuration for service and Service Monitor
|
||||
# Default values for telemetry configuration can be overriden
|
||||
selfMonitor:
|
||||
enabled: false
|
||||
# telemetryHost: 0.0.0.0
|
||||
# telemetryPort: 8081
|
||||
|
|
@ -5,7 +5,7 @@ annotations:
|
|||
catalog.rancher.io/namespace: cattle-monitoring-system
|
||||
catalog.rancher.io/release-name: rancher-grafana
|
||||
apiVersion: v2
|
||||
appVersion: 7.4.5
|
||||
appVersion: 7.5.8
|
||||
description: The leading tool for querying and visualizing time series and metrics.
|
||||
home: https://grafana.net
|
||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||
|
|
@ -25,4 +25,4 @@ name: grafana
|
|||
sources:
|
||||
- https://github.com/grafana/grafana
|
||||
type: application
|
||||
version: 6.6.4
|
||||
version: 6.11.0
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Image pull secrets | `{}` |
|
||||
| `service.enabled` | Enable grafana service | `true` |
|
||||
| `service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `service.port` | Kubernetes port where service is exposed | `80` |
|
||||
| `service.portName` | Name of the port on the service | `service` |
|
||||
|
|
@ -82,7 +83,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `ingress.path` | Ingress accepted path | `/` |
|
||||
| `ingress.pathType` | Ingress type of path | `Prefix` |
|
||||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
|
|
@ -157,13 +158,16 @@ This version requires Helm >= 3.1.0.
|
|||
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
|
||||
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
||||
| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
||||
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
|
||||
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
|
||||
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
|
||||
| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
|
||||
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
|
||||
| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
|
||||
| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
|
||||
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
|
||||
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
|
||||
|
|
@ -215,6 +219,7 @@ This version requires Helm >= 3.1.0.
|
|||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
||||
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
|
||||
| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
|
||||
| `imageRenderer.service.portName` | image-renderer service port name | `'http'` |
|
||||
| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` |
|
||||
| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
|
||||
|
|
@ -242,6 +247,9 @@ ingress:
|
|||
|
||||
### Example of extraVolumeMounts
|
||||
|
||||
Volume can be type persistentVolumeClaim or hostPath but not both at same time.
|
||||
If none existingClaim or hostPath argument is givent then type is emptyDir.
|
||||
|
||||
```yaml
|
||||
- extraVolumeMounts:
|
||||
- name: plugins
|
||||
|
|
@ -249,6 +257,10 @@ ingress:
|
|||
subPath: configs/grafana/plugins
|
||||
existingClaim: existing-grafana-claim
|
||||
readOnly: false
|
||||
- name: dashboards
|
||||
mountPath: /var/lib/grafana/dashboards
|
||||
hostPath: /usr/shared/grafana/dashboards
|
||||
readOnly: false
|
||||
```
|
||||
|
||||
## Import dashboards
|
||||
|
|
|
|||
|
|
@ -143,3 +143,16 @@ Return the appropriate apiVersion for rbac.
|
|||
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Looks if there's an existing secret and reuse its password. If not it generates
|
||||
new password and use it.
|
||||
*/}}
|
||||
{{- define "grafana.password" -}}
|
||||
{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
|
||||
{{- if $secret -}}
|
||||
{{- index $secret "data" "admin-password" -}}
|
||||
{{- else -}}
|
||||
{{- (randAlphaNum 40) | b64enc | quote -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ initContainers:
|
|||
- name: FOLDER
|
||||
value: "/etc/grafana/provisioning/datasources"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
value: {{ quote .Values.sidecar.datasources.resource }}
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
|
|
@ -135,7 +135,7 @@ initContainers:
|
|||
- name: FOLDER
|
||||
value: "/etc/grafana/provisioning/notifiers"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
value: {{ quote .Values.sidecar.notifiers.resource }}
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
|
|
@ -184,7 +184,7 @@ containers:
|
|||
- name: FOLDER
|
||||
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
|
||||
- name: RESOURCE
|
||||
value: "both"
|
||||
value: {{ quote .Values.sidecar.dashboards.resource }}
|
||||
{{- if .Values.sidecar.enableUniqueFilenames }}
|
||||
- name: UNIQUE_FILENAMES
|
||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||
|
|
@ -317,14 +317,14 @@ containers:
|
|||
containerPort: 3000
|
||||
protocol: TCP
|
||||
env:
|
||||
{{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
- name: GF_SECURITY_ADMIN_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
|
||||
key: {{ .Values.admin.userKey | default "admin-user" }}
|
||||
{{- end }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }}
|
||||
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
- name: GF_SECURITY_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
@ -356,6 +356,14 @@ containers:
|
|||
- name: GF_RENDERING_CALLBACK_URL
|
||||
value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
|
||||
{{ end }}
|
||||
- name: GF_PATHS_DATA
|
||||
value: {{ (get .Values "grafana.ini").paths.data }}
|
||||
- name: GF_PATHS_LOGS
|
||||
value: {{ (get .Values "grafana.ini").paths.logs }}
|
||||
- name: GF_PATHS_PLUGINS
|
||||
value: {{ (get .Values "grafana.ini").paths.plugins }}
|
||||
- name: GF_PATHS_PROVISIONING
|
||||
value: {{ (get .Values "grafana.ini").paths.provisioning }}
|
||||
{{- range $key, $value := .Values.envValueFrom }}
|
||||
- name: {{ $key | quote }}
|
||||
valueFrom:
|
||||
|
|
@ -483,8 +491,15 @@ volumes:
|
|||
{{- end }}
|
||||
{{- range .Values.extraVolumeMounts }}
|
||||
- name: {{ .name }}
|
||||
{{- if .existingClaim }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .existingClaim }}
|
||||
{{- else if .hostPath }}
|
||||
hostPath:
|
||||
path: {{ .hostPath }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraEmptyDirMounts }}
|
||||
- name: {{ .name }}
|
||||
|
|
|
|||
|
|
@ -19,8 +19,10 @@ data:
|
|||
{{- range $elem, $elemVal := $value }}
|
||||
{{- if kindIs "invalid" $elemVal }}
|
||||
{{ $elem }} =
|
||||
{{- else if kindIs "string" $elemVal }}
|
||||
{{ $elem }} = {{ tpl $elemVal $ }}
|
||||
{{- else }}
|
||||
{{ $elem }} = {{ tpl (toYaml $elemVal) $ }}
|
||||
{{ $elem }} = {{ $elemVal }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,9 @@ metadata:
|
|||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
|
|
@ -34,7 +36,7 @@ spec:
|
|||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.envRenderSecret }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,20 @@
|
|||
{{- if .Values.autoscaling.enabled }}
|
||||
apiVersion: autoscaling/v2beta1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "grafana.name" . }}
|
||||
helm.sh/chart: {{ template "grafana.chart" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ template "grafana.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
|
||||
{{- end }}
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
{{ if .Values.imageRenderer.enabled }}
|
||||
{{ if .Values.imageRenderer.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
@ -26,3 +27,4 @@ spec:
|
|||
selector:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
|
|||
|
|
@ -13,19 +13,8 @@ spec:
|
|||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
# Default set from Docker, without DAC_OVERRIDE or CHOWN
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SETPCAP
|
||||
- NET_BIND_SERVICE
|
||||
- NET_RAW
|
||||
- SYS_CHROOT
|
||||
- MKNOD
|
||||
- AUDIT_WRITE
|
||||
- SETFCAP
|
||||
# Default set from Docker, with DAC_OVERRIDE and CHOWN
|
||||
- ALL
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
|
|
@ -38,12 +27,20 @@ spec:
|
|||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAsNonRoot'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'RunAsAny'
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
@ -6,6 +6,10 @@ metadata:
|
|||
namespace: {{ template "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
|
||||
|
|
@ -13,7 +17,7 @@ data:
|
|||
{{- if .Values.adminPassword }}
|
||||
admin-password: {{ .Values.adminPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
admin-password: {{ randAlphaNum 40 | b64enc | quote }}
|
||||
admin-password: {{ template "grafana.password" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not .Values.ldap.existingSecret }}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
{{ if .Values.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
|
@ -47,4 +48,4 @@ spec:
|
|||
{{- end }}
|
||||
selector:
|
||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
||||
|
||||
{{ end }}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ spec:
|
|||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
|
|
|
|||
|
|
@ -38,6 +38,22 @@ serviceAccount:
|
|||
|
||||
replicas: 1
|
||||
|
||||
## Create HorizontalPodAutoscaler object for deployment type
|
||||
#
|
||||
autoscaling:
|
||||
enabled: false
|
||||
# minReplicas: 1
|
||||
# maxReplicas: 10
|
||||
# metrics:
|
||||
# - type: Resource
|
||||
# resource:
|
||||
# name: cpu
|
||||
# targetAverageUtilization: 60
|
||||
# - type: Resource
|
||||
# resource:
|
||||
# name: memory
|
||||
# targetAverageUtilization: 60
|
||||
|
||||
## See `kubectl explain poddisruptionbudget.spec` for more
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||
podDisruptionBudget: {}
|
||||
|
|
@ -69,7 +85,7 @@ livenessProbe:
|
|||
|
||||
image:
|
||||
repository: rancher/mirrored-grafana-grafana
|
||||
tag: 7.4.5
|
||||
tag: 7.5.8
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
|
|
@ -119,7 +135,7 @@ extraLabels: {}
|
|||
|
||||
downloadDashboardsImage:
|
||||
repository: rancher/mirrored-curlimages-curl
|
||||
tag: 7.73.0
|
||||
tag: 7.77.0
|
||||
sha: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
|
|
@ -144,6 +160,7 @@ podPortName: grafana
|
|||
## ref: http://kubernetes.io/docs/user-guide/services/
|
||||
##
|
||||
service:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
targetPort: 3000
|
||||
|
|
@ -420,10 +437,14 @@ extraSecretMounts: []
|
|||
## Additional grafana server volume mounts
|
||||
# Defines additional volume mounts.
|
||||
extraVolumeMounts: []
|
||||
# - name: extra-volume
|
||||
# mountPath: /mnt/volume
|
||||
# - name: extra-volume-0
|
||||
# mountPath: /mnt/volume0
|
||||
# readOnly: true
|
||||
# existingClaim: volume-claim
|
||||
# - name: extra-volume-1
|
||||
# mountPath: /mnt/volume1
|
||||
# readOnly: true
|
||||
# hostPath: /usr/shared/
|
||||
|
||||
## Pass the plugins you want installed as a list.
|
||||
##
|
||||
|
|
@ -530,7 +551,7 @@ dashboardsConfigMaps: {}
|
|||
##
|
||||
grafana.ini:
|
||||
paths:
|
||||
data: /var/lib/grafana/data
|
||||
data: /var/lib/grafana/
|
||||
logs: /var/log/grafana
|
||||
plugins: /var/lib/grafana/plugins
|
||||
provisioning: /etc/grafana/provisioning
|
||||
|
|
@ -601,7 +622,7 @@ smtp:
|
|||
sidecar:
|
||||
image:
|
||||
repository: rancher/mirrored-kiwigrid-k8s-sidecar
|
||||
tag: 1.10.7
|
||||
tag: 1.12.2
|
||||
sha: ""
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
|
|
@ -629,6 +650,8 @@ sidecar:
|
|||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
# search in configmap, secret or both
|
||||
resource: both
|
||||
# If specified, the sidecar will look for annotation with this name to create folder and put graph here.
|
||||
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
|
||||
folderAnnotation: null
|
||||
|
|
@ -658,10 +681,8 @@ sidecar:
|
|||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
|
||||
## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
|
||||
## This can be useful for database passwords, etc. Value is templated.
|
||||
envFromSecret: ""
|
||||
# search in configmap, secret or both
|
||||
resource: both
|
||||
notifiers:
|
||||
enabled: false
|
||||
# label that the configmaps with notifiers are marked with
|
||||
|
|
@ -670,6 +691,8 @@ sidecar:
|
|||
# Otherwise the namespace in which the sidecar is running will be used.
|
||||
# It's also possible to specify ALL to search in all namespaces
|
||||
searchNamespace: null
|
||||
# search in configmap, secret or both
|
||||
resource: both
|
||||
|
||||
## Override the deployment namespace
|
||||
##
|
||||
|
|
@ -688,7 +711,7 @@ imageRenderer:
|
|||
# image-renderer Image repository
|
||||
repository: rancher/mirrored-grafana-grafana-image-renderer
|
||||
# image-renderer Image tag
|
||||
tag: 2.0.1
|
||||
tag: 3.0.1
|
||||
# image-renderer Image sha (optional)
|
||||
sha: ""
|
||||
# image-renderer ImagePullPolicy
|
||||
|
|
@ -707,6 +730,8 @@ imageRenderer:
|
|||
# image-renderer deployment priority class
|
||||
priorityClassName: ''
|
||||
service:
|
||||
# Enable the image-renderer service
|
||||
enabled: true
|
||||
# image-renderer service port name
|
||||
portName: 'http'
|
||||
# image-renderer service port used by both service and deployment
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
annotations:
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.rancher.io/certified: rancher
|
||||
catalog.rancher.io/namespace: cattle-monitoring-system
|
||||
catalog.rancher.io/release-name: rancher-node-exporter
|
||||
apiVersion: v1
|
||||
appVersion: 1.1.2
|
||||
description: A Helm chart for prometheus node-exporter
|
||||
home: https://github.com/prometheus/node_exporter/
|
||||
keywords:
|
||||
- node-exporter
|
||||
- prometheus
|
||||
- exporter
|
||||
maintainers:
|
||||
- email: gianrubio@gmail.com
|
||||
name: gianrubio
|
||||
- name: vsliouniaev
|
||||
- name: bismarck
|
||||
name: rancher-node-exporter
|
||||
sources:
|
||||
- https://github.com/prometheus/node_exporter/
|
||||
version: 100.0.0+up1.16.2
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
approvers:
|
||||
- gianrubio
|
||||
- vsliouniaev
|
||||
reviewers:
|
||||
- gianrubio
|
||||
- vsliouniaev
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
# Prometheus Node Exporter
|
||||
|
||||
Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors.
|
||||
|
||||
This chart bootstraps a prometheus [Node Exporter](http://github.com/prometheus/node_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter
|
||||
|
||||
# Helm 2
|
||||
$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-node-exporter
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm uninstall [RELEASE_NAME]
|
||||
|
||||
# Helm 2
|
||||
# helm delete --purge [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
# Helm 3 or 2
|
||||
$ helm upgrade [RELEASE_NAME] [CHART] --install
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
## Configuring
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
|
||||
|
||||
```console
|
||||
# Helm 2
|
||||
$ helm inspect values prometheus-community/prometheus-node-exporter
|
||||
|
||||
# Helm 3
|
||||
$ helm show values prometheus-community/prometheus-node-exporter
|
||||
```
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
service:
|
||||
targetPort: 9102
|
||||
port: 9102
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
1. Get the application URL by running these commands:
|
||||
{{- if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:9100 to use your application"
|
||||
kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100
|
||||
{{- end }}
|
||||
|
|
@ -1,95 +0,0 @@
|
|||
# Rancher
|
||||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
# Windows Support
|
||||
|
||||
{{/*
|
||||
Windows cluster will add default taint for linux nodes,
|
||||
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||
*/}}
|
||||
|
||||
{{- define "linux-node-tolerations" -}}
|
||||
- key: "cattle.io/os"
|
||||
value: "linux"
|
||||
effect: "NoSchedule"
|
||||
operator: "Equal"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "linux-node-selector" -}}
|
||||
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
beta.kubernetes.io/os: linux
|
||||
{{- else -}}
|
||||
kubernetes.io/os: linux
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Generate basic labels */}}
|
||||
{{- define "prometheus-node-exporter.labels" }}
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
heritage: {{.Release.Service }}
|
||||
release: {{.Release.Name }}
|
||||
chart: {{ template "prometheus-node-exporter.chart" . }}
|
||||
{{- if .Values.podLabels}}
|
||||
{{ toYaml .Values.podLabels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "prometheus-node-exporter.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -1,183 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- if .Values.updateStrategy }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: node-exporter
|
||||
image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
- --path.procfs=/host/proc
|
||||
- --path.sysfs=/host/sys
|
||||
{{- if .Values.hostRootFsMount }}
|
||||
- --path.rootfs=/host/root
|
||||
{{- end }}
|
||||
- --web.listen-address=$(HOST_IP):{{ .Values.service.port }}
|
||||
{{- if .Values.extraArgs }}
|
||||
{{ toYaml .Values.extraArgs | indent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.containerSecurityContext }}
|
||||
securityContext: {{ toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: HOST_IP
|
||||
{{- if .Values.service.listenOnAllInterfaces }}
|
||||
value: 0.0.0.0
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.hostIP
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.port }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.port }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
volumeMounts:
|
||||
- name: proc
|
||||
mountPath: /host/proc
|
||||
readOnly: true
|
||||
- name: sys
|
||||
mountPath: /host/sys
|
||||
readOnly: true
|
||||
{{- if .Values.hostRootFsMount }}
|
||||
- name: root
|
||||
mountPath: /host/root
|
||||
mountPropagation: HostToContainer
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.extraHostVolumeMounts }}
|
||||
{{- range $_, $mount := .Values.extraHostVolumeMounts }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
readOnly: {{ $mount.readOnly }}
|
||||
{{- if $mount.mountPropagation }}
|
||||
mountPropagation: {{ $mount.mountPropagation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecarVolumeMount }}
|
||||
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmaps }}
|
||||
{{- range $_, $mount := .Values.configmaps }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
{{- end }}
|
||||
{{- if .Values.secrets }}
|
||||
{{- range $_, $mount := .Values.secrets }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars }}
|
||||
{{ toYaml .Values.sidecars | indent 8 }}
|
||||
{{- if .Values.sidecarVolumeMount }}
|
||||
volumeMounts:
|
||||
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||||
- name: {{ $mount.name }}
|
||||
mountPath: {{ $mount.mountPath }}
|
||||
readOnly: {{ $mount.readOnly }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.hostNetwork }}
|
||||
hostPID: true
|
||||
{{- if .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||
{{- with .Values.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
{{- toYaml .Values.Selector | nindent 8 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.tolerations }}
|
||||
{{- toYaml .Values.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- if .Values.hostRootFsMount }}
|
||||
- name: root
|
||||
hostPath:
|
||||
path: /
|
||||
{{- end }}
|
||||
{{- if .Values.extraHostVolumeMounts }}
|
||||
{{- range $_, $mount := .Values.extraHostVolumeMounts }}
|
||||
- name: {{ $mount.name }}
|
||||
hostPath:
|
||||
path: {{ $mount.hostPath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecarVolumeMount }}
|
||||
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||||
- name: {{ $mount.name }}
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.configmaps }}
|
||||
{{- range $_, $mount := .Values.configmaps }}
|
||||
- name: {{ $mount.name }}
|
||||
configMap:
|
||||
name: {{ $mount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.secrets }}
|
||||
{{- range $_, $mount := .Values.secrets }}
|
||||
- name: {{ $mount.name }}
|
||||
secret:
|
||||
secretName: {{ $mount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
{{- if .Values.endpoints }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels:
|
||||
{{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 9100
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
{{- if .Values.prometheus.monitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
{{- if .Values.prometheus.monitor.additionalLabels }}
|
||||
{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
scheme: {{ $.Values.prometheus.monitor.scheme }}
|
||||
{{- if $.Values.prometheus.monitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ $.Values.prometheus.monitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if $.Values.prometheus.monitor.tlsConfig }}
|
||||
tlsConfig: {{ toYaml $.Values.prometheus.monitor.tlsConfig | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.monitor.relabelings }}
|
||||
relabelings:
|
||||
{{ toYaml .Values.prometheus.monitor.relabelings | indent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
{{- if .Values.rbac.create }}
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: psp-{{ template "prometheus-node-exporter.fullname" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
rules:
|
||||
- apiGroups: ['extensions']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ template "prometheus-node-exporter.fullname" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
{{- if .Values.rbac.create }}
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: psp-{{ template "prometheus-node-exporter.fullname" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: psp-{{ template "prometheus-node-exporter.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
{{- if .Values.rbac.create }}
|
||||
{{- if .Values.rbac.pspEnabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
spec:
|
||||
privileged: false
|
||||
# Required to prevent escalations to root.
|
||||
# allowPrivilegeEscalation: false
|
||||
# This is redundant with non-root + disallow privilege escalation,
|
||||
# but we can provide it for defense in depth.
|
||||
#requiredDropCapabilities:
|
||||
# - ALL
|
||||
# Allow core volume types.
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'persistentVolumeClaim'
|
||||
- 'hostPath'
|
||||
hostNetwork: true
|
||||
hostIPC: false
|
||||
hostPID: true
|
||||
hostPorts:
|
||||
- min: 0
|
||||
max: 65535
|
||||
runAsUser:
|
||||
# Permits the container to run with root privileges as well.
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
# This policy assumes the nodes are using AppArmor rather than SELinux.
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 0
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 0
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.fullname" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
{{- if .Values.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
{{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
selector:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "prometheus-node-exporter.serviceAccountName" . }}
|
||||
namespace: {{ template "prometheus-node-exporter.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "prometheus-node-exporter.name" . }}
|
||||
chart: {{ template "prometheus-node-exporter.chart" . }}
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -1,177 +0,0 @@
|
|||
# Default values for prometheus-node-exporter.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
|
||||
image:
|
||||
repository: rancher/mirrored-prometheus-node-exporter
|
||||
tag: v1.1.2
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 9100
|
||||
targetPort: 9100
|
||||
nodePort:
|
||||
listenOnAllInterfaces: true
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
scheme: http
|
||||
bearerTokenFile:
|
||||
tlsConfig: {}
|
||||
|
||||
relabelings: []
|
||||
scrapeTimeout: 10s
|
||||
|
||||
## Customize the updateStrategy if set
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 200m
|
||||
# memory: 50Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 30Mi
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created
|
||||
create: true
|
||||
# The name of the ServiceAccount to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
annotations: {}
|
||||
imagePullSecrets: []
|
||||
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65534
|
||||
|
||||
containerSecurityContext: {}
|
||||
# capabilities:
|
||||
# add:
|
||||
# - SYS_TIME
|
||||
|
||||
rbac:
|
||||
## If true, create & use RBAC resources
|
||||
##
|
||||
create: true
|
||||
## If true, create & use Pod Security Policy resources
|
||||
## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||
pspEnabled: true
|
||||
|
||||
# for deployments that have node_exporter deployed outside of the cluster, list
|
||||
# their addresses here
|
||||
endpoints: []
|
||||
|
||||
# Expose the service to the host network
|
||||
hostNetwork: true
|
||||
|
||||
## If true, node-exporter pods mounts host / at /host/root
|
||||
##
|
||||
hostRootFsMount: true
|
||||
|
||||
## Assign a group of affinity scheduling rules
|
||||
##
|
||||
affinity: {}
|
||||
# nodeAffinity:
|
||||
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||
# nodeSelectorTerms:
|
||||
# - matchFields:
|
||||
# - key: metadata.name
|
||||
# operator: In
|
||||
# values:
|
||||
# - target-host-name
|
||||
|
||||
# Annotations to be added to node exporter pods
|
||||
podAnnotations:
|
||||
# Fix for very slow GKE cluster upgrades
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
|
||||
|
||||
# Extra labels to be added to node exporter pods
|
||||
podLabels: {}
|
||||
|
||||
# Custom DNS configuration to be added to prometheus-node-exporter pods
|
||||
dnsConfig: {}
|
||||
# nameservers:
|
||||
# - 1.2.3.4
|
||||
# searches:
|
||||
# - ns1.svc.cluster-domain.example
|
||||
# - my.dns.search.suffix
|
||||
# options:
|
||||
# - name: ndots
|
||||
# value: "2"
|
||||
# - name: edns0
|
||||
|
||||
## Assign a nodeSelector if operating a hybrid cluster
|
||||
##
|
||||
nodeSelector: {}
|
||||
# beta.kubernetes.io/arch: amd64
|
||||
# beta.kubernetes.io/os: linux
|
||||
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
- effect: NoExecute
|
||||
operator: Exists
|
||||
|
||||
## Assign a PriorityClassName to pods if set
|
||||
# priorityClassName: ""
|
||||
|
||||
## Additional container arguments
|
||||
##
|
||||
extraArgs: []
|
||||
# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$
|
||||
# - --collector.textfile.directory=/run/prometheus
|
||||
|
||||
## Additional mounts from the host
|
||||
##
|
||||
extraHostVolumeMounts: []
|
||||
# - name: <mountName>
|
||||
# hostPath: <hostPath>
|
||||
# mountPath: <mountPath>
|
||||
# readOnly: true|false
|
||||
# mountPropagation: None|HostToContainer|Bidirectional
|
||||
|
||||
## Additional configmaps to be mounted.
|
||||
##
|
||||
configmaps: []
|
||||
# - name: <configMapName>
|
||||
# mountPath: <mountPath>
|
||||
secrets: []
|
||||
# - name: <secretName>
|
||||
# mountPath: <mountPatch>
|
||||
## Override the deployment namespace
|
||||
##
|
||||
namespaceOverride: ""
|
||||
|
||||
## Additional containers for export metrics to text file
|
||||
##
|
||||
sidecars: []
|
||||
## - name: nvidia-dcgm-exporter
|
||||
## image: nvidia/dcgm-exporter:1.4.3
|
||||
|
||||
## Volume for sidecar containers
|
||||
##
|
||||
sidecarVolumeMount: []
|
||||
## - name: collector-textfiles
|
||||
## mountPath: /run/prometheus
|
||||
## readOnly: false
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
annotations:
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.rancher.io/certified: rancher
|
||||
catalog.rancher.io/namespace: cattle-monitoring-system
|
||||
catalog.rancher.io/release-name: rancher-prometheus-adapter
|
||||
apiVersion: v1
|
||||
appVersion: v0.8.3
|
||||
description: A Helm chart for k8s prometheus adapter
|
||||
home: https://github.com/DirectXMan12/k8s-prometheus-adapter
|
||||
keywords:
|
||||
- hpa
|
||||
- metrics
|
||||
- prometheus
|
||||
- adapter
|
||||
maintainers:
|
||||
- email: mattias.gees@jetstack.io
|
||||
name: mattiasgees
|
||||
- name: steven-sheehy
|
||||
- email: hfernandez@mesosphere.com
|
||||
name: hectorj2f
|
||||
name: rancher-prometheus-adapter
|
||||
sources:
|
||||
- https://github.com/kubernetes/charts
|
||||
- https://github.com/DirectXMan12/k8s-prometheus-adapter
|
||||
version: 100.0.0+up2.12.1
|
||||
|
|
@ -1,147 +0,0 @@
|
|||
# Prometheus Adapter
|
||||
|
||||
Installs the [Prometheus Adapter](https://github.com/DirectXMan12/k8s-prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Kubernetes 1.14+
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm install [RELEASE_NAME] prometheus-community/prometheus-adapter
|
||||
|
||||
# Helm 2
|
||||
$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-adapter
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
# Helm 3
|
||||
$ helm uninstall [RELEASE_NAME]
|
||||
|
||||
# Helm 2
|
||||
# helm delete --purge [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
# Helm 3 or 2
|
||||
$ helm upgrade [RELEASE_NAME] [CHART] --install
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
|
||||
|
||||
```console
|
||||
# Helm 2
|
||||
$ helm inspect values prometheus-community/prometheus-adapter
|
||||
|
||||
# Helm 3
|
||||
$ helm show values prometheus-community/prometheus-adapter
|
||||
```
|
||||
|
||||
### Prometheus Service Endpoint
|
||||
|
||||
To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`.
|
||||
|
||||
### Adapter Rules
|
||||
|
||||
Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/docs/config.md) for the proper format).
|
||||
|
||||
### Horizontal Pod Autoscaler Metrics
|
||||
|
||||
Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics).
|
||||
|
||||
The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis):
|
||||
|
||||
### Custom Metrics
|
||||
|
||||
Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`:
|
||||
|
||||
```yaml
|
||||
rules:
|
||||
custom:
|
||||
- seriesQuery: '{__name__=~"^some_metric_count$"}'
|
||||
resources:
|
||||
template: <<.Resource>>
|
||||
name:
|
||||
matches: ""
|
||||
as: "my_custom_metric"
|
||||
metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)
|
||||
```
|
||||
|
||||
### External Metrics
|
||||
|
||||
Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`:
|
||||
|
||||
```yaml
|
||||
rules:
|
||||
external:
|
||||
- seriesQuery: '{__name__=~"^some_metric_count$"}'
|
||||
resources:
|
||||
template: <<.Resource>>
|
||||
name:
|
||||
matches: ""
|
||||
as: "my_external_metric"
|
||||
metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)
|
||||
```
|
||||
|
||||
### Resource Metrics
|
||||
|
||||
Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`:
|
||||
|
||||
```yaml
|
||||
rules:
|
||||
resource:
|
||||
cpu:
|
||||
containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[3m])) by (<<.GroupBy>>)
|
||||
nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>)
|
||||
resources:
|
||||
overrides:
|
||||
instance:
|
||||
resource: node
|
||||
namespace:
|
||||
resource: namespace
|
||||
pod:
|
||||
resource: pod
|
||||
containerLabel: container
|
||||
memory:
|
||||
containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>)
|
||||
nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>)
|
||||
resources:
|
||||
overrides:
|
||||
instance:
|
||||
resource: node
|
||||
namespace:
|
||||
resource: namespace
|
||||
pod:
|
||||
resource: pod
|
||||
containerLabel: container
|
||||
window: 3m
|
||||
```
|
||||
|
||||
**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster.
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
rules:
|
||||
external:
|
||||
- seriesQuery: '{__name__=~"^some_metric_count$"}'
|
||||
resources:
|
||||
template: <<.Resource>>
|
||||
name:
|
||||
matches: ""
|
||||
as: "my_custom_metric"
|
||||
metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue